Resumen
IPv6 is a next-generation IP protocol that replaces IPv4. It not only expands the number of network address resources but also solves the problem of multiple access devices connected to the Internet. While IPv6 has brought excellent convenience to the public, related security issues have gradually emerged, and an assessment of the security situation in IPv6 has also become more important. Unlike passive defense, the honeypot is a security device for active defense. The real network application and the fake network application, disguised by the honeypot, are located on a similar subnet, and provide a network application service; but, in both cases, behavior logs from unauthorized users are caught. In this manner, and to protect web-based applications from attacks, this article introduces the design and implementation of a web-based honeypot that includes a weak password module and an SQL inject module, which supports the IPv6 network to capture unauthorized access behavior. We also propose the Security Situation Index (SSI), which can measure the security situation of the network application environment. The value of SSI is established according to the different parameters that are based on honeypots. There is a firewall outside the test system environment, so the obtained data should be used as the real invasion data, and the captured behavior is not a false positive. Threats can be spotted smartly by deploying honeypots; this paper demonstrates that the honeypot is an excellent method of capturing malicious requests and can be measured with the SSI of the whole system. According to the information, the administrator can modify the current security policy, which can improve the security level of a whole IPv6 network system.