一种基于拟态防御机制的SDN虚拟蜜网
|
摘要
针对传统蜜网部署不方便,流量控制困难,蜜网动态调整较复杂的缺陷,利用SDN技术灵活的控制机制与容器高速、轻量的技术特性,设计了具有动态可调整特性的SDN虚拟蜜网,结合拟态防御机制为SDN虚拟蜜网提供动态调整的依据,并通过博弈论验证了基于拟态防御机制的SDN虚拟蜜网的有效性。利用Containernet仿真实验平台搭建出SDN虚拟蜜网,并设计实现了基于拟态防御机制的动态跳变,通过实验验证了该蜜网的可行性。
The traditional honeynet has many drawbacks such as inconvenient deployment, difficult flow control and complex dynamic adjustment. SDN technology has flexible controlling mechanism and container with high speed and lightweight. A SDN virtual honeynet is designed by using these advantages. It will provide dynamic adjustment basis to SDN virtual honeynet by using the mimic defense mechanism. The effectiveness of the SDN virtual honeynet is verified based on the game theory. At last, the SDN virtual honeynet is established using Containernet simulation platform, and the dynamic jumping change is designed and implemented based on mimic defense mechanism. The feasibility of the honeynet is verified through experiments.
The traditional honeynet has many drawbacks such as inconvenient deployment, difficult flow control and complex dynamic adjustment. SDN technology has flexible controlling mechanism and container with high speed and lightweight. A SDN virtual honeynet is designed by using these advantages. It will provide dynamic adjustment basis to SDN virtual honeynet by using the mimic defense mechanism. The effectiveness of the SDN virtual honeynet is verified based on the game theory. At last, the SDN virtual honeynet is established using Containernet simulation platform, and the dynamic jumping change is designed and implemented based on mimic defense mechanism. The feasibility of the honeynet is verified through experiments.
引文
[1] Wang X,Tang H,Paterson A H.Research on the application of firewall in network security[J].Plant Cell,2011,23(1):27-37.
[2] Leu F Y,Tsai K L,Hsiao Y T,et al.An internal intrusion detection and protection system by using data mining and forensic techniques[J].IEEE Systems Journal,2017,11(2):427-438.
[3] Zhang Y,Zhang Y,Zhang Y,et al.Game-theory-based active defense for intrusion detection in cyber-physical embedded systems[J].ACM Transactions on Embedded Computing Systems,2016,16(1):18.
[4]诸葛建伟,唐勇,韩心慧,等.蜜罐技术研究与应用进展[J].软件学报(自然科学版),2013,24(4):825-842.
[5] Sezer S,Scott-Hayward S,Chouhan P K,et al.Are we ready for SDN? Implementation challenges for softwaredefined networks[J].IEEE Communications Magazine,2013,51(7):36-43.
[6] Liu X,Hu Z Y.Design and implementation of Web cluster based on Docker container[J].Electronic Design Engineering,2016,24(8):117-119.
[7] Fan W,Fernández D,Du Z.Versatile virtual honeynet management framework[J].IET Information Security,2017,11(1):38-45.
[8] Cohen F.The deception toolkit[EB/OL].(2012)[2017-08-01].http://all.net/dtk/index.html.
[9] Liston L.Welcome to my tarpit:The tactical and strategic use of LaBrea[EB/OL].(2011)[2017-08-01].http://www.hackbusters.net/LaBrea/LaBrea.txt.
[10]诸葛建伟,韩心慧,周勇林,等.HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器[J].通信学报,2007,28(12):8-13.
[11] More A,Tapaswi S.A software router based predictive honeypot roaming scheme for network security and attack analysis[C]//Proceeedings of International Conference on Innovations in Information Technology,2013:221-226.
[12]胡毅勋,郑康锋,武斌,等.Openflow下的动态虚拟蜜网系统[J].北京邮电大学学报,2015(6):104-108.
[13]邬江兴.网络空间拟态安全防御[J].保密科学技术,2014(10):4-9.
[14]仝青,张铮,张为华,等.拟态防御Web服务器设计与实现[J].软件学报,2017,28(4):883-897.
[15]廉哲,殷肖川,谭韧,等.面向网络攻击态势的SDN虚拟蜜网[J].空军工程大学学报(自然科学版),2017(3):79-84.
[16] Subrahmanian V S,Ovelgonne M,Dumitras T,et al.The global cyber-vulnerability report[M].[S.l.]:Springer International Publishing,2015.
[17]中国国家信息安全漏洞库[EB/OL].[2017-08-01].http://www.cnnvd.org.cn.
[18] Manshaei M H,Zhu Q,Alpcan T,et al.Game theory meets network security and privacy[J].ACM Computing Surveys,2013,45(3):1-39.
[19] Peuster M,Karl H,Rossem S V.MeDICINE:Rapid prototyping of production-ready network services in multi-PoP environments[C]//Proceeedings of Network Function Virtualization and Software Defined Networks,2017.
[2] Leu F Y,Tsai K L,Hsiao Y T,et al.An internal intrusion detection and protection system by using data mining and forensic techniques[J].IEEE Systems Journal,2017,11(2):427-438.
[3] Zhang Y,Zhang Y,Zhang Y,et al.Game-theory-based active defense for intrusion detection in cyber-physical embedded systems[J].ACM Transactions on Embedded Computing Systems,2016,16(1):18.
[4]诸葛建伟,唐勇,韩心慧,等.蜜罐技术研究与应用进展[J].软件学报(自然科学版),2013,24(4):825-842.
[5] Sezer S,Scott-Hayward S,Chouhan P K,et al.Are we ready for SDN? Implementation challenges for softwaredefined networks[J].IEEE Communications Magazine,2013,51(7):36-43.
[6] Liu X,Hu Z Y.Design and implementation of Web cluster based on Docker container[J].Electronic Design Engineering,2016,24(8):117-119.
[7] Fan W,Fernández D,Du Z.Versatile virtual honeynet management framework[J].IET Information Security,2017,11(1):38-45.
[8] Cohen F.The deception toolkit[EB/OL].(2012)[2017-08-01].http://all.net/dtk/index.html.
[9] Liston L.Welcome to my tarpit:The tactical and strategic use of LaBrea[EB/OL].(2011)[2017-08-01].http://www.hackbusters.net/LaBrea/LaBrea.txt.
[10]诸葛建伟,韩心慧,周勇林,等.HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器[J].通信学报,2007,28(12):8-13.
[11] More A,Tapaswi S.A software router based predictive honeypot roaming scheme for network security and attack analysis[C]//Proceeedings of International Conference on Innovations in Information Technology,2013:221-226.
[12]胡毅勋,郑康锋,武斌,等.Openflow下的动态虚拟蜜网系统[J].北京邮电大学学报,2015(6):104-108.
[13]邬江兴.网络空间拟态安全防御[J].保密科学技术,2014(10):4-9.
[14]仝青,张铮,张为华,等.拟态防御Web服务器设计与实现[J].软件学报,2017,28(4):883-897.
[15]廉哲,殷肖川,谭韧,等.面向网络攻击态势的SDN虚拟蜜网[J].空军工程大学学报(自然科学版),2017(3):79-84.
[16] Subrahmanian V S,Ovelgonne M,Dumitras T,et al.The global cyber-vulnerability report[M].[S.l.]:Springer International Publishing,2015.
[17]中国国家信息安全漏洞库[EB/OL].[2017-08-01].http://www.cnnvd.org.cn.
[18] Manshaei M H,Zhu Q,Alpcan T,et al.Game theory meets network security and privacy[J].ACM Computing Surveys,2013,45(3):1-39.
[19] Peuster M,Karl H,Rossem S V.MeDICINE:Rapid prototyping of production-ready network services in multi-PoP environments[C]//Proceeedings of Network Function Virtualization and Software Defined Networks,2017.