| The rapid development of the Intemet,e-commerce,e-goverment and other technologies,has made our life convenient but also attracted a lot of attacks.How to effectively protect the security of large Internet sites is a hot research.The existing security defense technology is mostly passive defense with defect of hysteresis in taking measures.Honeypot,an active defense technology,introduces the decoy technology into the security field.It attacts intrusions actively,collect and analyze the attack behavior and according to the analysis results,this technoloy can protect the system in adcance,solving the problem of passive defense technology effectively.Secondly,large amount of daily access,query and transcations generates mass log information,and common data analysis technology is easy to cause the delayed protection of Website.Using big data processing technology can reduce processing delay and improve the protection efficiency.In this paper,the status of Website security defense is analyzed firstly.Secondly,aiming at the large amount of Web access data and the delay of the general data processing technology,Spark processing technology is introduced into the system,will improve the efficiency of data analysis.The realization of the system architecture is as follows.On the basis of the construction of local area network and cloud platform,four virtual machines is invented.Two of them is used as the protected system and honeypot.Another on is used as fortress machine to achieve redirection and the last is used to build the big data platform.When the user visits,the IP address(Fortress machine)is resolved according to the domain name in the DNS server and then users can get access to the fortress machine based on the analyzing results.Fortress machine captures the data with Iptables log function.Spark invokes the captured data to do real-time analysis and identify users of potential threats according to fixed rules.Then the fortress machine redirect the users based on the analysis results.When a user has a threat,it will be redirected to the honeypot,otherwise it will be linked to the protected system.And the system uses multiple security layers to to ensure that the honeypot will not be assaulted by illegal visitors to attack other systems.Finally,the system is tested from simulation degree of honeypot,the availability of the system and the performance of the data analysis module.The experiment and test show that using big data technology to analyze log files,can improve the speed of information processing and efficiency of system protection;the system can extend residence time of illegal visitors in the honeypot system with the same Website and achieves the purpose of collecting more illegal visitors' information and facilitating future analysis. |
PDF Full Text Request