Research On Key Technologies Of Active Defense Base On Openflow

Following the rapid development of Internet technology represented by the cloud computing technology,network security environment has been experiencing great shift over the last decade.In traditional attacker-defender game,defender is always taken a passive position.Active defense technique is a kind of defense techniques which are able to take an active position in attacker-defender game.Honeynet technique and moving target defense technique are key techniques in active defense fields.Honeynet becomes one of the most popular active defense techniques through forming network trap systems and actively capturing attackers.Moving target defense technique achieves active defense function by changing defense target's location continuously.However,traditional active defense techniques are based on traditional network devices which cannot meet the demands of today's network environment.Traditional active defense techniques occur bottlenecks in traffic controlling.It is hard to change the operation mode and the network protocol in traditional device.As a result,researchers have to make extra efforts to bypass the limitations,such as ARP spoofing and forged routes.The development and hardware cost can be controlled in a low level in simple network environment.But,taking today's network environment into account,defense solutions based on traditional network devices cannot meet the requirements no matter in development cost or hardware cost.Software Defined Network is a new kind of network architecture,which makes network programmable to achieve flexible management and control towards network.The character of SDN meets the network development direction.Our researchs based on the SDN are aiming at breaking through the limitation in network security from traditional network equipments and communication protocols to achieve network traffic marking,isolation and fine-grained network control.Therefore,on the basis of Software Defined Network architecture with Openflow,this paper proposes a dynamic honeynet system and a moving target defense system in network layer,and implements a comprehensive network security defense system.Specifically,the main contributions of this paper are as follows:(1)A dynamic virtual honeynet system based on Openflow is proposed.Different from exsisting honeynet systems based on traditional network devices,this paper proposes a dynamic virtual honeynet system based on Openflow.The SDN-based honeynet system replaces the existing semi-software forwarding solution based on redirection gateway and improves the network traffic control ability.A virtual honeypot system is designed to virtualize any hosts with any services,and is able to adjust the honeypot structure dynamically.The concept of overlay virtual honeynet is promoted,which can run multiple virtual honeynets without interference on one honeynet physical entity.By deploying designed honeynet system,the low forwarding delay,the dynamics of honeynet and the effectivity of the overlay virtual honeynet are verified.(2)A worm guard model based on Openflow is proposed.Combining the dynamic virtual honeynet technique proposed in this paper and well-designed flow table for worm defense,this paper proposes a worm guard model based on Openflow and designs a prototype system called Worm-Hunter.The worm guard model includes parallel analysis function and worm cultivation scheme.Worm-Hunter takes full use of server virtualization technique to reduce the cost and builds a honeynet factory with SDN.After a worm enters the system,Worm-Hunter detects the worm through intrusion detection technology.Then,a worm catcher system automatically forms honeynet system with appropriate network topology to the worm.Therefore,the worm is directed into the honeynet system,and all the worm's behaviors are caught and logged in the worm catcher system.Researchers can also build honeynet system with self-configured network topology for observing worm's behaviors in different network environment.We set the time-consuming anomaly detection apart from detection so that the original network traffic can pass through the Analyzer with low delay.All of the honeynet systems can be built on one physical platform without interference.Finally,we deploy the prototype system and verify the system via experiments.(3)A moving target defense solution on network layer based on Openflow is proposed.Different from most network defense methods which take effect after attacks happening,this paper proposes a moving target defense solution on network layer based on Openflow,which is able to puzzle attackers before the attacks and increase the attack difficulty.On the network layer,through mapping the correspondent nodes' addresses to pseudo-random virtual addresses in the LAN and mapping correspondent nodes' ports to virtual ports,hide the existence of correspond nodes in the whole network.By doing so,attackers are prevented at the first step in the attack process,and the active defense of target node is achieved.Comparing with existing moving target defense solutions,our work is characterized by easy deployment and good compatibility,and realizes a comprehensive protection of the corresponding in the whole network.