Research On Active Defense Technology Of Virtual Honeynet On Service Oriented Architecture

In recent years,as the focus of the IT industry,service-oriented architecture(Service Oriented Architecture,SOA)has gradually become the dominant ideology of China's IT system construction.The platform-independent,standard-neutral Web services technology has developed rapidly,becoming the preferred technology for building SOA systems today.SOA makes distributed application integration faster and more flexible,but it also makes the application of security more difficult to be achieved.SOA systems will not only suffer from traditional network attacks(based on TCP / IP),but it will also be attacked by SOAP messages based on Web services,such as XML injection attacks,replay attacks and various DoS attacks.For the above attacks,the defense methods adopted are traditional firewalls and intrusion detection systems and implementations based on the WS-Security framework,including XML signature,XML encryption,authentication and authorization.These defenses are reactive responses to attacks,and new attacks on SOA systems can not be detected and prevented.Therefore this paper studies the virtual honeynet defense technology of service-oriented architecture.Based on the existing Web services security defense for SOA,combining with the active defense technology and traditional security defense technology,the third generation honeynet deployment topology is used to effectively deploy,design and implement the SOA service and application.Service-oriented virtual honeynet active defense system,focusing on the virtual honeynet based on data control,data capture and attack detection technology research.First of all,combined with IPTables firewall and Snort intrusion detection,this paper build connection number control and data flow control data control components;Secondly,it analyzes the data capture mode and network packet interception technology of honeypot and establishes kernel level data acquisition component based on virtual honeynet.On this basis,combined with K-means clustering detection algorithm,the clustering method is applied to the active defense architecture of virtual honeynet,and an intrusion detection application method based on optimized K value is constructed.Finally,through the simulation test of the experimental platform,it shows that the virtual honeynet active defense system for service-oriented architecture can effectively control,capture and attack the data of the honeynet.