Research And Implementation Of Cyber Range Based On Virtualization And Honeypot Technology

In recent years, network attack and defense on cyber range became more and more valued. A large number of network researchers need to improve penetration and protection skills through the network attack and defense combat. However, in real society, to carry out network offensive and defensive warfare is often related to legal issues. In order to facilitate the study of network attack and defense warfare, a drill cyber range platform that can imitate the real network host war environment and can quickly complete the network deployment of offensive and defensive is necessary. Therefore, constructing a cyber range for offensive and defensive drills based on virtualization technology is imperative.Meanwhile, with the rapid development of network technology, the technology and means of hacker attacks are also progress constantly,network information security incidents occur usually. In order to cope with the changing network attack, we need to change the passive defense into the active defense. So it's very important to construct a virtual network range based on honeypot, which is an active defense technology,to improve our defense ability through the attack and defense exercises.This paper surveys and analyzes the research status of domestic and foreign virtualization, honeypot technology and cyber range first.Secondly, do the research, requirement analysis and overall design,determine the main functions of the system. Finally, design and implement a cyber range platform based on KVM virtualization technology, then establish honeypots on the virtualizedcyber range and implement offensive and defensive exercises.The main work of this paper includes the following contents:(1) In this paper, the author reads a lot of literatures, studys the principle and technology, and identify the related problems and the existing gap. According to the result of research, this paper analyses the domestic and foreign research status of virtualization technology,honeypot technology and cyber range. Then, this paper introduces the basic theory and key technology, puts forward the necessity of cyber range based on virtualization and honeypot.(2) In the way of mastering KVM virtualization technology and honeypot technology, this paper uses the virtual way to deploy all kinds of security equipments and honeypot. Then this paper does the requirement research, feasibility analysis and the overall design to determine the main functions of the system.(3) This paper introduces the design of a cyber range system based on KVM virtualization technology, according to the software engineering development model. The bottom-end of the system call and allocation of range resources using KVM virtualization technology. The front-end of the system call noVNC to achieve visual control of virtual machines.Meanwhile, this paper design the network topology of built-in honeypot cyber range.(4) This paper implements all modules of the cyber range system,and tests the system through the honeypot cyber range. Finally, this paper summarizes the existing problems in the development process and proposes the future directions for improvement.