Research And Implementation Of Network Security Training Platform Based On Docker Container

At present,the situation of cybersecurity is becoming more and more serious.The training of professionals is highly valued.The training platform,as a key traning method,is becoming more and more important.The core of training platform is to provide the simulation training environment for network attack and defense training based on virtualization technology.The traditional virtualization technology can no longer meet the growing demond of network security experiments.There is a great significance to develop a new network security training platform.So this paper attempts to put forward a network security training platform based on Docker container.In this paper,we first studied the key technologies of Docker container and Kubernetes,the current situation of network security traning platform at home and abroad.And we summarized the previous work and research results.Then,we deeply analyzed and compared container virtualization and traditional virtualization technology,and built the network security experimental test environment based on Docker/KVM resoectively.The data show that Docker has advantages of high performance and resource utilization.After that,we applied Docker container technology to network security training platform.According to the actual application scenarios,we analyzed the requirements and feasibility of the platform,and proposed the overall architecture.Finally,on the basis of realizing the basic functions,we studied the Kubernetes cluster,and extended the scheduling algorithm library of Kubemetes,and optimized the security of the cluster.By deploying the cluster environmnet,we verified the feasibility and effectiveness.This article mainly completed the following aspects of work:(1)We studied Docker container technology and Kubernetes technology,and researched the working principles and features of Docker and Kubernetes.(2)In order to verify the advantages of Docker container in performance and resource utilization,two sets of test experiments were designed based on Docker/KVM technology.The basic performance of Docker/KVM was tested under single-user scenario,and the resource utilization was tested under multi-user scenario.At last,we analyzed the experimental results.(3)The network security training platform based on Docker container has been studied and designed,including requirements analysis,feasibility analysis,and overall architecture design.We studied the working principle and operation mechanism of Kubernetes scheduler.And according to the practical application scenarios of the platform,we proposed PodFitsUserPredicate predicate scheduling algorithm and MostAverageResourcePriority priority scheduling algorithm.At last,we verified the validity of algorithms.(4)On the basis of meeting the basic requirements of the platform,we analyzed and improved the security mechanism of Kubernetes cluster,and the validity of improvement is verified.(5)In the laboratory environment,We used three servers to build and deploy the Kubemetes cluster and network security training platform based on Docker container.Finally we started 15 sets of pods to test the cluster and monitoring system.