New Honeyfarm System Based On Openstack

Aiming at the problems of low resource utilization,security and fidelity mutual restraint in traditional honeyfarm,this thesis presents a new type of honeyfarm solution based on Openstack cloud computing platform.With the characteristics of Openstack's resource scheduling and elasticity calculation,a honeyfarm gateway with low forwarding delay and flexible flow control strategy and a virtual machine monitor with a flash cloning mechanism are designed,which together constitute a new type of honeypot system.The core of our approach is to dynamically bind external requests to physical resources within a short period of time,which required to emulate dedicated host execution and to track established connections to ensure they do not cause secondary attacks.Then,the proposed new honeyfarm scheme was verified on the private cloud Openstack platform,and reasonable parameters were selected for simulation experiments.The analysis of the experimental results shows that the new honeyfarm has the advantages of high resource utilization,high security and high fidelity.At the same time,in order to secure the business systems on the Openstack cloud platform,we combine the honeyfarm with the intrusion detection system.For the intrusion detection system in the new honeyfarm architecture,in order to solve the problem that the performance of existing intrusion detection technology is highly dependent on the feature design,and also has high false alarm rate,this thesis proposes an intrusion detection system based on hierarchical time-space features(HAST-IDS).The intrusion detection system combines CNN and LSTM to learn the spatio-temporal characteristics of the original network traffic data.Different from the traditional method of using deep neural networks based on manually designed features,the intrusion detection system can directly use the deep neural network to learn features from the original network traffic data,and then obtain a better set of traffic characteristics to make the intrusion detection system more efficient.The simulation results show that the intrusion detection system based on layered space-time features improves the detection rate and reduces the false alarm rate compared with the existing systems.