Design And Implementation Of Dynamic Security Defending System Based On Netfilter/Iptables

With the development and popularity of the Internet and information technology,people's work and life got a great convenience.But at the same time,all kinds of information security problems have occurred.Malware,such as viruses and Trojans,and endless network attacks pose great challenges to information security.A single passive security defending technique cannot efficiently apply the security defense to network and system.Existing dynamic security defending systems only use end hopping technique,which lead to the lack of targeted measures at different phases of network attack.Facing these severe information security circumstances,it's imperative to research on dynamic security defending technique of various techniques combined.Firstly,the research on the whole process of network attack and existing active security defending techniques is given and implemented.On the basis of the above researches,especially for the difficulty that existing dynamic security defending systems cannot deal with different network attacks at preparation and implementation phases effectively,a dynamic security defending system is designed,which makes use of different dynamic security defending technique at different phases of network attack.Based on the end hopping technique,the bogus packet response technique is used in responding to sniffer behavior.Secondly,at the implementation phase of network attack,especially for the drawback that existing flow lead technique only focuses on the filtration of the DDo S flow,a dynamic flow lead and service camouflage technique is proposed based on Netfilter and container technology,which can lead the attackers' flow to camouflage host computer and use container to generate services on the camouflage host computer according to the status of services on the server.This technique takes a different tack from traditional honeypot and honey techniques,which can solve the problem that traditional camouflage techniques are easy to be detected and provide more realistic environment for camouflage and inducing attack.Finally,according to the system architecture and key techniques above,the dynamic security defending system has been implemented and deployed on the basis of the underlying techniques,such as netfilter/iptables frame and container,etc.The functionality and performance of the core modules in the system have been tested in the real network environment.The results of the experiments shows that the dynamic security defending system can meet design requirement and improve the security capability of internal network effectively,which is meaningful for the research and application on active security defending technique.