Research On Intelligent Honeynet Based On Software Defined Security

With the development and prosperity of Internet,the issue of network security is becoming more and more serious.Traditional passive defense methods have been difficult to adapt to the changing attack landscape.As an effective active defense method,Honeynet has gradually attracted people's attention.Honeynet spoofs attackers to perform attacks and records their behavior to understand the threats users may face.The existing Honeynet's software and hardware is coupling,with high deployment and maintenance costs,poor adaptability,and lack of a unified deployment platform and management mechanism.It can not be adapted to large-scale deployment and maintenance.The emergence of NFV(Network Function Virtualisation)and SDN(Software-Defined Network)virtualization technology provides a breakthrough for this problem.Based on the existing Honeynet architecture,combining SDN and NFV technologies,this paper proposes an intelligent Honeynet system.This architecture has the advantages of reducing fingerprint vulnerability,real-time abnormal response and adaptive adjustment.This intelligent Honeynet implements different functions in a software-defined way,with a unified management and control system.It can save resources and reduce energy consumption.In addition,different security functional entities can work together,complement each other and achieve collaborative defense.Based on the intelligent Honeynet architecture,this paper proposes a joint defense system.Aiming at the scenario of continuous injection of Honeypot data in the system,an updated database scheme and a cumulative classification scheme based on incremental learning are proposed.The simulation verifies the performance of the Bayesian classifier,the stochastic gradient descent method,and the passive aggressive classifier under two scenarios.We compares the results with the offline scenario.The experimental results show that with the passive aggressive classifier,the joint defense system can achieve the same performance as the offline mode,and can improve the recall rate of data with low probability of occurrence.This joint defense system can take advantage of the data provided by Honeypot to provide effective intrusion detection while avoiding the storage and computational burden caused by the growing data provided by Honeypot.Finally,the engineering implementation of this system was explored,and the construction of the Third Generation Honeynet and Honeyd was completed.