| With the rapid development of the Internet industry,various cyber-attacks are also making progress.Network security is suffering from more and more severe challenges.The passive defense method represented by firewall and intrusion detection technology is gradually unable to meet the needs of network security.Therefore,researchers have proposed an idea of active defense.The representative technology is honeynet technology.However,since its birth,traditional honeynets have always had some shortcomings,such as the inability to dynamically change according to the attack situation and the complexity of deployment,which greatly restricts the application of honeynet technology.The SDN technology born in recent years has high flexibility and programmability,which can make up for the shortcomings of traditional honeynets,which provides a new breakthrough and ideas for the development of honeynet technology.This paper first reviews the various stages of the development of honeynet technology,explores the weaknesses and limitations of honeynet technology,and then studies the SDN technology and finds that its flexibility,strong data control and programmability can make up for the traditional honeynet.Insufficient.This paper also discusses some existing SDN and honeynet combination schemes,and finds that these schemes have the problems that the alarms are cumbersome and difficult to analyze,and the honeypots are broken to bring a big security threat.Based on the above questions,the main work done in this paper includes the following parts:(1)In view of the confusion and confusion of current honeynet system alarms,this paper proposes a progressive responsive honeynet mechanism,which is a topological scanning,exploit-worm-attack attack by three functional modules:topology simulation,exploit and worm capture.The chain performs a layer-by-layer progressive response,so that the generated alarms are divided by modules,which are more clear and easy for researchers to analyze.(2)In view of the security problem after the honeypot is compromised,this paper proposes a honeypot switching strategy based on the detection of the attack tree stage.According to the attack tree model,the attack behavior is corresponding to the attack tree node,and is split into different stages.When the new phase is reached,the honeypot connected with the attacker is switched,the progress of the attack is delayed,and the defense network is taken to protect the response time.(3)Based on the progressive responsive honeynet architecture,this paper designs and implements an SDN-based honeynet active defense system.The experiment designed the function and module of the system,demonstrated the prototype system,and finally compared with other honeynet systems,which proved the deployment mode,data control flexibility,alarm complexity,honeypot deception All four aspects are superior. |
PDF Full Text Request