| Internet has always been threatened by multiple network attacks,which have different targets or methods,resulting in unequal status between attackers and defenders.Honeypot and Honeynet are exactly a kind of active defense methods which were raised under these circumstances.However,traditional Honeypot and Honeynet have the defects "Once identified,loses value",which means they are easily identified by attackers so that losing the ability of active defense.For the issues mentioned earlier,two research points proposed in this parper: On the one hand,due to Honeypot static configuration is easily identified by attackers,a discoloration Honeypot system based on Docker containers,which named Nimpot,was proposed.The Nimpot integrates various camouflage services and dynamically deploys decoys so that enhance the traditional Honeypots' capabilities of active defense and data capture.On the other hand,a discoloration Honeynet based on Learning Automaton is proposed to solve the question that the real host threatened by the leaked Honeynet information.The main research content include study the discoloration Honeynet mechanism,construct the discoloration Honeynet model and design the discoloration Honeynet dynamic strategy configuration algorithm,aim to reduce the probability of successful attacks.Discoloration Honeypot system based on Docker containers mainly used to solve the contradiction between the fidelity and scalability of the traditional Honeypot and improve the ability of the Honeypot's anti-identification.At first,after analysis the features of Docker containers by contrast with hybrid Honeypot system,using its advantages to combine various decoys in one physical machine so that improve the balance between fidelity and scalability of Honeypot system;Next,programming Honeypot decoy dynamic deployment algorithm so that change the Honeypot decoy state in Honeypot system adaptively,Again,In order to achieve transparent redirection of network data transmission,designing TCP connection redirection engine by using SDN controller;For the purpose of improving the performance of the Honeypot system,designing the network data flow decision algorithm which can filter the incoming network traffic.At last,after analysing the attack data and make visual display based on ELK,verified the function and performance of the discoloration Honeypot system through experimental tests.Single Honeypot system has limitations on the capabilities of active defense and data capture.In order to improve the capabilities of data capture and reduce the attack threats to the real hosts,the discoloration Honeynet based on Learning Automaton was proposed by doing some research.Firstly,take advantage of Nimpot's features,devising the discoloration Honeynet Mechanism,which can provide Honeypot camouflage service and achieve Honeypot anti-identification in the same time;Next,describing the discoloration Honeynet network environment formally by construct discoloration Honeynet model based on Learning Automaton;For the purpose of distributing the Honeypot node configuration strategy dynamically under the network environment,design discoloration Honeynet dynamic strategy configuration algorithm,which achieves dynamic response to the network environment;At last,analyzing the feasibility of the proposed method through simulation test. |
PDF Full Text Request