Design And Implementation Of Hybrid Honeynet System Based On SDN

With the development of networks and computers,there are more and more threats against networks and computers.Attacks are emerging in an endless stream and targets are different.Attackers and defenders have serious inconsistencies in network security incidents.In the relationship,Once the attacker breaks through the security line,it is highly likely that the entire working network will be paralyzed or important information with a confidentiality level will be stolen,causing irreparable damage.Active defense technologies such as honeypot and honeynets are favored by security researchers.In recent years,software-defined network(SDN)has provided new solutions for cyberspace security with its scalable architecture and flexible management capabilities.The combination of SDN and active defense technology to form a more powerful intelligent honeynet has become an important research topic in the field of network security.Firstly,this paper studies the domestic and international status of traditional honeynet and hybrid honeynet,analyzes the existing shortcomings,and understands that the traditional honeynet technology cannot be classified and processed flexibly for attack traffic due to coarse-grained control.After that,we studied the application of SDN in the security field,and learned that its good flow control capability and programming ability can improve the flow control problem in traditional honeynet,and there is room for research in large-scale network topology realistic simulation.On this basis,this paper proposes a hybrid honeynet model architecture based on SDN.This model improves the data control and network spoofing of honeynet,and makes the following contributions:an SDN-based attack migration mechanism is proposed.Build an attack detection module independent of the SDN network,and rely on the scalable northbound interface of the SDN controller to implement flexible data control capabilities,and detect and classify different attacks to achieve the purpose of migrating the attack traffic decision;An SDN-based topology simulation model uses a virtual OpenFlow switch to cooperate with the controller to simulate various types of protocols to achieve the purpose of simulating a large realistic network topology to attract attackers.Finally,based on the SDN hybrid honeynet model,the hybrid honeynet system of SDN is designed and implemented,and the system environment is built to test the function and performance of each module.Experiments show that the SDN hybrid honeynet system proposed in this paper can achieve large-scale topology simulation to attract attackers,and can detect,classify and migrate attacks,alarm collection analysis and visual management,and the system has lower latency and is more concealed than Honeybrid.