Dynamic Honeypot Design And Implementation In Cloud Environment

Security and defense in the cloud environment have been hot research directions in the security field.The use of honeypots to detect known and unknown attacks is currently one of the main defenses.However,the current research and utilization methods of honeypots are mainly based on the deployment and detection of the honeypots themselves.There is not much consideration for the user environment in which the honeypot is located,this leads to the defense being relatively passive.For example,although there is a high-interaction type honeypot,the honeypot is still configured in a hypothetical user environment,which is far from the real environment of the user,and reduces the detection effect on malicious attacks.Therefore,the design and implementation method of dynamic honeypots under cloud environment is proposed,honeypots can dynamically create and simulate the real environment of the user,and it is hoped that the detection method and detection effect of malicious code attacks in cloud environment can be further improved.The design and implementation of dynamic honeypots in cloud environment is mainly divided into three parts:(1)Automated interception of programs in network traffic in cloud environment,and determine the suspicious part by static scanning.(2)The intercepted and analyzed suspicious programs are quickly scanned to collect the behavior information of the suspicious programs,and the suspicious programs are classified according to the behavior information,and then they are imported into the honeypot for detailed analysis.(3)Dynamic honeypot creation for simulating user environments: Simulate the generation of honeypots in the same environment by obtaining information from the user's host for detailed analysis of suspicious behavior.According to the above method,the prototype system of dynamic honeypot in cloud environment is realized,and the prototype system is tested: Typical normal programs and malicious samples are collected for multi-level detection.The prototype system can effectively detect suspicious behavior features contained in malicious programs and distinguish between malicious samples and normal programs.The effectiveness of dynamic honeypot detection is demonstrated by comparing the effects of dynamic honeypots and static honeypots using two types of malicious samples,wannacry and keylogger.