Research And Implementation Of The Key Technology Of Dynamic Honeynet

With the rapid development of the Internet,The problem of network security also becomes increasingly serious.In recent years,traditional defense technologies such as firewalls and intrusion detection devices,are difficult to deal with new cyber threats that are highly covert,sustainable and even intelligent.In order to reverse the unfavorable situation of the defenders in the network attack and defense confrontation,as an active defense technology,honeynet has gained unprecedented concern.However,the current honeynet is static with complex configuration and it is difficult to accurately reflect the network security states.How to improve the flexibility,randomness and decoy of honeynet,and how to accurately and effectively evaluate the overall security situation of honeynet are difficult problems to be solved urgently for the active network security defense system.Following the idea of active defense,this thesis conducts research on key technologies of dynamic honeynet,focusing on dynamic configuration algorithm for honeynet and honeynet security situation assessment algorithm.The main work and innovation points are as follows:(1)Aiming at the problem that honeynet is easy to break and fail as a result of static deployment,a dynamic configuration algorithm for honeynet is put forward.Firstly,based on the characteristics of network attack and defense confrontation,the game theory is used to establish a game model for the attack and defense scenes in honeynet.The comprehensive quantitative analysis is made on the benefits of attack and defense strategies of both parties involved in honeynet,which provides theoretical support for the selection of optimal allocation strategy of honeynet.Secondly,The Docker honeypot,flexible,isolated and highly extensible,combined with the ability to sense the changes in the network environment and give feedback,can realize dynamic configuration of honeynet.And the decoy of honeynet is improved to reduce the success rate of network attack.Finally,the validity and feasibility of the algorithm are verified by the experiments.(2)Targeting at the current situation where honeynet lacks reasonable and effective means of security state evaluation,an evaluation algorithm on network security situation of honeynet is proposed.The multi-source alarm data generated by honeynet has richer and more complex security situation elements,which can more accurately reflect the network security status.Based on this,the multi-source alarm data is firstly processed by aggregation,and the causal correlation of multi-step attack stage is constructed.According to the basis,an assessment index system of honeynet security situation is established by using threat,vulnerability and asset and so on.The hidden markov model optimized by genetic algorithm is used to describe the change process of safety state of honeynet nodes.And then,the security situation value of a single node is quantified,and based on the idea from the local to the whole,the overall security situation of the honeynet is calculated by weighted fusion,and the change of the security state of the system is described.Finally,the data set is used for experimental verification,which proves the rationality and correctness of the algorithm.(3)Based on the traditional honeynet architecture,a dynamic honeynet protection system is designed and developed by combining the two algorithms mentioned above and utilizing virtualization technology and Docker honeypot.Then the overall architecture design of the system is described,and the main sub-modules of the system are introduced and visualized.Finally,it's shown that the algorithm and model proposed in this thesis have practical application value through the actual test.