The Research On Dynamic Configuration Of Honeynet Based On Graph Neural Network

With the development of network technology,the Internet plays an important role in various fields,but with it comes a variety of new network attacks.Traditional static and passive network defense technologies,such as firewall and intrusion detection system,are increasingly unable to meet the needs of today's network security.In order to reverse this situation,we need to study the dynamic and active network defense technology,and honeynet technology is a typical active defense technology.Honeynet can realize defense by deceiving attackers,that is to say,deploying false host system and application service in the network as decoys to attract attackers to attack it,so as to reduce the damage of network attack to business network.At the same time,Honeynet can also record the attack behavior through information collection when the attacker attacks,so as to track and trace the source of the attack behavior,as well as audit and evidence collection.An important index to evaluate the performance of Honeynet is the ability to cheat attackers.In order to improve the cheating ability of Honeynet,researchers in related fields have put forward many Honeynet technical schemes.At present,one of the important reasons for the limitation of Honeynet deception ability is that the existing Honeynet technical scheme does not make full use of the graph data characteristics of network situation information to evaluate the network security state,which makes Honeynet system difficult to accurately evaluate the network situation and severely limits the ability to cheat attackers.In addition,the existing Honeynet dynamic configuration scheme focuses on the dynamic configuration of Honeynet topology and access rules,and lacks the dynamic configuration of honeypot node attributes in honeynet.In order to improve the deception ability of Honeynet,this paper proposes a dynamic Honeynet architecture based on the traditional Honeynet architecture.The Honeynet architecture can obtain the necessary network situation information in real time,and use the graph neural network to aggregate these graph type data,analyze the multi-dimensional information of the network situation map,and predict based on the semi supervised learning characteristics of the graph neural network The security state of the unknown state node.In order to ensure the reliability of handling network situation information by using graph neural network,this paper also studies the algorithm based on graph neural network to guide the dynamic configuration of Honeynet by mining and aggregating the network situation information.On this basis,the real-time analysis results based on network situation indicate that Honeynet dynamically adjusts its own attributes,such as network topology,deployed application services,etc.Finally,according to the overall structure of Honeynet system,the network system structure based on the dynamic adjustment of Honeynet parameters and states is constructed,and its feasibility is proved,and its performance is tested.The test results show that the designed dynamic Honeynet system can effectively resist the common network attacks,which is of great significance to the research and application of active defense and honeypot honeynet technology.