Research On Honeynet Technology Based On Software Defined Network

In an era of rapid Internet technology,while the Internet brings convenience to life,it also brings unknown threats.The seemingly remote cyber attack may actually happen to us all the time.In the face of unknown attack targets and attack methods,security researchers usually use active defense technologies such as honeypots and honeynets to defend the network.With the emergence of software-defined network(SDN),how to combine SDN and honeynet technology to achieve network security protection has become a research hotspot in recent years.At present,SDN honeynet technology mostly focuses on the research of network security game,high-fidelity with fast virtual reconfiguration and dynamic generation of network services,while simulation studies on real business network performance parameters are relatively rare.This paper conducts research on SDN honeynet technology from the perspective of real business network simulation.The main work of this paper is summarized as follows:(1)Propose an optimal path selection algorithm for SDN honeynet traffic forwarding.The algorithm first obtains resource information such as the link bandwidth of each node in the honeynet topology through the SDN controller.Secondly,after data distribution is performed according to different services in the honeynet,the minimum occupied bandwidth path is calculated for different target honeypots,and the flow table is issued for data forwarding.When calculating the minimum occupied bandwidth path,the actual available bandwidth is considered comprehensively,and the bandwidth resources occupied by the data being transmitted are calculated into the remaining available bandwidth resources.Finally,the flow table is delivered to the OVS switch through the Open Flow protocol to realize dynamic routing and forwarding.Experimental results show that the algorithm can speed up the network transmission rate,reduce the comprehensive delay of honeynet transmission,and reduce the transmission jitter caused by changes in network bandwidth.Under the premise of no data loss,the transmission quality is guaranteed.(2)Aiming at the relatively stable characteristics of honeynet delay,a business network delay simulation algorithm based on integrated learning is proposed.This method first collects network traffic and delay information in the local area network where the business service is located,and obtains a data set after data preprocessing.Secondly,by using the random forest as the meta-learner,the prediction results of the three models of the boosting family as the primary learner are combined to predict the reference value of the delay.Then,the segmented regression tree is used as a model to predict the delay jitter characteristics.Finally,the delay reference and the jitter characteristics are superimposed to obtain a comprehensive delay that conforms to the delay and jitter characteristics of the LAN.(3)Construct a honeynet system based on the above algorithm proposed in this paper.The system is based on DPDK,OVS and Docker technology,and is built with SDN controller as a bridge.First,after the host physical network card receives the packet,the DPDK kernel bypass technology is used to speed up the data packet processing speed.Secondly,according to the data packet information,determine the destination honeypot,use the SDN controller to formulate the honeynet topology,and plan the path according to the optimal path selection algorithm.Finally,the DPDK high-precision delay module performs delay simulation according to the predicted delay value.