Research And Implementation Of Cloud Environment Dynamic Honeynet System Based On Container

With the rapid development of the Internet industry,cyber security issues have become more and more serious,and the ways of various cyber attacks are constantly changing.Especially in recent years,intrusions and attacks through the Internet have increased significantly,and the tools and techniques used by attackers have evolved significantly.Traditional defense techniques are difficult to respond effectively to the changing cyber attacks,so defenders have proposed honeynet technology to actively attract hackers to analyze the tools and tactics used by attackers.However,the high interaction honeypots in traditional honeynets are deployed on physical or virtual machines,which have problems such as complex deployment process,high resource consumption and poor portability when deployed on a large scale.This thesis addresses the above issues,investigates the feasibility of forming a honeynet based on containers,and designs and implements an orchestration system for automatically deploying this honeynet in a heterogeneous cloud environment,the main work of the paper is as follows:1.Aiming at the problems of complex deployment process and poor portability of current honeynet system,we propose a honeynet architecture for cloud environment based on container honeypots with Kubernetes for unified management,and study two aspects of data monitoring and control methods of honeynet under Kubernetes environment.2.Propose a container-based honeynet environment unified description language CBHUDL(Container-based honeynet unified description language),by improving and extending the traditional honeynet description language TIHDL(Technology Independent Honeynet By improving and extending the traditional honeynet description language TIHDL(Technology Independent Honeynet Description Language),we make it applicable to describe the container honeynet environment in cloud environment.3.Propose a container placement method based on IFFD(Iterative First Fit Decreasing)algorithm,which realizes the selection of a set of hosts with smaller cost to place all container honeypots in the current cloud platform.The container placement problem is abstracted as a variable vector boxing problem to complete the problem definition and mathematical modeling,and the container placement algorithm is implemented by improving the IFFD algorithm in both container sorting and optimal solution finding.It is experimentally demonstrated that this algorithm reduces the cost of honeynet deployment in cloud environment compared to the Kubernetes native cluster scaling algorithm FFD(First Fit Decreasing).4.A honeynet orchestration description based on TOSCA(Topology and Orchestration Specification for Cloud Applications,TOSCA)specification is studied to provide a unified specification for orchestrating container honeynets in heterogeneous cloud platforms.The TOSCA specification is used to abstractly model the components and their relationships to be deployed in a container honeynet in a cloud environment,obtain node types and relationship types,and then instantiate the orchestration process of a service template management honeynet according to the actual honeynet structure.5.Design and implement the dynamic honeynet orchestration system for cloud environment containers,this system first supports defining the container honeynet structure in the form of description file,then automatically transforms into TOSCA orchestration description,then completes BPMN(Business Process Modeling Notation)workflow plan creation,and finally connects to the corresponding cloud platform and executes the workflow to complete the honeynet deployment.In this thesis,we build an Openstack experiment platform to test the function and performance of the container honeynet orchestration system.The experimental results show that the system is feasible and practical.