Research And Implementation Of Dynamic Honeynet Based On Service Registration

Since the outbreak of worldwide COVID-19,a large number of new Internet services have emerged.At the same time,the situation of network attacks is becoming more serious,which brings new challenges to network security protection.Faced with the increasing number of unknown network threats,traditional security protection methods need to introduce active defense methods such as honeypot and honeynet as a supplement to existing methods.At present,the theoretical research of honeypot and honeynet has become mature,but if the existing honeynet system wants to be implemented in a large-scale container cloud platform,it is necessary to control the overall operating cost of the system more effectively,and balance the relationship between security protection ability and system resource overhead.This paper studies from three aspects:target network perception,honeynet deployment strategy and hybrid architecture design.The main research contents are as follows:(1)A target network perception framework based on service registration is proposed,which provides real-time and accurate description information through the service itself,which solves the problem that realtime and low processing overhead cannot be balanced in previous research.Based on this framework,security researchers can easily build a dynamic honeynet system with real-time perception capability;(2)A dynamic honeynet deployment strategy based on logical intrusion surface is proposed.This strategy considers the honeynet deployment problem from the perspective of service,maximizes the use of deployed honeypots by means of incremental deployment,and uses the optimistic lock mechanism to reduce the invalid calculation in large-scale change.It also has the characteristics of simple evaluation model and low computational cost;(3)A hybrid architecture honey net system suitable for production networks is designed.The system adopts a decoy and captor separated architecture.The combination of puppet honeypots and core honeypots greatly reduces the deployment and operating costs of honeypots.It is very suitable for production network internal use.Finally,the whole system is tested and evaluated.As for the target network perception framework,it is compared with active scanning,which demonstrates its advancement in making real-time and low processing overhead compatible;for the dynamic honeynet deployment strategy,various system mechanisms are verified,and the strategy is compared with existing researchs from the perspective of functional characteristics;for the hybrid architecture honeynet system,a puppet honeypot with an image size of only 5.59MB,a container memory usage of less than 500KB,and an extremely low deployment cost was constructed.The auto scaling mechanism of the core honeypot was tested too.