一种基于动态Docker的SDN蜜网设计与实现

doi:10.3969/j.issn.1671-1122.2022.04.005

信息网络安全 ›› 2022, Vol. 22 ›› Issue (4): 40-48.doi: 10.3969/j.issn.1671-1122.2022.04.005

一种基于动态Docker的SDN蜜网设计与实现

张伟¹(), 徐智刚², 陈云芳¹, 黄海平¹

1.南京邮电大学计算机学院,南京 210023
2.中通服咨询设计研究院有限公司,南京 210019

收稿日期:2021-10-26 出版日期:2022-04-10 发布日期:2022-05-12
通讯作者: 张伟 E-mail:zhangw@njupt.edu.cn
作者简介:张伟（1973—）,男,江苏,教授,博士,主要研究方向为网络信息安全、恶意代码分析、社会网络分析|徐智刚（1988—）,男,江苏,硕士,主要研究方向为信息安全|陈云芳（1976—）,男,江苏,副教授,博士,主要研究方向为社会计算、信息网络安全|黄海平（1981—）,男,福建,教授,博士,主要研究方向为物联网技术、网络安全、数据隐私保护技术
基金资助:
国家自然科学基金(62072252);国家重点研发计划(2019YFB2101701)

Design and Implementation of a SDN Honeynet Based on Dynamic Docker

ZHANG Wei¹(), XU Zhigang², CHEN Yunfang¹, HUANG Haiping¹

1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
2. China Information Consulting & Designing Institute co., LTD, Nanjing 210019, China

Received:2021-10-26 Online:2022-04-10 Published:2022-05-12
Contact: ZHANG Wei E-mail:zhangw@njupt.edu.cn

摘要/Abstract

摘要：

面对近年来越来越高级和组织化的黑客攻击,传统防护手段愈发力不从心。蜜网作为一种主动防御技术,在捕获和分析恶意行为方面发挥着不可替代的作用。现有蜜网技术无法实现细化粒度数据控制,蜜罐系统部署复杂,资源消耗大,文章结合Docker和SDN技术,设计并实现了一种基于动态Docker的SDN蜜网。在保证各蜜罐系统相互隔离的前提下,降低蜜网部署难度,减少资源消耗并实现资源的动态分配;同时使用SDN技术进行数据转发与控制解耦,有效实现数据流的灵活控制。

关键词: SDN蜜网, 主动防御, 动态Docker, 快速部署

Abstract:

In recent years, facing with more and more advanced and organized hacker attacks, the traditional means of protection are often inadequate. Honeynet is an active defense technology, which is playing an increasingly important role in capturing and analyzing malicious traffic and even unknown attack behavior. Aiming at the problem that the existing honeynet technology can not realize fine-grained data control and the deployment of honeypot system in honeynet is complex as well as the resource consumption is large, this paper designs and implements a SDN Honeynet by combining Docker with SDN technology. Under the premise of ensuring that the honeypot systems are isolated from each other, Docker technology simplifies and reduces the difficulty of Honeynet deployment, reduces resource consumption and realizes the dynamic allocation of resources. At the same time, SDN technology is used to decouple data forwarding and control, which effectively realizes flexible control of data flow. Experiment results showed that the proposed Honeynet architecture is of great value in large-scale rapid deployment scenarios with high degree of automation.

Key words: SDN honeynet, active defense, dynamic Docker, rapid deployment

中图分类号:

TP309

张伟, 徐智刚, 陈云芳, 黄海平. 一种基于动态Docker的SDN蜜网设计与实现[J]. 信息网络安全, 2022, 22(4): 40-48.

ZHANG Wei, XU Zhigang, CHEN Yunfang, HUANG Haiping. Design and Implementation of a SDN Honeynet Based on Dynamic Docker[J]. Netinfo Security, 2022, 22(4): 40-48.

图/表 10

图1

表1

图2

图3

图4

图5

图6

图7

图8

图9

参考文献 18

[1]	LIU Jian, SU Purui, YANG Min, et al. Software and Cyber Security-a Survey[J]. Journal of Software, 2018, 29(1): 42-68.
	刘剑, 苏璞睿, 杨珉, 等. 软件与网络安全研究综述[J]. 软件学报, 2018, 29(1): 42-68.
[2]	China National Information Center. CNCERT Internet Security Threat Report[EB/OL]. [2021-10-07]. https://www.cert.org.cn/publish/main/45/2020/20200430101311844493731/20200430101311844493731_.html .
	中国国家信息中心. CNCERT 互联网安全威胁报告[EB/OL]. [2021-10-07]. https://www.cert.org.cn/publish/main/45/2020/20200430101311844493731/20200430101311844493731_.html .
[3]	ZHUGE Jianwei, TANG Yong, HAN Xinhui, et al. Honeypot Technology Research and Application[J]. Journal of Software, 2013, 24(4): 825-842. doi: 10.3724/SP.J.1001.2013.04369 URL
	诸葛建伟, 唐勇, 韩心慧, 等. 蜜罐技术研究与应用进展[J]. 软件学报, 2013, 24(4):825-842.
[4]	SPITZNER L. The Honeynet Project: Trapping the Hackers[J]. IEEE Security & Privacy, 2003(2): 15-23.
[5]	ABBASI F, HARRIS R. Experiences with a Generation III Virtual Honeynet[C]// IEEE. Telecommunication Networks and Applications Conference (ATNAC). New York: IEEE, 2009: 1-6.
[6]	SHI Leyi, LI Yang, MA Mengfei. Latest Research Progress of Honeypot Technology[J]. Journal of Electronics & Information Technology. 2019, 41(2): 498-508.
	石乐义, 李阳, 马猛飞. 蜜罐技术研究新进展[J]. 电子与信息学报, 2019, 41(2):498-508.
[7]	WU Zhixue. Advances on Virtualization Technology of Cloud Computing[J]. Journal of Computer Applications, 2017, 37(4): 915-923.
	武志学. 云计算虚拟化技术的发展与趋势[J]. 计算机应用, 2017, 37(4):915-923.
[8]	ZHANG Jian, XIE Tianjun. Research of Platform as a Service Architecture Based on the Docker[J]. Information Technology and Informatization, 2014(10): 131-134.
	张建, 谢天钧. 基于Docker的平台即服务架构研究[J]. 信息技术与信息化, 2014(10):131-134.
[9]	LIU Xi, HU Zhiyong. Design and Implementation of Web Cluster Based on Docker Container[J]. Electronic Design Engineering, 2016, 4(8): 117-119.
[10]	Stanford University. Clean Slate Program[EB/OL]. [2021-09-07]. http://cleanslate.stanford.edu/ .
[11]	Open Networking Foundation. Software-Defined Networking: The New Norm for Networks[EB/OL]. [2021-09-07]. https://xueshu.baidu.com/usercenter/paper/show?paperid=71c6a62c9579d9db720a61259787cbff .
[12]	GUDE N, KOPONEN T, PETTIT J, et al. NOX: Towards an Operating System for Networks[J]. Acm Sigcomm Computer Communication Review, 2008, 38(3): 105-110. doi: 10.1145/1384609.1384625 URL
[13]	SUZUKI K, SONODA K. A Survey on OpenFlow Technologies[J]. IEICE Transactions on Communications, 2014, 97(2): 375-386.
[14]	HAH Wonkyu, ZHAO Ziming, ADAM D, et al. HoneyMix: Toward SDN-based Intelligent Honeynet[C]// ACM. The 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. New York: ACM, 2016: 1-6.
[15]	KYUNG S, HAN Wonkyu, TIWARI N, et al. HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN[C]// IEEE. 2017 IEEE Conference on Communications and Network Security(CNS). New York: IEEE, 2017: 1-9.
[16]	FAN Wenjun, FERNANDEZ D, DU Zhihui. Versatile Virtual Honeynet Management Framework[J]. IET Information Security, 2017, 11(1): 38-45. doi: 10.1049/iet-ifs.2015.0256 URL
[17]	HU Yixun, ZHENG Kangfeng, WU Bin, et al. Dynamic Virtual Honeynet System Using Openflow[J]. Journal of Beijing University of Posts and Telecommunications, 2015, 38(6): 104-108, 119.
	胡毅勋, 郑康锋, 武斌, 等. Openflow下的动态虚拟蜜网系统[J]. 北京邮电大学学报, 2015, 38(6):104-108,119.
[18]	KYRIAKOU A, SKLAVOS N. Container-Based Honeypot Deployment for the Analysis of Malicious Activity[C]// IEEE. Global Information Infrastructure and Networking Symposium (GIIS’18). New York: IEEE, 2018: 1-4.

评估项目	物理蜜罐	虚拟化蜜罐	Docker蜜罐
部署成本	高	中	低
配置复杂度	高	中	低
可扩展性	扩展性弱	扩展复杂	扩展简单
可移植性	无法移植	移植性弱	移植性强
动态性	手动配置	手动配置较少	自动配置
数据大小	大（真实操作系统）	中（基于虚拟模板）	小（基于镜像）
部署速度	慢,至少小时级	较慢,10秒以上	快速,秒级

一种基于动态Docker的SDN蜜网设计与实现

Design and Implementation of a SDN Honeynet Based on Dynamic Docker

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 18

相关文章 7

编辑推荐

Metrics

本文评价

[1]	王志强;龚小刚;王红凯;夏威. 智能电网信息安全防御实践[J]. , 2013, 13(10): 0-0.
[2]	章翔凌;王欢. 基于白名单技术构建主动防御体系[J]. , 2013, 13(10): 0-0.
[3]	姚晓宇;马辉;廉喆. 基于特征分解的免杀方法研究[J]. , 2012, 12(4): 0-0.
[4]	高静峰. 浅析云查杀与主动防御[J]. , 2011, 11(9): 0-0.
[5]	刘志;钱鲁锋;邵宏韬. 计算机病毒防治技术的发展研究[J]. , 2011, 11(7): 0-0.
[6]	米军. DDOS攻击下基于TTL策略的数据安全方法研究[J]. , 2009, 9(6): 0-0.
[7]	高晓飞;申普兵. 浅析网络安全主动防御技术[J]. , 2008, 8(8): 0-0.