Netinfo Security ›› 2021, Vol. 21 ›› Issue (1): 27-40.doi: 10.3969/j.issn.1671-1122.2021.01.004

Previous Articles     Next Articles

A SDN Dynamic Honeypot with Multi-phase Attack Response

WANG Juan1,2(), YANG Hongyuan1,2, FAN Chengyang1,2   

  1. 1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
    2. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, China
  • Received:2020-11-10 Online:2021-01-10 Published:2021-02-23
  • Contact: WANG Juan E-mail:jwang@whu.edu.cn

Abstract:

As an active defense mechanism, a honeypot can actively attract attackers to interact with imitative and illusive resources by deploying decoy targets, which can not only prevent valuable real assets from being destroyed, but also analyze and deal with the attack behaviors according to the collected data. However, the existing honeypot systems have some limitations, such as unable to deploy specific defense honeypots for complex attack scenarios, unable to select the best defense strategy according to the benefits and costs because of the insufficient dynamic consideration in honeypot attack and defense game, and the performance overhead is large. This paper proposes a SDN dynamic honeypot architecture based on multi-phase attack response and dynamic game theory, presents a deployment strategy for SDN dynamic honeypot by using Docker, and implements a novel dynamic honeypot system which can be dynamically adjusted according the different attack phases. Experiments show that the system can quickly and dynamically generate a targeted honeypot for response according to the network situation and the behaviors of attackers, which effectively improves the dynamic and deception ability of honeypot.

Key words: Honeypot, attack graph, game of dynamic incomplete information, software defined network, Docker

CLC Number: