摘要
在移动网络环境下,因各移动蜜罐资源有限、攻击注入手段灵活多变,需要动态部署蜜网以协同地检测攻击行为特征。然而现有蜜网易遭受特征识别攻击、网内恶意流量肆意传播、不能跨蜜罐迁移连接。为此,基于软件定义网络(software defined networking,SDN)技术,设计了一种智能协同蜜网(intelligent and collaborative Honeynet,ic-Honeynet)系统。它由逆向连接代理模块和蜜网控制器组成,它的优势在于逐一克服了上述3个缺陷。最后,搭建了一个ic-Honeynet实验环境,并验证了该系统的有效性。实验结果表明:该系统吞吐量近乎线速,高达8.23 Gbit/s;响应时延额外增加很小,仅在0.5~1.2 ms区间变化;连接处理能力也很强,可高达1 473个连接/s。
In the mobile network environment,the mobile honeypot resources are limited and the attack injection means are flexible,so it is necessary to dynamically deploy the honeynet to collaboratively detect the attack behavior characteristics.However,existing honey nets are susceptible to feature recognition attacks,malicious traffic within the network,and can't be migrated across honeypots.Based on software defined networking (SDN)technology,an intelligent collaborative honeynet system (ic-Honeynet)was designed.It consisted of a reverse connection proxy module and a honeynet controller.Finally,an ic-Honeynet experimental environment was built and the effectiveness of the system was verified.The experimental results show that the throughput of the system is nearly linear,up to 8.23Gbit/s;the additional increase in response delay is small,only in the range of 0.5to 1.2ms;the connection processing capability is also very strong,up to 1473connections/s.
作者
陈利跃
倪阳旦
孔晓昀
周升
黄慧
郑星
CHEN Liyue;NI Yangdan;KONG Xiaoyun;ZHOU Sheng;HUANG Hui;ZHENG Xing(State Grid Zhejiang Electric Power Co.,Ltd.,Hangzhou 310007,China;State Grid Lishui Power Supply Company,Lishui 323000,China;State Grid Quzhou Power Supply Company,Quzhou 324000,China)
出处
《电信科学》
2018年第11期156-165,共10页
Telecommunications Science
关键词
蜜罐
蜜网
移动网络
软件定义网络
逆向连接代理
Honeypot
Honeynet
mobile network
software defined networking
reverse connection proxy
