电信科学 ›› 2018, Vol. 34 ›› Issue (11): 156-165.doi: 10.11959/j.issn.1000-0801.2018278

• 运营技术广角 • 上一篇    下一篇

面向移动网络环境的智能协同蜜网设计与性能分析

陈利跃1,倪阳旦1,孔晓昀1,周升1,黄慧2,郑星3   

  1. 1 国网浙江省电力有限公司,浙江 杭州 310007
    2 国网浙江省电力有限公司丽水供电公司,浙江 丽水 323000
    3 国网浙江省电力有限公司衢州供电公司,浙江 衢州324000
  • 修回日期:2018-10-31 出版日期:2018-11-01 发布日期:2018-12-06
  • 作者简介:陈利跃(1973-),男,国网浙江省电力有限公司高级工程师、科技信息部信息处处长,主要研究方向为信息技术。|倪阳旦(1986-),男,国网浙江省电力有限公司工程师,主要研究方向为网络安全技术和信息技术。|孔晓昀(1969-),女,国网浙江省电力有限公司教授级高级工程师,主要研究方向为信息技术。|周升(1985-),男,国网浙江省电力有限公司高级工程师,主要研究方向为网络安全技术。|黄慧(1983-),男,国网浙江省电力公司丽水供电公司高级工程师,主要研究方向为网络与信息安全。|郑星(1980-),男,国网浙江省电力公司衢州供电公司高级工程师,主要研究方向为信息系统、安全、信息系统运维、信息化项目建设。

Design and performance analysis of a SDN-based intelligent and collaborative Honeynet for mobile networks environment

Liyue CHEN1,Yangdan NI1,Xiaoyun KONG1,Sheng ZHOU1,Hui HUANG2,Xing ZHENG3   

  1. 1 State Grid Zhejiang Electric Power Co.,Ltd.,Hangzhou 310007,China
    2 State Grid Lishui Power Supply Company,Lishui 323000,China
    3 State Grid Quzhou Power Supply Company,Quzhou 324000,China
  • Revised:2018-10-31 Online:2018-11-01 Published:2018-12-06

在线阅读

4

PDF下载

723

摘要:

在移动网络环境下,因各移动蜜罐资源有限、攻击注入手段灵活多变,需要动态部署蜜网以协同地检测攻击行为特征。然而现有蜜网易遭受特征识别攻击、网内恶意流量肆意传播、不能跨蜜罐迁移连接。为此,基于软件定义网络(software defined networking,SDN)技术,设计了一种智能协同蜜网(intelligent and collaborative Honeynet,ic-Honeynet)系统。它由逆向连接代理模块和蜜网控制器组成,它的优势在于逐一克服了上述3个缺陷。最后,搭建了一个ic-Honeynet实验环境,并验证了该系统的有效性。实验结果表明:该系统吞吐量近乎线速,高达8.23 Gbit/s;响应时延额外增加很小,仅在0.5~1.2 ms区间变化;连接处理能力也很强,可高达1 473个连接/s。

关键词: 蜜罐, 蜜网, 移动网络, 软件定义网络, 逆向连接代理

Abstract:

In the mobile network environment,the mobile honeypot resources are limited and the attack injection means are flexible,so it is necessary to dynamically deploy the honeynet to collaboratively detect the attack behavior characteristics.However,existing honey nets are susceptible to feature recognition attacks,malicious traffic within the network,and can’t be migrated across honeypots.Based on software defined networking (SDN) technology,an intelligent collaborative honeynet system (ic-Honeynet) was designed.It consisted of a reverse connection proxy module and a honeynet controller.Finally,an ic-Honeynet experimental environment was built and the effectiveness of the system was verified.The experimental results show that the throughput of the system is nearly linear,up to 8.23 Gbit/s; the additional increase in response delay is small,only in the range of 0.5 to 1.2 ms; the connection processing capability is also very strong,up to 1 473 connections/s.

Key words: Honeypot, Honeynet, mobile network, software defined networking, reverse connection proxy

中图分类号: 

No Suggested Reading articles found!