基于sdn的攻击捕获混合蜜罐

2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC) Pub Date : 2019-03-15 DOI:10.1109/ITNEC.2019.8729425

He Wang, Bin Wu

{"title":"基于sdn的攻击捕获混合蜜罐","authors":"He Wang, Bin Wu","doi":"10.1109/ITNEC.2019.8729425","DOIUrl":null,"url":null,"abstract":"Honeypots have become an important tool for capturing attacks. Hybrid honeypots, including the front end and the back end, are widely used in research because of the scalability of the front end and the high interactivity of the back end. However, traditional hybrid honeypots have some problems that the flow control is difficult and topology simulation is not realistic. This paper proposes a new architecture based on SDN applied to the hybrid honeypot system for network topology simulation and attack traffic migration. Our system uses the good expansibility and controllability of the SDN controller to simulate a large and realistic network to attract attackers and redirect high-level attacks to a high-interaction honeypot for attack capture and further analysis. It improves the deficiencies in the network spoofing technology and flow control technology in the traditional honeynet. Finally, we set up the experimental environment on the mininet and verified the mechanism. The test results show that the system is more intelligent and the traffic migration is more stealthy.","PeriodicalId":202966,"journal":{"name":"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"SDN-based hybrid honeypot for attack capture\",\"authors\":\"He Wang, Bin Wu\",\"doi\":\"10.1109/ITNEC.2019.8729425\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Honeypots have become an important tool for capturing attacks. Hybrid honeypots, including the front end and the back end, are widely used in research because of the scalability of the front end and the high interactivity of the back end. However, traditional hybrid honeypots have some problems that the flow control is difficult and topology simulation is not realistic. This paper proposes a new architecture based on SDN applied to the hybrid honeypot system for network topology simulation and attack traffic migration. Our system uses the good expansibility and controllability of the SDN controller to simulate a large and realistic network to attract attackers and redirect high-level attacks to a high-interaction honeypot for attack capture and further analysis. It improves the deficiencies in the network spoofing technology and flow control technology in the traditional honeynet. Finally, we set up the experimental environment on the mininet and verified the mechanism. The test results show that the system is more intelligent and the traffic migration is more stealthy.\",\"PeriodicalId\":202966,\"journal\":{\"name\":\"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-03-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITNEC.2019.8729425\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITNEC.2019.8729425","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

摘要

蜜罐已经成为捕获攻击的重要工具。混合蜜罐包括前端和后端，由于前端的可扩展性和后端的高交互性而被广泛应用于研究中。但传统的混合蜜罐存在流量控制困难、拓扑仿真不现实等问题。本文提出了一种基于SDN的混合蜜罐系统结构，用于网络拓扑仿真和攻击流量迁移。本系统利用SDN控制器良好的可扩展性和可控性，模拟一个庞大而真实的网络来吸引攻击者，并将高级攻击重定向到高交互的蜜罐中进行攻击捕获和进一步分析。它改善了传统蜜网在网络欺骗技术和流量控制技术上的不足。最后，在mininet上搭建了实验环境，验证了该机制。测试结果表明，该系统更智能，流量迁移更隐蔽。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SDN-based hybrid honeypot for attack capture

Honeypots have become an important tool for capturing attacks. Hybrid honeypots, including the front end and the back end, are widely used in research because of the scalability of the front end and the high interactivity of the back end. However, traditional hybrid honeypots have some problems that the flow control is difficult and topology simulation is not realistic. This paper proposes a new architecture based on SDN applied to the hybrid honeypot system for network topology simulation and attack traffic migration. Our system uses the good expansibility and controllability of the SDN controller to simulate a large and realistic network to attract attackers and redirect high-level attacks to a high-interaction honeypot for attack capture and further analysis. It improves the deficiencies in the network spoofing technology and flow control technology in the traditional honeynet. Finally, we set up the experimental environment on the mininet and verified the mechanism. The test results show that the system is more intelligent and the traffic migration is more stealthy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)

自引率

0.00%

发文量