[1]严佩敏,姚嘉豪.SDN 下基于入侵检测的主动蜜网[J].计算机技术与发展,2021,31(增刊):96-99.[doi:10. 3969 / j. issn. 1673-629X. 2021. S. 019]
 YAN Pei-min,YAO Jia-hao.Active Honeynet Based on Intrusion Detection System in Software Defined Network[J].,2021,31(增刊):96-99.[doi:10. 3969 / j. issn. 1673-629X. 2021. S. 019]
点击复制

SDN 下基于入侵检测的主动蜜网()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
31
期数:
2021年增刊
页码:
96-99
栏目:
网络与安全
出版日期:
2021-12-31

文章信息/Info

Title:
Active Honeynet Based on Intrusion Detection System in Software Defined Network
文章编号:
1673-629X(2021)S0096-04
作者:
严佩敏姚嘉豪
上海大学 通信与信息工程学院,上海 200444
Author(s):
YAN Pei-minYAO Jia-hao
School of Communication and Information Engineering,Shanghai University,Shanghai 200444,China
关键词:
网络安全SDN 主动蜜网流量迁引入侵检测
Keywords:
network securitySDN active Honeynetflow transferintrusion detection
分类号:
TP393
DOI:
10. 3969 / j. issn. 1673-629X. 2021. S. 019
摘要:
提出了一种主动防御技术间的联动方法,通过 SDN( software defined network,软件定义网络) 网络和入侵检测系统将未被蜜网欺骗的攻击流量主动迁引至蜜网。 该方法主要基于 SDN 网络的可编程性,入侵检测系统根据分析结果自动向SDN 交换机下发流量的转发策略,实现对攻击流量的主动迁引,完成蜜网对攻击行为的捕获。 当访客正常访问时,蜜网系统、入侵检测系统不进行干预,SDN 交换机会将访问流量路由至内网服务器或主机;当存在恶意访问时,蜜网系统作为第一层安全防护,会对恶意访问进行欺骗和诱导;若攻击者未受蜜网欺骗继续攻击内网,入侵检测系统将作为第二层安全防护,会对流向内网服务器的流量进行识别分析,根据分析结果自动生成针对攻击流量的策略指令并下发至 SDN 交换机,将攻击流量主动迁引至蜜网中。
Abstract:
A linkage method among active defense technologies is proposed, in which the undeceiving attack traffic is actively transferred to the Honey net through the SDN? ? ? ?( software defined network) and intrusion detection system. This method is mainly based on the programmability of SDN, and the intrusion detection system automatically sends the forwarding strategy of the traffic to the SDN switch according to the analysis results,so as to realize the active migration of the attack traffic and complete the Honey net capture of the attack behavior. When a normal visitor tries to access the server,the switch will route the visitor to intranet servers. If the vistor is a hacker,the Honey net will work as the first safety protection. If the hacker is not attracted by the Honey net, the intrusion detection system will work as the second safety protection. By analyzing the flow,the intrusion detection system will automatically generate policy which aims at attack traffic and forward it to switches, then the attack traffic is transferred to Honey net.

相似文献/References:

[1]严华 蔡瑞英.即时通信监控系统的设计与实现[J].计算机技术与发展,2009,(07):242.
 YAN Hua,CAI Rui-ying.Design and Implementation of Monitoring System of Instant Messaging[J].,2009,(增刊):242.
[2]李生 邓一贵 唐学文 潘磊 林玉香.基于移动代理的分布式入侵检测系统的研究[J].计算机技术与发展,2009,(09):132.
 LI Sheng,DENG Yi-gui,TANG Xue-wen,et al.Research of Mobile Agent - Based Distributed Intrusion Detection System[J].,2009,(增刊):132.
[3]潘晓君.基于缓存超时的ARP欺骗攻击协议的研究[J].计算机技术与发展,2009,(10):167.
 PAN Xiao-jun.Research of ARP Spoofing Attack Protocol Based on Cache Overtime[J].,2009,(增刊):167.
[4]彭云峰 沈明玉.入侵防御系统在应急平台网络中的应用研究[J].计算机技术与发展,2009,(02):162.
 PENG Yun-feng,SHEN Ming-yu.Research on Intrusion Prevention System for Emergency Response Network[J].,2009,(增刊):162.
[5]尚占锋 章登义.DDoS防御机制研究[J].计算机技术与发展,2008,(01):7.
 SHANG Zhan-feng,ZHANG Deng-yi.Research of DDoS Defense Mechanism[J].,2008,(增刊):7.
[6]涂溢彬 饶云波[] 廖云 周明天.蜜网系统在检测新型Rootkit中的应用[J].计算机技术与发展,2008,(01):181.
 TU Yi-bin,RAO Yun-bo,LIAO Yun,et al.Honeynet System Applied in New Pattern Rootkit[J].,2008,(增刊):181.
[7]邵晓宇 杨善林 褚伟.基于Linux入侵检测动态防火墙的设计与实现[J].计算机技术与发展,2008,(05):156.
 SHAO Xiao-yu,YANG Shan-lin,CHU Wei.Design and Implementation of Dynamic Intrusion Detection Firewall Based on Linux[J].,2008,(增刊):156.
[8]孙印杰 王敏 陈智芳.解析蜜罐技术在网络安全中的应用[J].计算机技术与发展,2008,(07):129.
 SUN Yin-jie,WANG Min,CHEN Zhi-fang.Analysis Honeypot Technology Application in Network Security[J].,2008,(增刊):129.
[9]曹莹莹 王绍棣 王汝传 张伟.恶意代码传播效果的控制技术研究[J].计算机技术与发展,2010,(08):128.
 CAO Ying-ying,WANG Shao-di,WANG Ru-chuan,et al.Research on Malware Code Propagation Effect Control Technology[J].,2010,(增刊):128.
[10]潘文婵 章韵.路由器访问控制列表在网络安全中的应用[J].计算机技术与发展,2010,(08):159.
 PAN Wen-chan,ZHANG Yun.Application of Access Control List on Router in Network Security[J].,2010,(增刊):159.

更新日期/Last Update: 2021-09-10