SDN-based virtual honeynet dynamic deployment method and system

A dynamic deployment and honeynet technology, applied in the field of network security, can solve the problems of inflexible configuration and maintenance, difficult dynamic construction of honeynet, poor scalability, etc., and achieve the effect of solving difficult dynamic deployment, improving deception, and real results

Inactive Publication Date: 2020-02-07
UNIV OF ELECTRONIC SCI & TECH OF CHINA
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem to be solved by the present invention is to propose a method and system for dynamic deployment of a virtual honeynet based on SDN, to solve the problem that

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN-based virtual honeynet dynamic deployment method and system
  • SDN-based virtual honeynet dynamic deployment method and system
  • SDN-based virtual honeynet dynamic deployment method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] The present invention aims to propose an SDN-based virtual honeynet dynamic deployment method and system to solve the technical problems in the prior art that honeynets are difficult to dynamically build and actively induce, configuration and maintenance are inflexible, scalability is poor, and deception is low . The invention performs context awareness in an unknown or dynamic network, and generates the most reasonable shadow honeypot candidate set through the idea of ​​clustering, as the basis of the honeynet deployment strategy. Using the collaborative sensing method, the optimal action is fed back to the honeynet scheduling module, the quality of honeypot deployment is rewarded and punished, the action probability of the honeypot is dynamically maintained, and the honeynet is dynamically adaptively selected from the shadow honeypot candidate set through the global threat rating The optimal deployment strategy realizes the dynamic configuration and continuous integra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of network security, discloses an SDN-based virtual honeynet dynamic deployment method, and solves the technical problems of difficulty in dynamic construction and active induction, inflexibility in configuration and maintenance, poor expandability and low decoy degree of a honeynet in the prior art. The method comprises the steps of A, scanning a honeynet to obtain a network entity, performing clustering analysis according to attributes of the network entity to obtain a clustering result set, and setting a shadow honeypot candidate set according tothe clustering result set; b, performing intrusion detection on the access traffic, and redirecting suspicious traffic according to a matching rule; and C, performing rewards and punishment operations on behaviors of deployed honeypots based on environmental feedback, updating the behavior probability of a set of deployed honeypots, obtaining the current honeynet deployment quality through calculation of the honeynet global threat degree, and then selecting the honeypots from the shadow honeypot candidate set according to the quality scores for dynamic deployment. In addition, the invention also discloses an SDN-based dynamic deployment system for the virtual honeynet, and the system is suitable for dynamic deployment of the virtual honeynet.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a virtual honeynet dynamic deployment method and system based on SDN (Software Defined Network). Background technique [0002] With the rapid development of computer and network technology, the security problems we face also follow. Due to the inherent non-equivalence between network attack and defense, traditional passive network defense measures are difficult to deal with the continuously evolving network security threats. Honeypots and honeynets emerged as an active security defense mechanism, and their essence is a camouflage and deception strategy for attackers. They lure attackers by simulating network vulnerabilities or deploying security resources that have no real value, and record the attackers. aggressive behavior. Security technicians can analyze and deduce the intruder's attack strategy and attack intention, and construct a targeted protection stra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N3/00
CPCG06N3/006H04L63/1416H04L63/1491
Inventor 陈爱国罗光春田玲赵太银王航
Owner UNIV OF ELECTRONIC SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap