删除或更新信息,请邮件至freekaoyan#163.com(#换成@)

基于OpenFlow的蜜罐主动取证技术

本站小编 Free考研考试/2021-12-21

本文二维码信息
二维码(扫一下试试看!)
基于OpenFlow的蜜罐主动取证技术
Active Forensics Technology of Honeypot Based on OpenFlow
投稿时间:2017-07-30
DOI:10.15918/j.tbit1001-0645.2019.05.018
中文关键词:云计算OpenFlow控制蜜罐系统
English Keywords:cloud computingOpenFlow controlhoneypot
基金项目:国家"八六三"计划项目(2015AA16001)
作者单位
杨天识中国信息安全测评中心, 北京 100085
刁培金北京中测安华科技有限公司, 北京 100085
梁露露中国信息安全测评中心, 北京 100085
常震中国科学技术大学, 安徽, 合肥 230027
摘要点击次数:1021
全文下载次数:351
中文摘要:
提出了一种方法,将攻击流量自动从真实的云计算服务器中隔离到蜜罐服务器中.通过创建一个蜜罐网络服务器的虚拟机,使蜜罐服务器配备与真实云计算服务器相同的内存和存储设备,并通过OpenFlow控制和监控网络流量,从而将蜜罐系统与真实云服务器隔离开来.当访客正常访问服务器时,交换机会将访客的访问请求路由到真实的服务器.当某个访客被IDS标记为可疑攻击者时,交换机会重新计算路由路径,将攻击者的请求路由到制定的蜜罐中.
English Summary:
To provide customers with Internet remote services, cloud computing focuses on a large number of computing resources, storage resources and software resources. As cloud computing users, information resources are highly centralized, so the risk of cloud computing security incidents is much higher than the traditional application. Honeypot system can effectively capture the cloud traffic in the attack traffic. However, it is still difficult to develop seductive, protective, and deceptive honeypot systems for cloud computing security development. In this paper, a way was proposed to automatically isolate attack traffic from a real cloud computing server for a honeypot server. The honeypot system was isolated from the real cloud server by creating a virtual machine for a honeypot network server, allowing the honeypot server to have the same memory and storage devices as real cloud computing servers and monitoring the network traffic through OpenFlow. When a visitor visits the server normally, the switch can route the visitor's access request to the real server. When a visitor is marked as a suspicious attacker by IDS, the switch can recalculate the routing path and route the attacker's request to the developed honeypot.
查看全文查看/发表评论下载PDF阅读器
相关话题/北京 计算 安徽 技术 中文