一种基于多阶段攻击响应的SDN动态蜜罐

蜜罐作为一种主动防御机制,可以通过部署诱饵目标,主动吸引攻击者与虚假资源进行交互,从而在防止有价值的真实资源受到破坏的同时,也能根据收集到的数据分析攻击行为并主动应对.然而,现有蜜罐方案存在无法针对复杂攻击手段部署特定蜜罐防御;蜜罐攻防博弈中动态性考虑不够充分,无法根据收益与成本有效选择蜜罐最佳防御策略;以及性能开销较...

A SDN Dynamic Honeypot with Multi-phase Attack Response

As an active defense mechanism,a honeypot can actively attract attackers to interact with imitative and illusive resources by deploying decoy targets,which can not only prevent valuable real assets from being destroyed,but also analyze and deal with the attack behaviors according to the collected data.However,the existing honeypot systems have some limitations,such as unable to deploy specific defense honeypots for complex attack scenarios,unable to select the best defense strategy according to the benefits and costs because of the insufficient dynamic consideration in honeypot attack and defense game,and the performance overhead is large.This paper proposes a SDN dynamic honeypot architecture based on multiphase attack response and dynamic game theory,presents a deployment strategy for SDN dynamic honeypot by using Docker,and implements a novel dynamic honeypot system which can be dynamically adjusted according the different attack phases.Experiments show that the system can quickly and dynamically generate a targeted honeypot for response according to the network situation and the behaviors of attackers,which effectively improves the dynamic and deception ability of honeypot.