Research On Adaptive Dynamic Honeypot Based On Virtualization Technology

As an active defense technology,honeypot technology can not only monitor and record attacks,but also detect and respond to unknown threats.At the same time,it can distract the attacker from accurately positioning the target.However,traditional honeypots have certain shortcomings,such as poor environmental awareness,fixed deployment locations,low security protection capabilities,and difficult maintenance and management.Therefore,it is very easy to be recognized by attackers and used to lose active defense capabilities.Therefore,from three aspects of dynamic perception,dynamic management and security defense,this thesis proposes an adaptive dynamic honeypot system based on virtualization technology to solve the defects of traditional honeypots.First of all,this thesis is oriented to commonly used remote operation protocols.By analyzing the principles of commonly used remote operation protocols,different data capture schemes are designed according to the characteristics of different types of remote operation protocols,and combined with network scanning technology,network scanning results are used to dynamically generate honeypot configuration for the data capture scheme and automatically deployed honeypot nodes.As a result,the dynamic perception ability of the system has been further improved.Secondly,the system uses a single docker container as a unit node,and visually manages and monitors the life cycle and network status of the container node,thus solving the problem of difficult system deployment and maintenance,and further enhancing the system's dynamic management capabilities.In addition,in order to reduce the damage caused by uncontrollable attacks to the honeypot and improve the system's security defense capabilities,this thesis proposes two strategies for honeypot static defense and dynamic defense.The static defense strategy performs security analysis on the system application layer and docker container layer,and designs honeypot camouflage and protection schemes based on the analysis results,thereby reducing the probability of honeypot identification and improving system survivability.Based on the principle of learning automata,the dynamic defense strategy proposes an adaptive defense configuration algorithm,and adaptively adjusts honeypot configuration and deploys honeypot nodes through network feedback information,which solves the problem of periodic decline in honeypot survivability and data capture capabilities.Finally,through the realization of the various modules of the adaptive dynamic honeypot system and the simulation test,the function and performance of the system are verified.