CN108306860A - Honey net based on real network environment realizes system and method - Google Patents

Honey net based on real network environment realizes system and method Download PDF

Info

Publication number
CN108306860A
CN108306860A CN201711453522.7A CN201711453522A CN108306860A CN 108306860 A CN108306860 A CN 108306860A CN 201711453522 A CN201711453522 A CN 201711453522A CN 108306860 A CN108306860 A CN 108306860A
Authority
CN
China
Prior art keywords
environment
sweet
net
sweet net
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711453522.7A
Other languages
Chinese (zh)
Inventor
胡鹏
王俊卿
吴建亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jin Xing Network Technology Co Ltd
Original Assignee
Guangzhou Jin Xing Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jin Xing Network Technology Co Ltd filed Critical Guangzhou Jin Xing Network Technology Co Ltd
Priority to CN201711453522.7A priority Critical patent/CN108306860A/en
Publication of CN108306860A publication Critical patent/CN108306860A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses the sweet net realization systems based on real network environment, including sweet wet end administration management module, network area division module, NS software module, dynamic moving generation module and sweet net environment, one group or more of sweet net environment is provided in sweet net environment;The honey net environment includes virtualized environment and physical machine environment.Sweet net, the sweet net net with live network region division and access control is combined to have and meet the dynamic moving that network area divides feature with the actual situation that physical machine is combined by virtualization technology;Significantly solving previous sweet net environment has larger gap with true environment and leads to not effectively inveigle attacker's problem for a long time.

Description

Honey net based on real network environment realizes system and method
Technical field
The present invention relates to a kind of sweet net realization systems, are based especially on sweet net realization system and the side of real network environment Method belongs to technical field of network security.
Background technology
Information sharing that the inherent open, interactivity in internet and dispersed feature make the mankind be longed for, opening, The demands such as flexibly and quick are met.Network environment is that information sharing, information interchange, information service create ideal space, The rapid development and extensive use of network technology provide huge motive force for mankind's social progress.However, just because of mutual The above-mentioned characteristic of networking, produces many safety problems.
Traditional honey net is often realized by the way of analog service and network, sandbox or limited virtualization, in this honey In net environment, attacker can not effectively show real attack, it is also possible to have soon found that it is among honey net, it is difficult to long Time effectively inveigles attacker, needs to realize more effective trick using the sweet net built based on real network environment and attract The purpose of attacker.
In existing sweet network technology, there are following significant drawbacks:
1, sweet net is built by the way of the service of simulation and network, sandbox or limited virtualization, which is one Limited sweet net, attacker can not possibly carry out the attack as real network environment, be easier to identify itself Among honey is netted;
2, the limited sweet net of tradition fetching portion can only attack data from limited environment, cannot capture attacker comprehensively Behavioural information.
The technical market demand of network security is huge, has broad prospects, thus develops a kind of new based on true net The honey net of network environment realizes system and method, has greater significance.
Invention content
In view of the above, the technical problem to be solved in the present invention is:The honey net based on real network environment is provided to realize System and method, emphasis solve the problems, such as to build honey net based on real network environment meet the needs of network security.
In order to solve the above technical problems, the present invention adopts the following technical scheme that:
Sweet net realization system based on real network environment, including sweet wet end administration management module, network area division module, NS software module, dynamic moving generation module and sweet net environment, are provided with one group or more of honey in sweet net environment Net environment;
Circuit is communicated in network area division module, NS software module to the sweet wet end administration management module respectively And dynamic moving generation module, the sweet wet end affix one's name to management module, network area division module, NS software module and The equal circuit of dynamic moving generation module is communicated in sweet net environment.
As being further improved for this programme, the group number of the honey net environment is set as two groups.
As being further improved for this programme, the honey net environment includes virtualized environment and physical machine environment.
The above-described sweet net implementation method based on real network environment, includes the following steps:
Step 1:Initialization system;
Step 2:According to different virtualizations and the sweet net of physical machine structure;
Step 3:Divide sweet net region;
Step 4:The access control rule of network area division is set;
Step 5:The hosted environment for meeting network area division is set;
Step 6:The dynamic environment for meeting network area division is set;
Step 7:Terminate.
As being further improved for this programme, using the sweet net of actual situation combination structure in the step 2, including and It is not limited only to Xen, KVM, VMware, Hyper-V and Docker virtualized environment.
Using above-mentioned technical proposal, sweet net is built by the way of actual situation combination, can be combined with physical machine and entity net Network environment substantially covers current various live networks, host and facility environment.
Sweet net region is divided as being further improved for this programme, in the step 3, including and is not limited only to DMZ Area, the areas OA, internal services area and Core part.
Using above-mentioned technical proposal, honey net is interior including each logical network subregion and access control rule, including and not only It is limited to the sweet net web area such as the areas DMZ, the areas OA, internal services area, Core part to divide, each region has and self zone Identical hosted environment and network environment, allow attacker honey net in experience it is consistent with real network environment.
As being further improved for this programme, the dynamic environment in the step 6 include and be not limited only to host activities, Network activity and equipment adjustment.
Using above-mentioned technical proposal, there is dynamic moving behavior in honey net, including and be not limited only to host activities, network work Dynamic, equipment adjustment etc., and dynamic moving meets the characteristics of current network area divides.
The present invention provides the honey net based on real network environment and realizes system and method, implements the embodiment of the present invention, has Following advantageous effect:
Sweet net is combined with the actual situation that physical machine is combined by virtualization technology, there is live network region division and access The sweet net net of control has and meets the dynamic moving that network area divides feature;Significantly solve previous sweet net environment with The problem of true environment has larger gap and leads to not effectively inveigle attacker for a long time.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is structural schematic diagram in inventive embodiments;
Fig. 2 is method flow schematic diagram in inventive embodiments 2.
Reference sign:1, sweet net environment;2, sweet wet end affixes one's name to management module;3, network area division module;4, network Access control module;5, dynamic moving generation module;101, sweet net environment;1011, virtualized environment;1012, physical machine ring Border.
Specific implementation mode
Embodiment 1
Such as Fig. 1, better embodiment of the present invention provides the sweet net realization system based on real network environment, including sweet net Dispose management module 2, network area division module 3, NS software module 4, dynamic moving generation module 5 and sweet net ring Border 1 is provided with one group or more of sweet net environment 101 in sweet net environment 1;
Circuit is communicated in network area division module 3, NS software mould to the sweet wet end administration management module 2 respectively Block 4 and dynamic moving generation module 5, the sweet wet end affix one's name to management module 2, network area division module 3, NS software Module 4 and 5 equal circuit of dynamic moving generation module are communicated in sweet net environment 1.
In the present embodiment, the group number of the sweet net environment 101 is set as two groups.
Embodiment 2
Such as Fig. 1 and Fig. 2, the sweet net realization system based on real network environment, including sweet wet end administration management module 2, network Region division module 3, NS software module 4, dynamic moving generation module 5 and sweet net environment 1, in sweet net environment 1 It is provided with one group or more of sweet net environment 101;
Circuit is communicated in network area division module 3, NS software mould to the sweet wet end administration management module 2 respectively Block 4 and dynamic moving generation module 5, the sweet wet end affix one's name to management module 2, network area division module 3, NS software Module 4 and 5 equal circuit of dynamic moving generation module are communicated in sweet net environment 1.
In the present embodiment, the group number of the sweet net environment 101 is set as two groups.
In the present embodiment, the sweet net environment 101 includes virtualized environment 1011 and physical machine environment 1012.
The above-described sweet net implementation method based on real network environment, includes the following steps:
Step 1:Initialization system;
Step 2:According to different virtualizations and the sweet net of physical machine structure;
Step 3:Divide sweet net region;
Step 4:The access control rule of network area division is set;
Step 5:The hosted environment for meeting network area division is set;
Step 6:The dynamic environment for meeting network area division is set;
Step 7:Terminate.
In the present embodiment, it using the sweet net of actual situation combination structure in the step 2, including and is not limited only to Xen, KVM, VMware, Hyper-V and Docker virtualized environment 1011.
Using above-mentioned technical proposal, sweet net is built by the way of actual situation combination, can be combined with physical machine and entity net Network environment substantially covers current various live networks, host and facility environment.
In the present embodiment, sweet net region is divided in the step 3, including and is not limited only to the areas DMZ, the areas OA, inside Service area and Core part.
Using above-mentioned technical proposal, honey net is interior including each logical network subregion and access control rule, including and not only It is limited to the sweet net web area such as the areas DMZ, the areas OA, internal services area, Core part to divide, each region has and self zone Identical hosted environment and network environment, allow attacker honey net in experience it is consistent with real network environment.
In the present embodiment, the dynamic environment in the step 6 include and be not limited only to host activities, network activity and Equipment adjusts.
Using above-mentioned technical proposal, there is dynamic moving behavior in honey net, including and be not limited only to host activities, network work Dynamic, equipment adjustment etc., and dynamic moving meets the characteristics of current network area divides.
The present invention provides the honey net based on real network environment and realizes system and method, implements the embodiment of the present invention, has Following advantageous effect:
Sweet net is combined with the actual situation that physical machine is combined by virtualization technology, there is live network region division and access The sweet net net of control has and meets the dynamic moving that network area divides feature;Significantly solve previous sweet net environment 1 with The problem of true environment has larger gap and leads to not effectively inveigle attacker for a long time.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any The change or replacement expected without creative work, should be covered by the protection scope of the present invention.

Claims (7)

1. the sweet net realization system based on real network environment, it is characterised in that:Including sweet wet end administration management module, network area Division module, NS software module, dynamic moving generation module and sweet net environment, one group is provided in sweet net environment Above sweet net environment;
Circuit is communicated in network area division module, NS software module and moves the sweet wet end administration management module respectively State activity generation module, the sweet wet end affix one's name to management module, network area division module, NS software module and dynamic The movable equal circuit of generation module is communicated in sweet net environment.
2. the sweet net realization system based on real network environment as described in claim 1, it is characterised in that:The honey net The group number of environment is set as two groups.
3. the sweet net realization system based on real network environment as described in claims 1 or 2, it is characterised in that:The honey Net environment includes virtualized environment and physical machine environment.
4. the sweet net implementation method based on real network environment, which is characterized in that include the following steps:
Step 1:Initialization system;
Step 2:According to different virtualizations and the sweet net of physical machine structure;
Step 3:Divide sweet net region;
Step 4:The access control rule of network area division is set;
Step 5:The hosted environment for meeting network area division is set;
Step 6:The dynamic environment for meeting network area division is set;
Step 7:Terminate.
5. the sweet net implementation method based on real network environment as described in claim 4, it is characterised in that:The step 2 The middle sweet net built using actual situation combination, including and to be not limited only to Xen, KVM, VMware, Hyper-V and Docker virtual Change environment.
6. the sweet net implementation method based on real network environment as described in claim 4, it is characterised in that:The step 3 Middle division sweet net region, including and it is not limited only to the areas DMZ, the areas OA, internal services area and Core part.
7. the sweet net implementation method based on real network environment as described in claim 4, it is characterised in that:The step 6 In dynamic environment include and be not limited only to host activities, network activity and equipment adjustment.
CN201711453522.7A 2017-12-28 2017-12-28 Honey net based on real network environment realizes system and method Pending CN108306860A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711453522.7A CN108306860A (en) 2017-12-28 2017-12-28 Honey net based on real network environment realizes system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711453522.7A CN108306860A (en) 2017-12-28 2017-12-28 Honey net based on real network environment realizes system and method

Publications (1)

Publication Number Publication Date
CN108306860A true CN108306860A (en) 2018-07-20

Family

ID=62867991

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711453522.7A Pending CN108306860A (en) 2017-12-28 2017-12-28 Honey net based on real network environment realizes system and method

Country Status (1)

Country Link
CN (1) CN108306860A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112152994A (en) * 2020-08-19 2020-12-29 广州锦行网络科技有限公司 Method for realizing dynamic expansion and contraction capacity of honey net
CN113259164A (en) * 2021-05-18 2021-08-13 广州锦行网络科技有限公司 Method for realizing virtual-real networking based on virtual routing system construction

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060101516A1 (en) * 2004-10-12 2006-05-11 Sushanthan Sudaharan Honeynet farms as an early warning system for production networks
CN101087196A (en) * 2006-12-27 2007-12-12 北京大学 Multi-layer honey network data transmission method and system
US20080320594A1 (en) * 2007-03-19 2008-12-25 Xuxian Jiang Malware Detector

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060101516A1 (en) * 2004-10-12 2006-05-11 Sushanthan Sudaharan Honeynet farms as an early warning system for production networks
CN101087196A (en) * 2006-12-27 2007-12-12 北京大学 Multi-layer honey network data transmission method and system
US20080320594A1 (en) * 2007-03-19 2008-12-25 Xuxian Jiang Malware Detector

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
马莉波等: ""蜜罐部署分析"", 《大连理工大学学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112152994A (en) * 2020-08-19 2020-12-29 广州锦行网络科技有限公司 Method for realizing dynamic expansion and contraction capacity of honey net
CN113259164A (en) * 2021-05-18 2021-08-13 广州锦行网络科技有限公司 Method for realizing virtual-real networking based on virtual routing system construction
CN113259164B (en) * 2021-05-18 2022-03-22 广州锦行网络科技有限公司 Method for realizing virtual-real networking based on virtual routing system construction

Similar Documents

Publication Publication Date Title
Alam et al. Autonomic computation offloading in mobile edge for IoT applications
US10986139B2 (en) Micro-segmentation in virtualized computing environments
CN104811335B (en) A kind of method that realizing network target range system and network target range management system
CN103067380B (en) A kind of deployment configuration method and system of virtual secure equipment
CN105376133A (en) Network experiment system based on virtualization technology and construction method
CN102843387B (en) Cloud computing safety control platform based on safety classification
EP2776925B1 (en) Dynamic policy based interface configuration for virtualized environments
US20210044503A1 (en) Oversubscribable resource allocation
CN102255903A (en) Safety isolation method for virtual network and physical network of cloud computing
CN108306860A (en) Honey net based on real network environment realizes system and method
CN103973578A (en) Virtual machine traffic redirection method and device
CN104468574A (en) Dynamic IP address acquisition method, system and device for virtual machines
CN108156153B (en) Distributed security domain-based differential section protection method
CN104580120A (en) On-demand-service virtualization network intrusion detection method and device
Bellavista et al. Virtual network function embedding in real cloud environments
CN108199871A (en) System and method is realized in dynamic honey net environment deployment based on virtualization technology
CN103138990A (en) Virtual machine management method under cloud computing network and cloud computing network management device
EP4311367A2 (en) Session management in a forwarding plane
CN104767741A (en) Calculation service separating and safety protecting system based on light virtual machine
CN103581325A (en) Cloud computing resource pool system and implement method thereof
DE112018007780T5 (en) TRANSPARENT ENCRYPTION
CN104363306A (en) Private cloud management control method for enterprise
JP2017062827A (en) System and method for multimedia multi-party peering (m2p2)
Chen et al. Allocating bandwidth in datacenter networks: A survey
Benali et al. Evaluation of traffic-aware VM placement policies in distributed cloud using cloudsim

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180720

RJ01 Rejection of invention patent application after publication