CN108306860A - Honey net based on real network environment realizes system and method - Google Patents
Honey net based on real network environment realizes system and method Download PDFInfo
- Publication number
- CN108306860A CN108306860A CN201711453522.7A CN201711453522A CN108306860A CN 108306860 A CN108306860 A CN 108306860A CN 201711453522 A CN201711453522 A CN 201711453522A CN 108306860 A CN108306860 A CN 108306860A
- Authority
- CN
- China
- Prior art keywords
- environment
- sweet
- net
- sweet net
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the sweet net realization systems based on real network environment, including sweet wet end administration management module, network area division module, NS software module, dynamic moving generation module and sweet net environment, one group or more of sweet net environment is provided in sweet net environment;The honey net environment includes virtualized environment and physical machine environment.Sweet net, the sweet net net with live network region division and access control is combined to have and meet the dynamic moving that network area divides feature with the actual situation that physical machine is combined by virtualization technology;Significantly solving previous sweet net environment has larger gap with true environment and leads to not effectively inveigle attacker's problem for a long time.
Description
Technical field
The present invention relates to a kind of sweet net realization systems, are based especially on sweet net realization system and the side of real network environment
Method belongs to technical field of network security.
Background technology
Information sharing that the inherent open, interactivity in internet and dispersed feature make the mankind be longed for, opening,
The demands such as flexibly and quick are met.Network environment is that information sharing, information interchange, information service create ideal space,
The rapid development and extensive use of network technology provide huge motive force for mankind's social progress.However, just because of mutual
The above-mentioned characteristic of networking, produces many safety problems.
Traditional honey net is often realized by the way of analog service and network, sandbox or limited virtualization, in this honey
In net environment, attacker can not effectively show real attack, it is also possible to have soon found that it is among honey net, it is difficult to long
Time effectively inveigles attacker, needs to realize more effective trick using the sweet net built based on real network environment and attract
The purpose of attacker.
In existing sweet network technology, there are following significant drawbacks:
1, sweet net is built by the way of the service of simulation and network, sandbox or limited virtualization, which is one
Limited sweet net, attacker can not possibly carry out the attack as real network environment, be easier to identify itself
Among honey is netted;
2, the limited sweet net of tradition fetching portion can only attack data from limited environment, cannot capture attacker comprehensively
Behavioural information.
The technical market demand of network security is huge, has broad prospects, thus develops a kind of new based on true net
The honey net of network environment realizes system and method, has greater significance.
Invention content
In view of the above, the technical problem to be solved in the present invention is:The honey net based on real network environment is provided to realize
System and method, emphasis solve the problems, such as to build honey net based on real network environment meet the needs of network security.
In order to solve the above technical problems, the present invention adopts the following technical scheme that:
Sweet net realization system based on real network environment, including sweet wet end administration management module, network area division module,
NS software module, dynamic moving generation module and sweet net environment, are provided with one group or more of honey in sweet net environment
Net environment;
Circuit is communicated in network area division module, NS software module to the sweet wet end administration management module respectively
And dynamic moving generation module, the sweet wet end affix one's name to management module, network area division module, NS software module and
The equal circuit of dynamic moving generation module is communicated in sweet net environment.
As being further improved for this programme, the group number of the honey net environment is set as two groups.
As being further improved for this programme, the honey net environment includes virtualized environment and physical machine environment.
The above-described sweet net implementation method based on real network environment, includes the following steps:
Step 1:Initialization system;
Step 2:According to different virtualizations and the sweet net of physical machine structure;
Step 3:Divide sweet net region;
Step 4:The access control rule of network area division is set;
Step 5:The hosted environment for meeting network area division is set;
Step 6:The dynamic environment for meeting network area division is set;
Step 7:Terminate.
As being further improved for this programme, using the sweet net of actual situation combination structure in the step 2, including and
It is not limited only to Xen, KVM, VMware, Hyper-V and Docker virtualized environment.
Using above-mentioned technical proposal, sweet net is built by the way of actual situation combination, can be combined with physical machine and entity net
Network environment substantially covers current various live networks, host and facility environment.
Sweet net region is divided as being further improved for this programme, in the step 3, including and is not limited only to DMZ
Area, the areas OA, internal services area and Core part.
Using above-mentioned technical proposal, honey net is interior including each logical network subregion and access control rule, including and not only
It is limited to the sweet net web area such as the areas DMZ, the areas OA, internal services area, Core part to divide, each region has and self zone
Identical hosted environment and network environment, allow attacker honey net in experience it is consistent with real network environment.
As being further improved for this programme, the dynamic environment in the step 6 include and be not limited only to host activities,
Network activity and equipment adjustment.
Using above-mentioned technical proposal, there is dynamic moving behavior in honey net, including and be not limited only to host activities, network work
Dynamic, equipment adjustment etc., and dynamic moving meets the characteristics of current network area divides.
The present invention provides the honey net based on real network environment and realizes system and method, implements the embodiment of the present invention, has
Following advantageous effect:
Sweet net is combined with the actual situation that physical machine is combined by virtualization technology, there is live network region division and access
The sweet net net of control has and meets the dynamic moving that network area divides feature;Significantly solve previous sweet net environment with
The problem of true environment has larger gap and leads to not effectively inveigle attacker for a long time.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is structural schematic diagram in inventive embodiments;
Fig. 2 is method flow schematic diagram in inventive embodiments 2.
Reference sign:1, sweet net environment;2, sweet wet end affixes one's name to management module;3, network area division module;4, network
Access control module;5, dynamic moving generation module;101, sweet net environment;1011, virtualized environment;1012, physical machine ring
Border.
Specific implementation mode
Embodiment 1
Such as Fig. 1, better embodiment of the present invention provides the sweet net realization system based on real network environment, including sweet net
Dispose management module 2, network area division module 3, NS software module 4, dynamic moving generation module 5 and sweet net ring
Border 1 is provided with one group or more of sweet net environment 101 in sweet net environment 1;
Circuit is communicated in network area division module 3, NS software mould to the sweet wet end administration management module 2 respectively
Block 4 and dynamic moving generation module 5, the sweet wet end affix one's name to management module 2, network area division module 3, NS software
Module 4 and 5 equal circuit of dynamic moving generation module are communicated in sweet net environment 1.
In the present embodiment, the group number of the sweet net environment 101 is set as two groups.
Embodiment 2
Such as Fig. 1 and Fig. 2, the sweet net realization system based on real network environment, including sweet wet end administration management module 2, network
Region division module 3, NS software module 4, dynamic moving generation module 5 and sweet net environment 1, in sweet net environment 1
It is provided with one group or more of sweet net environment 101;
Circuit is communicated in network area division module 3, NS software mould to the sweet wet end administration management module 2 respectively
Block 4 and dynamic moving generation module 5, the sweet wet end affix one's name to management module 2, network area division module 3, NS software
Module 4 and 5 equal circuit of dynamic moving generation module are communicated in sweet net environment 1.
In the present embodiment, the group number of the sweet net environment 101 is set as two groups.
In the present embodiment, the sweet net environment 101 includes virtualized environment 1011 and physical machine environment 1012.
The above-described sweet net implementation method based on real network environment, includes the following steps:
Step 1:Initialization system;
Step 2:According to different virtualizations and the sweet net of physical machine structure;
Step 3:Divide sweet net region;
Step 4:The access control rule of network area division is set;
Step 5:The hosted environment for meeting network area division is set;
Step 6:The dynamic environment for meeting network area division is set;
Step 7:Terminate.
In the present embodiment, it using the sweet net of actual situation combination structure in the step 2, including and is not limited only to
Xen, KVM, VMware, Hyper-V and Docker virtualized environment 1011.
Using above-mentioned technical proposal, sweet net is built by the way of actual situation combination, can be combined with physical machine and entity net
Network environment substantially covers current various live networks, host and facility environment.
In the present embodiment, sweet net region is divided in the step 3, including and is not limited only to the areas DMZ, the areas OA, inside
Service area and Core part.
Using above-mentioned technical proposal, honey net is interior including each logical network subregion and access control rule, including and not only
It is limited to the sweet net web area such as the areas DMZ, the areas OA, internal services area, Core part to divide, each region has and self zone
Identical hosted environment and network environment, allow attacker honey net in experience it is consistent with real network environment.
In the present embodiment, the dynamic environment in the step 6 include and be not limited only to host activities, network activity and
Equipment adjusts.
Using above-mentioned technical proposal, there is dynamic moving behavior in honey net, including and be not limited only to host activities, network work
Dynamic, equipment adjustment etc., and dynamic moving meets the characteristics of current network area divides.
The present invention provides the honey net based on real network environment and realizes system and method, implements the embodiment of the present invention, has
Following advantageous effect:
Sweet net is combined with the actual situation that physical machine is combined by virtualization technology, there is live network region division and access
The sweet net net of control has and meets the dynamic moving that network area divides feature;Significantly solve previous sweet net environment 1 with
The problem of true environment has larger gap and leads to not effectively inveigle attacker for a long time.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
The change or replacement expected without creative work, should be covered by the protection scope of the present invention.
Claims (7)
1. the sweet net realization system based on real network environment, it is characterised in that:Including sweet wet end administration management module, network area
Division module, NS software module, dynamic moving generation module and sweet net environment, one group is provided in sweet net environment
Above sweet net environment;
Circuit is communicated in network area division module, NS software module and moves the sweet wet end administration management module respectively
State activity generation module, the sweet wet end affix one's name to management module, network area division module, NS software module and dynamic
The movable equal circuit of generation module is communicated in sweet net environment.
2. the sweet net realization system based on real network environment as described in claim 1, it is characterised in that:The honey net
The group number of environment is set as two groups.
3. the sweet net realization system based on real network environment as described in claims 1 or 2, it is characterised in that:The honey
Net environment includes virtualized environment and physical machine environment.
4. the sweet net implementation method based on real network environment, which is characterized in that include the following steps:
Step 1:Initialization system;
Step 2:According to different virtualizations and the sweet net of physical machine structure;
Step 3:Divide sweet net region;
Step 4:The access control rule of network area division is set;
Step 5:The hosted environment for meeting network area division is set;
Step 6:The dynamic environment for meeting network area division is set;
Step 7:Terminate.
5. the sweet net implementation method based on real network environment as described in claim 4, it is characterised in that:The step 2
The middle sweet net built using actual situation combination, including and to be not limited only to Xen, KVM, VMware, Hyper-V and Docker virtual
Change environment.
6. the sweet net implementation method based on real network environment as described in claim 4, it is characterised in that:The step 3
Middle division sweet net region, including and it is not limited only to the areas DMZ, the areas OA, internal services area and Core part.
7. the sweet net implementation method based on real network environment as described in claim 4, it is characterised in that:The step 6
In dynamic environment include and be not limited only to host activities, network activity and equipment adjustment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711453522.7A CN108306860A (en) | 2017-12-28 | 2017-12-28 | Honey net based on real network environment realizes system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711453522.7A CN108306860A (en) | 2017-12-28 | 2017-12-28 | Honey net based on real network environment realizes system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108306860A true CN108306860A (en) | 2018-07-20 |
Family
ID=62867991
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711453522.7A Pending CN108306860A (en) | 2017-12-28 | 2017-12-28 | Honey net based on real network environment realizes system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108306860A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112152994A (en) * | 2020-08-19 | 2020-12-29 | 广州锦行网络科技有限公司 | Method for realizing dynamic expansion and contraction capacity of honey net |
CN113259164A (en) * | 2021-05-18 | 2021-08-13 | 广州锦行网络科技有限公司 | Method for realizing virtual-real networking based on virtual routing system construction |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060101516A1 (en) * | 2004-10-12 | 2006-05-11 | Sushanthan Sudaharan | Honeynet farms as an early warning system for production networks |
CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
US20080320594A1 (en) * | 2007-03-19 | 2008-12-25 | Xuxian Jiang | Malware Detector |
-
2017
- 2017-12-28 CN CN201711453522.7A patent/CN108306860A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060101516A1 (en) * | 2004-10-12 | 2006-05-11 | Sushanthan Sudaharan | Honeynet farms as an early warning system for production networks |
CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
US20080320594A1 (en) * | 2007-03-19 | 2008-12-25 | Xuxian Jiang | Malware Detector |
Non-Patent Citations (1)
Title |
---|
马莉波等: ""蜜罐部署分析"", 《大连理工大学学报》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112152994A (en) * | 2020-08-19 | 2020-12-29 | 广州锦行网络科技有限公司 | Method for realizing dynamic expansion and contraction capacity of honey net |
CN113259164A (en) * | 2021-05-18 | 2021-08-13 | 广州锦行网络科技有限公司 | Method for realizing virtual-real networking based on virtual routing system construction |
CN113259164B (en) * | 2021-05-18 | 2022-03-22 | 广州锦行网络科技有限公司 | Method for realizing virtual-real networking based on virtual routing system construction |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Alam et al. | Autonomic computation offloading in mobile edge for IoT applications | |
US10986139B2 (en) | Micro-segmentation in virtualized computing environments | |
CN104811335B (en) | A kind of method that realizing network target range system and network target range management system | |
CN103067380B (en) | A kind of deployment configuration method and system of virtual secure equipment | |
CN105376133A (en) | Network experiment system based on virtualization technology and construction method | |
CN102843387B (en) | Cloud computing safety control platform based on safety classification | |
EP2776925B1 (en) | Dynamic policy based interface configuration for virtualized environments | |
US20210044503A1 (en) | Oversubscribable resource allocation | |
CN102255903A (en) | Safety isolation method for virtual network and physical network of cloud computing | |
CN108306860A (en) | Honey net based on real network environment realizes system and method | |
CN103973578A (en) | Virtual machine traffic redirection method and device | |
CN104468574A (en) | Dynamic IP address acquisition method, system and device for virtual machines | |
CN108156153B (en) | Distributed security domain-based differential section protection method | |
CN104580120A (en) | On-demand-service virtualization network intrusion detection method and device | |
Bellavista et al. | Virtual network function embedding in real cloud environments | |
CN108199871A (en) | System and method is realized in dynamic honey net environment deployment based on virtualization technology | |
CN103138990A (en) | Virtual machine management method under cloud computing network and cloud computing network management device | |
EP4311367A2 (en) | Session management in a forwarding plane | |
CN104767741A (en) | Calculation service separating and safety protecting system based on light virtual machine | |
CN103581325A (en) | Cloud computing resource pool system and implement method thereof | |
DE112018007780T5 (en) | TRANSPARENT ENCRYPTION | |
CN104363306A (en) | Private cloud management control method for enterprise | |
JP2017062827A (en) | System and method for multimedia multi-party peering (m2p2) | |
Chen et al. | Allocating bandwidth in datacenter networks: A survey | |
Benali et al. | Evaluation of traffic-aware VM placement policies in distributed cloud using cloudsim |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180720 |
|
RJ01 | Rejection of invention patent application after publication |