摘要
随着云计算的普及,大量采用Openstack的私有云出现在现今网络中,同时虚拟机被普遍用于部署公司业务,Openstack上大量虚拟机的安全问题也变得日益严峻。蜜场作为主动安全防御的技术,既能为Openstack上部署的虚拟机带来安全保障,同时能记录下黑客的行为作为反向追踪依据。由于Openstack虚拟化网络与传统物理网络有很大的区别,所以根据Openstack虚拟化网络的特殊性设计出一个新型的蜜场系统。首先将网络攻击流量重定向与虚拟化紧密结合,将异常流量通过虚拟化网络重定向到蜜场中;其次将异常检测系统用于检测流量,增大了业务系统的安全性;最后根据虚拟机灵活配置的特性,设计出动态蜜罐部署系统。实验结果表明,该系统能够有效地检测出异常流量,并将其正确地重定向到蜜场中,同时在蜜场中的蜜罐上记录下黑客的攻击行为用于后续分析。
With the popularization of cloud computing,a large number of private clouds adopting Openstack appear in today’s network.Meanwhile,virtual machines are widely used to deploy company business,so the security of a large number of virtual machines on Openstack is becoming increasingly serious. As an active security defense technology,Honeyfarm can not only provide security for virtual machines deployed on Openstack,but also record the hacker’s behavior as the basis of reverse tracking. Because Openstack virtualized network is quite different from traditional physical network,a new Honeyfarm system is designed according to the particularity of Openstackvirtualized network. Firstly,the network attack traffic redirection is closely combined with virtualization,and abnormal traffic is redirectedto Honeyfarm through virtualized network. Secondly,the abnormal detection system is used to detect the flow,which increases the security of the business system. Finally,the dynamic Honeypot deployment system is designed according to the flexible configuration of thevirtual machine. The experiment shows that the system can detect the abnormal flow effectively and redirect it to the Honeyfarm correctly. Meanwhile,the hacker’s attack behavior is recorded on the Honeypot in the Honeyfarm for subsequent analysis.
作者
焦宏宇
何利文
黄俊
JIAO Hong-yu;HE Li-wen;HUANG Jun(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210046,China)
出处
《计算机技术与发展》
2018年第10期92-96,共5页
Computer Technology and Development
基金
江苏省"六大人才高峰"高层次人才项目(2014-WLW-005)
南京邮电大学引进人才科研启动基金(NY212012)
中兴通讯研究基金(项目批准号-2015外)
