Design of distributed honeypot system based on clustering and data shunting algorithm

doi:10.3724/SP.J.1087.2013.01077

Journal of Computer Applications ›› 2013, Vol. 33 ›› Issue (04): 1077-1080.DOI: 10.3724/SP.J.1087.2013.01077

• Information security • Previous Articles Next Articles

Design of distributed honeypot system based on clustering and data shunting algorithm

BAI Qing¹,SU Yang²

1. Department of Electronic Technology, Engineering University of Chinese Armed Police Force, Xi'an Shaanxi 710086, China
2. Institute of Network and Information Security, Engineering University of Chinese Armed Police Force, Xi'an Shaanxi 710086, China

Received:2012-10-26 Revised:2012-12-05 Online:2013-04-01 Published:2013-04-23
Contact: BAI Qing

基于聚类分流算法的分布式蜜罐系统设计

柏青¹,苏旸²

1. 武警工程大学电子技术系, 西安 710086
2. 武警工程大学网络与信息安全研究所，西安 710086

通讯作者: 柏青
作者简介:柏青(1988-)，男，陕西宝鸡人，硕士研究生，主要研究方向：网络与信息安全；苏旸(1975-)，男，河南三门峡人，教授，博士，主要研究方向：网络与信息安全、密码学。
基金资助:
中央高校基本科研业务费专项基金资助项目(GK201001002);陕西省自然科学基础研究计划项目(2012JM8014)

Abstract

Abstract: Concerning the lack of activity, the low speed and accuracy of recognizing attacks of the current network security defense system, this paper proposed a distributed honeypot system. During the process of clustering, an improved clustering center selection algorithm was used to cluster the data of the network in a fuzzy way, so as to divide the unclassified data into the honeypot to learn their features. Then a new type of attack can be detected as soon as possible. This design can not only lighten the supervising and recording pressure of honeypots, lower the broken rate of the honeypot, but also help us adopt more effective defense strategy. This system can be used in the private networks of some government. The clustering algorithm used in this paper has a higher rate of success than the average clustering algorithm without increasing the amount of computations of the system obviously.

Key words: honeypot, clustering algorithm, initial clustering center, data shunting, private network

摘要： 针对现有的网络安全防御系统主动性不足，对未知类型网络数据的判断速度慢、准确性不高的缺陷，设计了一种应用聚类算法对未知类型数据进行聚类分流的分布式蜜罐系统。在聚类过程中，采用一种改进的聚类中心选择算法，对未知类型网络数据进行模糊聚类，将聚类失败的数据分流到蜜罐中进行特征学习，从而尽早地发现新的攻击类型，减轻蜜罐的监控和记录压力，降低蜜罐被攻破的概率，有利于防御时采用更为有效的防御策略。此系统应用在政府某部门的专网中，实验结果验证了在不明显增加系统计算量的情况下，该聚类算法比平均值聚类算法有更高的聚类成功率。

关键词: 蜜罐, 聚类算法, 初始类中心, 数据分流, 专网

CLC Number:

TP393.08

BAI Qing SU Yang. Design of distributed honeypot system based on clustering and data shunting algorithm[J]. Journal of Computer Applications, 2013, 33(04): 1077-1080.

柏青苏旸. 基于聚类分流算法的分布式蜜罐系统设计[J]. 计算机应用, 2013, 33(04): 1077-1080.

[1]	WANG Jiarui, TAN Guoping, ZHOU Siyuan. Clustered wireless federated learning algorithm in high-speed internet of vehicles scenes [J]. Journal of Computer Applications, 2021, 41(6): 1546-1550.
[2]	HU Runyan, LI Cuiran. Clustering algorithm of energy harvesting wireless sensor network based on fuzzy control [J]. Journal of Computer Applications, 2020, 40(9): 2691-2697.
[3]	ZHAO Guoxin, DING Ruofan, YOU Jianzhou, LYU Shichao, PENG Feng, LI Fei, SUN Limin. Design and implementation of high-interaction programmable logic controller honeypot system based on industrial control business simulation [J]. Journal of Computer Applications, 2020, 40(9): 2650-2656.
[4]	HUANG Xiuli, HUANG Jin, YU Pengfei, MIAO Weiwei, YANG Ruxia, LI Yijing, YU Peng. Security-risk-oriented distributed resource allocation method in power wireless private network [J]. Journal of Computer Applications, 2020, 40(12): 3586-3593.
[5]	HUANG Yongxin, TANG Xuefei. Discovery of functional dependencies in university data based on affinity propagation clustering and TANE algorithms [J]. Journal of Computer Applications, 2020, 40(1): 90-95.
[6]	MAO Yimin, LIU Yinping, LIANG Tian, MAO Dinghui. Functional module mining in uncertain protein-protein interaction network based on fuzzy spectral clustering [J]. Journal of Computer Applications, 2019, 39(4): 1032-1040.
[7]	DING Cheng, WANG Qiuping, WANG Xiaofeng. Krill herd algorithm based on generalized opposition-based learning and its application in data clustering [J]. Journal of Computer Applications, 2019, 39(2): 336-342.
[8]	LIU Xiaoming, SHEN Mingyu, HOU Zhengfeng. Firefly fuzzy clustering algorithm based on Levy flight [J]. Journal of Computer Applications, 2019, 39(11): 3257-3262.
[9]	YE Shuang, YANG Xiaomin, YAN Bin'yu. Image super-resolution algorithm based on adaptive anchored neighborhood regression [J]. Journal of Computer Applications, 2019, 39(10): 3040-3045.
[10]	QIU Baozhi, CHENG Luan. Parameter-free clustering algorithm based on Laplace centrality and density peaks [J]. Journal of Computer Applications, 2018, 38(9): 2511-2514.
[11]	SHAO Lun, ZHOU Xinzhi, ZHAO Chengping, ZHANG Xu. Improved K-means clustering algorithm based on multi-dimensional grid space [J]. Journal of Computer Applications, 2018, 38(10): 2850-2855.
[12]	HOU Haiyao, QIAN Yurong, YING Changtian, ZHANG Han, LU Xueyuan, ZHAO Yi. Spatio-temporal query algorithm based on Hilbert-R tree hierarchical index [J]. Journal of Computer Applications, 2018, 38(10): 2869-2874.
[13]	WANG Hong, GE Lina, WANG Suqing, WANG Liying, ZHANG Yipeng, LIANG Juncheng. Improvement of differential privacy protection algorithm based on OPTICS clustering [J]. Journal of Computer Applications, 2018, 38(1): 73-78.
[14]	WANG Rihong, CUI Xingmei. K-means clustering algorithm based on cluster degree and distance equilibrium optimization [J]. Journal of Computer Applications, 2018, 38(1): 104-109.
[15]	LI Yan, LIU Hong, ZHENG Xiangwei. Application of binary clustering algorithm to crowd evacuation simulation based on social force [J]. Journal of Computer Applications, 2017, 37(5): 1491-1495.

Design of distributed honeypot system based on clustering and data shunting algorithm

基于聚类分流算法的分布式蜜罐系统设计

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics