[1]李鑫.NetGuardian智能网络切换与威胁诱捕主动防御系统设计实践[J].成都信息工程大学学报,2025,40(06):745-752.[doi:10.16836/j.cnki.jcuit.2025.06.001]
　LI Xin.Practice on Design of NetGuardian Intelligent Network Switching Threat Trap and Active Defense System[J].Journal of Chengdu University of Information Technology,2025,40(06):745-752.[doi:10.16836/j.cnki.jcuit.2025.06.001]

点击复制

NetGuardian智能网络切换与威胁诱捕主动防御系统设计实践

成都信息工程大学学报[ISSN:1006-6977/CN:61-1281/TN] 卷: 40 期数: 2025年06期页码: 745-752 栏目: 电子信息科学与技术出版日期: 2025-12-31

Title:: Practice on Design of NetGuardian Intelligent Network Switching Threat Trap and Active Defense System

文章编号:: 2096-1618(2025)06-0745-08

作者:: 李鑫; (中国民用航空西南地区空中交通管理局云南分局,云南昆明 650200)

Author(s):: LI Xin; (Yunnan Sub-Bureau of Southwest Regional Air Traffic Management Bureau of CAAC, Kunming 650200, China)

关键词:: 网络隔离切换; 主动防御系统; 网络威胁诱捕; 蜜罐技术

Keywords:: network isolation and switching; proactive defense system; network threat entrapment; honeypot technology

分类号:: TP309.1

DOI:: 10.16836/j.cnki.jcuit.2025.06.001

文献标志码:: A

摘要:: 提出一种基于硬件级的智能网络切换与威胁诱捕主动防御系统。该系统整合自主研发的以太网物理切换设备、多维度威胁检测监控分析单元和高交互蜜罐环境,通过物理链路动态隔离与流量分析机制,实现了攻击流量的实时诱捕与深度分析。系统采用“检测—阻断—分析—取证”的四阶段协同防御模型,重点针对端口扫描,SSH协议暴力破解和DDoS泛洪攻击等典型网络威胁,设计了基于流量特征与行为模式的动态响应防御机制。实验结果表明,该系统可有效实现恶意流量的物理层隔离与主动防御,显著提升网络攻击的防御水平和响应效率。

Abstract:: This paper proposes an intelligent, hardware-level network switching and threat entrapment system for proactive defense. The system integrates a proprietary Ethernet physical switching device,a multi-dimensional threat detection and analysis unit, and a high-interaction honeypot environment. Through a dynamic physical link isolation and intelligent traffic scheduling mechanism, it achieves real-time entrapment and in-depth analysis of malicious traffic. The system employs a four-stage collaborative defense model: Detect, Block,Analyze, and Forensicate. It specifically targets typical network threats such as port scanning, SSH brute-force attacks, and DDoS flooding attacks, for which it has designed a dynamic response and defense mechanism based on traffic features and behavioral patterns. Experimental results demonstrate that the system can effectively achieve physical-layer isolation and proactive defense against malicious traffic, significantly enhancing the level of network protection and response efficiency.

参考文献/References:

[1] 立创商城.多路复用器TS3L501ERUAR规格书[EB/OL]. https://www.ti.com/cn/lit/ds/symlink/ts3l501e.pdf,2025.
[2] Johnstons.网络流量分析系统详解[EB/OL]. https://blog.csdn.net/Johnstons/article/details/13 9271755.2024-05-28.
[3] 数安时代.蜜罐的定义与工作原理[EB/OL]. https://m.163.com/dy/article/JI64M2UQ0511L2E2. html,2024-11-29.
[4] Chris Sander.Wireshark数据包分析实战[M].诸葛建伟,陈霖,许伟林,译.北京:人民邮电出版社,2013:53-122.
[5] Zhange H,Liu G Y,Shi X G,et al.Achieving High-Speed and Robust Encrypted Traffic Anomaly Detection with Programmable Switches[C].Proceedings of the ACM SIGCOMM 2025 Conference.S(～overa)o Francisco: ACM,2025: 1254-1256.
[6] 明日科技.Python Web开发从入门到精通[M].北京:清华大学出版社,2021: 134-198.
[7] 北京微步在线科技有限公司.快速了解HFish[EB/OL]. https://hfish.net/#/README,2025-05-10.
[8] GB/T 20275-2021,信息安全技术网络入侵检测系统技术要求和测试评价方法[S].北京:中国标准出版社,2021.
[9] GB/T 20278-2022,信息安全技术网络脆弱性扫描产品安全技术要求和测试评价方法[S].北京:中国标准出版社,2022.

备注/Memo

收稿日期:2025-06-30
通信作者:李鑫.E-mail:lixingdjy@163.com

更新日期/Last Update: 2025-12-01