基于聚类分流算法的分布式蜜罐系统设计

针对现有的网络安全防御系统主动性不足，对未知类型网络数据的判断速度慢、准确性不高的缺陷，设计了一种应用聚类算法对未知类型数据进行聚类分流的分布式蜜罐系统。在聚类过程中，采用一种改进的聚类中心选择算法，对未知类型网络数据进行模糊聚类，将聚类失败的数据分流到蜜罐中进行特征学习，从而尽早地发现新的攻击类型，减轻蜜罐的监控和记录压力，降低蜜罐被攻破的概率，有利于防御时采用更为有效的防御策略。此系统应用在政府某部门的专网中，实验结果验证了在不明显增加系统计算量的情况下，该聚类算法比平均值聚类算法有更高的聚类成功率。

Design of distributed honeypot system based on clustering and data shunting algorithm

Concerning the lack of activity, the low speed and accuracy of recognizing attacks of the current network security defense system, this paper proposed a distributed honeypot system. During the process of clustering, an improved clustering center selection algorithm was used to cluster the data of the network in a fuzzy way, so as to divide the unclassified data into the honeypot to learn their features. Then a new type of attack can be detected as soon as possible. This design can not only lighten the supervising and recording pressure of honeypots, lower the broken rate of the honeypot, but also help us adopt more effective defense strategy. This system can be used in the private networks of some government. The clustering algorithm used in this paper has a higher rate of success than the average clustering algorithm without increasing the amount of computations of the system obviously.