Abstract
Lightweight virtualization represented by container technology has made continuous progress in the field of virtualization as an effective substitute for Virtual Machine(VM). However, its flexibility also makes the cloud system more dynamic and complex, which intensifies the unpredictable security problems. In this case, the defense mechanisms which use changeless implementation can hardly protect the attack surface in real time in the dynamic cloud system. To solve this problem, we present AHDS, an Automated Honeynet Deployment Strategy for active defense in the container-based cloud, to assess the variation of system structure and optimize the honeynet deployment strategy automatically. In the design of AHDS, we (1) establish an attack graph for formalizing various possible attack events in the container-based cloud system; (2) combine the concept of degree centrality with the attack graph for evaluating and optimizing the process to deploy honeynet; (3) design a framework to automatically generate, deploy and adjust honeynet deployment strategy. The results show that AHDS could reduce the success rate of attacks by 83% in container-based clouds and is flexible and scalable for large-scale implementation.