CN114615077A - Honeypot-based network access control method, device and equipment - Google Patents
Honeypot-based network access control method, device and equipment Download PDFInfo
- Publication number
- CN114615077A CN114615077A CN202210326379.XA CN202210326379A CN114615077A CN 114615077 A CN114615077 A CN 114615077A CN 202210326379 A CN202210326379 A CN 202210326379A CN 114615077 A CN114615077 A CN 114615077A
- Authority
- CN
- China
- Prior art keywords
- target internet
- honeypot
- access
- equipment
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012795 verification Methods 0.000 claims abstract description 35
- 230000002159 abnormal effect Effects 0.000 claims abstract description 24
- 238000002955 isolation Methods 0.000 claims description 33
- 238000012545 processing Methods 0.000 claims description 6
- 230000006399 behavior Effects 0.000 abstract description 18
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000009471 action Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000005192 partition Methods 0.000 description 3
- 230000004397 blinking Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a honeypot-based network access control method, a honeypot-based network access control device and honeypot-based network access control equipment, which can timely discover abnormal access behaviors in a network access control scene by using a honeypot technology and avoid risks. The method comprises the following steps: firstly connecting target internet equipment, verifying the target internet equipment by using an access control server to obtain a verification result, then setting a port connected with the target internet equipment as an inaccessible internal network and accessible to the isolated area resource when the verification result shows that the target internet equipment is not an internal trusted equipment, judging whether the target internet equipment is connected to a honeypot in the isolated area resource or not when the target internet equipment is accessed to the isolated area resource, if so, judging the access of the target internet equipment as abnormal access, and generating a honeypot alarm.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a honeypot-based network security access control method, apparatus, and device.
Background
Network admission control refers to a control action that enables a network to allow only legitimate, trusted terminal devices to access the network, but not other devices. The network security access is the first guarantee of the security of the enterprise intranet, and security management personnel are concerned about what equipment is accessed to the enterprise intranet, what the equipment is doing, how the security is, whether certain threats are generated, and the equipment needs a network security access control system to make the security good.
The existing technical scheme of the admission control technology at present is only used for ensuring that the identity of a user before accessing the network can be trusted by the network, but when the existing admission control is singly used, the behaviors of illegal access and attempted attack cannot be effectively discovered and blocked. Therefore, how to implement security admission control of a network, and timely discover behaviors of illegal access and attack attempts to avoid confidential information or data from being infringed is an urgent problem to be solved at present.
Disclosure of Invention
The main purpose of the embodiments of the present application is to provide a honeypot-based network security admission control method, apparatus, and device, which can use honeypots to discover abnormal access behaviors in time in a network admission control scenario, thereby avoiding risks.
In a first aspect, an embodiment of the present application provides a honeypot-based network admission control method, including:
connecting a target internet device, and verifying the target internet device by using an access control server to obtain a verification result;
when the verification result shows that the target internet device is not an internal trust device, setting a port connected with the target internet device as an inaccessible internal network and accessible to the resources of the isolation area;
when the target internet-surfing equipment accesses the isolation area resources, judging whether the target internet-surfing equipment is connected to a honeypot in the isolation area resources;
if so, judging the access of the target internet equipment as abnormal access, and generating a honeypot alarm.
Optionally, the method further includes:
and when the verification result shows that the target internet equipment is internal trust equipment, setting a port connected with the target internet equipment as an accessible internal network.
Optionally, after generating the honeypot alarm, the method further includes:
and positioning the switch interface corresponding to the target internet equipment according to the information contained in the honeypot alarm so as to perform corresponding processing according to the positioning result.
Optionally, the abnormal access includes at least one of network segment scanning, port scanning, and vulnerability attack attempt.
In a second aspect, an embodiment of the present application further provides a honeypot-based network admission control apparatus, including:
the verification unit is used for connecting the target internet access equipment and verifying the target internet access equipment by using the access control server to obtain a verification result;
the first setting unit is used for setting a port connected with the target internet device as an inaccessible internal network and accessible to the resources of the isolation area when the verification result shows that the target internet device is not an internal trust device;
the judging unit is used for judging whether the target internet-surfing equipment is connected to a honeypot in the isolation area resource or not when the target internet-surfing equipment accesses the isolation area resource;
and the judging unit is used for judging the access of the target internet device as abnormal access and generating a honeypot alarm if the target internet device is judged to be connected to the honeypot in the isolation area resource.
Optionally, the apparatus further comprises:
and the second setting unit is used for setting the port connected with the target internet device as an accessible internal network when the verification result shows that the target internet device is an internal trust device.
Optionally, the apparatus further comprises:
and the positioning unit is used for positioning the switch interface corresponding to the target internet equipment according to the information contained in the honeypot alarm after the honeypot alarm is generated so as to perform corresponding processing according to the positioning result.
Optionally, the abnormal access includes at least one of network segment scanning, port scanning, and vulnerability attack attempt.
The embodiment of the present application further provides a honeypot-based network admission control device, including: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is configured to store one or more programs, the one or more programs including instructions, which when executed by the processor, cause the processor to perform any one of the implementations of the honeypot based network admission control method described above.
An embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a terminal device, the terminal device is caused to execute any implementation manner of the honeypot-based network admission control method.
According to the honeypot-based network access control method, device and equipment, firstly, target internet equipment is connected, an access control server is used for verifying the target internet equipment to obtain a verification result, then when the verification result shows that the target internet equipment is not internal trusted equipment, a port connected with the target internet equipment is set to be inaccessible to an internal network and can access isolation area resources, then when the target internet equipment accesses the isolation area resources, whether the target internet equipment is connected to honeypots in the isolation area resources is judged, if yes, the access of the target internet equipment is judged to be abnormal access, and honeypot alarm is generated. Therefore, the honeypot can be used for discovering abnormal access behaviors in time under a network access control scene, and risks are avoided.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a honeypot-based network admission control method according to an embodiment of the present application;
fig. 2 is a diagram illustrating an application scenario of honeypot-based network admission control according to an embodiment of the present application;
fig. 3 is an overall flowchart of a honeypot-based network admission control method according to an embodiment of the present application;
fig. 4 is a schematic composition diagram of a honeypot-based network admission control apparatus according to an embodiment of the present application.
Detailed Description
With the continuous development of network technology, the requirements of various aspects such as network controllability, manageability, visualization of network operation conditions, data security during network operation, network robustness, and security of each network element, i.e., each node device in the network, are increasing day by day in different network environments. Therefore, it is necessary to perform network admission control on the device accessing the network, so that only the device having undergone identity authentication can access the network, thereby ensuring the safe operation of the network.
Specifically, in an enterprise, sometimes, an external person enters the enterprise to illegally and privately use a self-contained internet access device to connect an enterprise network, so that huge risks are brought to the enterprise intranet, a large number of enterprises use a security access mechanism, so that a private connection behavior cannot be connected to an internal business network segment of the enterprise through access at the first time, but the illegal external person tries various breakthrough means, so that the enterprise internal network is in a risk potential, once a weak point is found to bypass the security access intranet, so that great influence is caused, therefore, how to timely and effectively discover the illegal connection behavior tried by the illegal external person is necessary, and the enterprise can timely lock the illegal person to stop the illegal behavior is very important.
In order to solve the above-mentioned drawbacks, an embodiment of the present application provides a honeypot-based network admission control method, which includes connecting a target internet access device, verifying the target internet access device by using an admission control server to obtain a verification result, setting a port to which the target internet access device is connected as an inaccessible internal network and accessible to an isolation area resource when the verification result indicates that the target internet access device is not an internal trusted device, determining whether the target internet access device is connected to a honeypot in the isolation area resource when the target internet access device accesses the isolation area resource, and if so, determining that the access of the target internet access device is an abnormal access, and generating a honeypot alarm. Therefore, the honeypot can be used for discovering abnormal access behaviors in time under a network access control scene, and risks are avoided.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
First embodiment
Referring to fig. 1, a schematic flow chart of a honeypot-based network admission control method provided in this embodiment is shown, where the method includes the following steps:
s101: and connecting the target internet equipment, and verifying the target internet equipment by using the access control server to obtain a verification result.
It should be noted that, in order to facilitate explanation of the honeypot-based network admission control method provided by the present application, the present application provides an exemplary diagram of an application scenario as shown in fig. 2, where the application scenario enables an external person in an enterprise network to privately connect a self-contained device to the enterprise network in response to an illegal action, and by executing the honeypot-based network admission control method provided by the present application, discovery and prevention of the illegal action can be achieved. The admission control server, the access switch, the quarantine resources, and the honeypots are included in fig. 2, and the honeypots are located in the quarantine resources.
Wherein, the quarantine resources refer to services that the terminal is allowed to access without passing admission control, and the part of services is independent from the network accessible by admission control.
Honeypots refer to technical means for attracting attackers to attack by deploying some hosts, network services or information as baits, so as to capture and analyze attack behaviors.
In this embodiment, any internet access device that needs to implement admission control by using the present application is defined as a target internet access device, and in order to accurately determine whether the target internet access device is a normal access behavior when connected to a network, the target internet access device (which may be a compliant internal internet access device or an illegal external internet access device) is first connected, and the admission control server shown in fig. 2 is used to check the target internet access device, so as to obtain a check result.
S102: and when the verification result shows that the target internet device is not the internal trust device, setting the port connected with the target internet device as an inaccessible internal network and accessible to the isolation area resources.
In this embodiment, after the target internet access device is connected in step S101 and the access control server is used to verify the target internet access device, and after the verification result is obtained, further, when the verification result indicates that the target internet access device is an internal trusted device, the port connected to the target internet access device may be set to be an accessible internal network, that is, at this time, the target internet access device is a compliant internal internet access device, and after the compliant internal internet access device is connected to the access switch, the access control server performs access verification on the compliant internal internet access device, and after the verification, the switch may set the interface connected to the switch to be an accessible internal network.
And when the verification result shows that the target internet device is not an internal trusted device, the port to which the target internet device is connected may be set as an inaccessible internal network and may access the resources of the isolation area, that is, at this time, the target internet device is an illegal external internet device, and when the illegal external internet device is connected to the access switch, because the illegal external internet device is not an internal trusted device, the access switch cannot pass the access control, and the switch may set the interface to which the illegal external internet device is connected as an inaccessible internal network and may access the resources of the isolation area, so as to determine whether the illegal external internet device is normally accessed by performing the subsequent steps S103-S104.
S103: when the target internet-surfing device accesses the isolation area resource, whether the target internet-surfing device is connected to a honeypot in the isolation area resource is judged.
In this embodiment, after the port to which the target internet access device is connected is set to be inaccessible to the internal network and to access the partition resource in step S102, it may be further determined whether the target internet access device is connected to the honeypot in the partition resource when the target internet access device accesses the partition resource, if so, the subsequent step S104 is performed, and if not, it indicates that the target internet access device is normally accessed.
S104: if so, judging the access of the target internet equipment as abnormal access, and generating a honeypot alarm.
In this embodiment, if it is determined that the target internet access device is connected to the honeypot in the isolated area resource through step S103, the access of the target internet access device may be determined as an abnormal access (including but not limited to at least one of network segment scanning, port scanning, and vulnerability attack attempting behaviors), and a honeypot alarm is generated, and a specific alarm manner may be set according to an actual situation, which is not limited in this embodiment of the present application, for example, the alarm manner may be set to voice broadcasting, text display, or blinking of a warning light, and the like.
Specifically, honeypots are preset in the isolation area resources outside the normal access resources (honeypot technology is mainly used for enabling malicious attackers to invade and attack, so that real network services are hidden through evidence collection, and meanwhile, the malicious attackers are found to provide information support for positioning the attackers), so that the non-malicious normal access isolation area resources are not connected to the honeypots, and honeypot alarms are not generated; and malicious illegal access behaviors, such as network segment scanning, port scanning, attempted vulnerability attack and other abnormal access behaviors can trigger honeypot alarm.
Further, an optional implementation manner is that, after the honeypot alarm is generated, the switch interface corresponding to the target internet access device can be located according to information included in the honeypot alarm, so as to perform corresponding processing according to the obtained location result.
Specifically, in the implementation manner, after the honeypot alarm is generated, the operation and maintenance personnel can find the alarm information from the background alarm system, and can further locate a specific switch interface and locate the currently connected violation external personnel to terminate the violation behavior, so that the risk of the violation personnel trying to attack the isolation area resource repeatedly is avoided.
Thus, by executing the steps S101 to S104, the overall process of honeypot-based network admission control as shown in fig. 3 is realized, and by deploying honeypots in the isolated VLAN of the admission switch, when an illegal external person uses the self-contained internet access device to privately access the admission switch and performs scanning detection, the honeypot is triggered to generate alarm information including the illegally-accessed switch and the port, so that the enterprise monitoring person can conveniently locate the illegal external person in time to terminate the illegal act, and risk occurrence is avoided.
In summary, according to the network admission control method based on honeypots provided by this embodiment, a target internet access device is connected first, and an admission control server is used to verify the target internet access device, so as to obtain a verification result, then, when the verification result indicates that the target internet access device is not an internal trusted device, a port connected to the target internet access device is set as an inaccessible internal network and can access an isolation area resource, and then, when the target internet access device accesses the isolation area resource, it is determined whether the target internet access device is connected to a honeypot in the isolation area resource, and if so, the access of the target internet access device is determined as abnormal access, and a honeypot alarm is generated. Therefore, the honeypot can be used for discovering abnormal access behaviors in time under a network access control scene, and risks are avoided.
Second embodiment
In this embodiment, a honeypot-based network admission control apparatus will be described, and for related contents, reference is made to the above method embodiments.
Referring to fig. 4, a schematic composition diagram of a honeypot-based network admission control apparatus provided in this embodiment is shown, where the apparatus includes:
a verification unit 401, configured to connect to a target internet access device, and verify the target internet access device by using an admission control server to obtain a verification result;
a first setting unit 402, configured to set, when the verification result indicates that the target internet device is not an internal trusted device, a port to which the target internet device is connected as an inaccessible internal network and accessible to an isolation area resource;
a determining unit 403, configured to determine whether the target internet access device is connected to a honeypot in the isolated area resource when the target internet access device accesses the isolated area resource;
the determining unit 404 is configured to determine that the access of the target internet access device is abnormal access and generate a honeypot alarm if it is determined that the target internet access device is connected to a honeypot in the isolated area resource.
In an implementation manner of this embodiment, the apparatus further includes:
and the second setting unit is used for setting the port connected with the target internet device as an accessible internal network when the verification result shows that the target internet device is an internal trust device.
In an implementation manner of this embodiment, the apparatus further includes:
and the positioning unit is used for positioning the switch interface corresponding to the target internet equipment according to the information contained in the honeypot alarm after the honeypot alarm is generated so as to perform corresponding processing according to the positioning result.
In an implementation manner of this embodiment, the abnormal access includes at least one of a network segment scan, a port scan, and an attempted vulnerability attack behavior.
In summary, according to the network admission control apparatus based on the honeypot provided by this embodiment, a target internet access device is connected first, and an admission control server is used to verify the target internet access device, so as to obtain a verification result, then, when the verification result indicates that the target internet access device is not an internal trusted device, a port connected to the target internet access device is set as an inaccessible internal network and can access an isolation area resource, and then, when the target internet access device accesses the isolation area resource, whether the target internet access device is connected to the honeypot in the isolation area resource is determined, if yes, the access of the target internet access device is determined as an abnormal access, and a honeypot alarm is generated. Therefore, the honeypot can be used for discovering abnormal access behaviors in time under a network access control scene, and risks are avoided.
Further, an embodiment of the present application further provides a honeypot-based network admission control device, including: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is configured to store one or more programs, the one or more programs including instructions, which when executed by the processor, cause the processor to perform any of the implementation methods of the honeypot based network admission control method described above.
Further, an embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are run on a terminal device, the terminal device is caused to execute any implementation method of the honeypot-based network admission control method.
As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a media gateway, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A honeypot-based network admission control method is characterized by comprising the following steps:
connecting a target internet device, and verifying the target internet device by using an access control server to obtain a verification result;
when the verification result shows that the target internet device is not an internal trust device, setting a port connected with the target internet device as an inaccessible internal network and accessible to the resources of the isolation area;
when the target internet-surfing equipment accesses the isolation area resources, judging whether the target internet-surfing equipment is connected to a honeypot in the isolation area resources;
if so, judging the access of the target internet equipment as abnormal access, and generating a honeypot alarm.
2. The method of claim 1, further comprising:
and when the verification result shows that the target internet equipment is internal trust equipment, setting a port connected with the target internet equipment as an accessible internal network.
3. The method of claim 1, wherein after generating the honeypot alarm, the method further comprises:
and positioning the switch interface corresponding to the target internet equipment according to the information contained in the honeypot alarm so as to perform corresponding processing according to the positioning result.
4. The method of any of claims 1-3, wherein the abnormal access comprises at least one of a network segment scan, a port scan, and an attempted vulnerability attack.
5. A honeypot-based network admission control device is characterized by comprising:
the verification unit is used for connecting the target internet access equipment and verifying the target internet access equipment by using the access control server to obtain a verification result;
the first setting unit is used for setting a port connected with the target internet device as an inaccessible internal network and accessible to the resources of the isolation area when the verification result shows that the target internet device is not an internal trust device;
a judging unit, configured to judge whether the target internet surfing device is connected to a honeypot in the quarantine resource when the target internet surfing device accesses the quarantine resource;
and the judging unit is used for judging the access of the target internet device as abnormal access and generating a honeypot alarm if the target internet device is judged to be connected to the honeypot in the isolation area resource.
6. The apparatus of claim 5, further comprising:
and the second setting unit is used for setting the port connected with the target internet access device as an accessible internal network when the verification result shows that the target internet access device is an internal trust device.
7. The apparatus of claim 5, further comprising:
and the positioning unit is used for positioning the switch interface corresponding to the target internet equipment according to the information contained in the honeypot alarm after the honeypot alarm is generated so as to perform corresponding processing according to the positioning result.
8. The apparatus of any of claims 5-7, wherein the abnormal access comprises at least one of a network segment scan, a port scan, and an attempted vulnerability attack.
9. A honeypot-based network admission control device, comprising: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is to store one or more programs, the one or more programs comprising instructions, which when executed by the processor, cause the processor to perform the method of any of claims 1-4.
10. A computer-readable storage medium having stored therein instructions that, when executed on a terminal device, cause the terminal device to perform the method of any one of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210326379.XA CN114615077A (en) | 2022-03-30 | 2022-03-30 | Honeypot-based network access control method, device and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210326379.XA CN114615077A (en) | 2022-03-30 | 2022-03-30 | Honeypot-based network access control method, device and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114615077A true CN114615077A (en) | 2022-06-10 |
Family
ID=81867534
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210326379.XA Pending CN114615077A (en) | 2022-03-30 | 2022-03-30 | Honeypot-based network access control method, device and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114615077A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495472A (en) * | 2018-11-19 | 2019-03-19 | 南京邮电大学 | A kind of defence method for intranet and extranet camera configuration weak passwurd loophole |
CN109698819A (en) * | 2018-11-19 | 2019-04-30 | 中国科学院信息工程研究所 | Threat disposition management method and system in a kind of network |
CN112367315A (en) * | 2020-11-03 | 2021-02-12 | 浙江大学 | Endogenous safe WAF honeypot deployment method |
CN112637150A (en) * | 2020-12-10 | 2021-04-09 | 广东睿江云计算股份有限公司 | Honey pot analysis method and system based on nginx |
US20210152598A1 (en) * | 2019-11-18 | 2021-05-20 | F5 Networks, Inc. | Network application firewall |
CN113660282A (en) * | 2021-08-23 | 2021-11-16 | 公安部第三研究所 | Lesox virus defense method and system based on trusted computing and related equipment |
-
2022
- 2022-03-30 CN CN202210326379.XA patent/CN114615077A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495472A (en) * | 2018-11-19 | 2019-03-19 | 南京邮电大学 | A kind of defence method for intranet and extranet camera configuration weak passwurd loophole |
CN109698819A (en) * | 2018-11-19 | 2019-04-30 | 中国科学院信息工程研究所 | Threat disposition management method and system in a kind of network |
US20210152598A1 (en) * | 2019-11-18 | 2021-05-20 | F5 Networks, Inc. | Network application firewall |
CN112367315A (en) * | 2020-11-03 | 2021-02-12 | 浙江大学 | Endogenous safe WAF honeypot deployment method |
CN112637150A (en) * | 2020-12-10 | 2021-04-09 | 广东睿江云计算股份有限公司 | Honey pot analysis method and system based on nginx |
CN113660282A (en) * | 2021-08-23 | 2021-11-16 | 公安部第三研究所 | Lesox virus defense method and system based on trusted computing and related equipment |
Non-Patent Citations (1)
Title |
---|
李秀峰;: "高校计算机类实验室网络安全防范机制", 长治学院学报, no. 05, 15 October 2015 (2015-10-15), pages 56 - 58 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10587647B1 (en) | Technique for malware detection capability comparison of network security devices | |
Amara et al. | Cloud computing security threats and attacks with their mitigation techniques | |
JP6334069B2 (en) | System and method for accuracy assurance of detection of malicious code | |
US10893059B1 (en) | Verification and enhancement using detection systems located at the network periphery and endpoint devices | |
US10834115B2 (en) | Methods and systems for providing security for page framing | |
US9325725B2 (en) | Automated deployment of protection agents to devices connected to a distributed computer network | |
US9251343B1 (en) | Detecting bootkits resident on compromised computers | |
EP4027604A1 (en) | Security vulnerability defense method and device | |
US8171544B2 (en) | Method and system for preventing, auditing and trending unauthorized traffic in network systems | |
JP5518865B2 (en) | Protecting virtual guest machines from attacks by infected hosts | |
CN106850690B (en) | Honeypot construction method and system | |
WO2010138641A1 (en) | Behavioral engine for identifying patterns of confidential data use | |
CN111726364B (en) | Host intrusion prevention method, system and related device | |
US20230208871A1 (en) | Systems and methods for vulnerability assessment for cloud assets using imaging methods | |
CN112583845A (en) | Access detection method and device, electronic equipment and computer storage medium | |
KR101768079B1 (en) | System and method for improvement invasion detection | |
US9432357B2 (en) | Computer network security management system and method | |
KR101767591B1 (en) | System and method for improvement invasion detection | |
CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
Le et al. | A threat computation model using a Markov Chain and common vulnerability scoring system and its application to cloud security | |
CN114615077A (en) | Honeypot-based network access control method, device and equipment | |
CN109255243B (en) | Method, system, device and storage medium for repairing potential threats in terminal | |
KR20050075950A (en) | Apparatus for optimizing log of intrusion detection system with consideration of the vulnerability of the network devices | |
Ghribi et al. | Multi-layer Cooperative Intrusion Detection System for Cloud Environment. | |
Kumar et al. | A review on 0-day vulnerability testing in web application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |