CN114826996A - Router honeypot testing method and device based on busy file system - Google Patents
Router honeypot testing method and device based on busy file system Download PDFInfo
- Publication number
- CN114826996A CN114826996A CN202210502279.8A CN202210502279A CN114826996A CN 114826996 A CN114826996 A CN 114826996A CN 202210502279 A CN202210502279 A CN 202210502279A CN 114826996 A CN114826996 A CN 114826996A
- Authority
- CN
- China
- Prior art keywords
- honeypot
- test
- router
- data
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/14—Arrangements for monitoring or testing data switching networks using software, i.e. software packages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Abstract
The invention relates to the technical field of honeypot testing, in particular to a router honeypot testing method and device based on a busy file system. According to the invention, the router simulation module, the data acquisition module, the test module, the result analysis module and the control module are matched, firstly, a router firmware simulation environment is built according to the busy file system, then, the test script is generated by adopting user behavior data, the qualified test script file is output through continuous correction, and finally, the qualified test script file is input into the honeypot system, so that the test process is completed. The automatic testing, correcting and outputting of the testing script files are achieved, the problem that the honeypot products need to spend a large amount of energy on modifying and debugging the original testing program due to the change of testing requirements is solved, and the testing efficiency and the testing effect of the honeypot nodes of the router are improved. And error data information of unqualified honeypots is fed back, so that honeypot products can be corrected and perfected.
Description
Technical Field
The invention relates to the field of honeypot testing, in particular to a router honeypot testing method and device based on a busy file system.
Background
The honeypot of the router is a well-known technology in the field of network security, and is mainly used for inducing an attacker to attack the router so as to analyze the attack behavior and achieve the purpose of protecting the router. In order to ensure the effect of honeypot products, tests are generally required.
The existing honey pot product test has different test requirements due to different routers. In order to meet the test requirements of different routers, a great deal of effort is required to continuously modify and debug the original test program, so that the test efficiency is low, and the test effect cannot be guaranteed.
Disclosure of Invention
Aiming at the problems in the background art, the router honeypot test method and device based on the busy file system are provided. According to the invention, the router simulation module, the data acquisition module, the test module, the result analysis module and the control module are matched, firstly, a router firmware simulation environment is built according to the busy file system, then, the test script is generated by adopting user behavior data, the qualified test script file is output through continuous correction, and finally, the qualified test script file is input into the honeypot system, so that the test process is completed. The problem that the honeypot product needs to spend a large amount of energy to modify and debug the original test program due to the change of the test requirements is solved, the test requirements of different routers are met, and the test efficiency and the test effect of the honeypot nodes of the routers are improved. And error data information of unqualified honeypots is fed back, so that honeypot products can be corrected and perfected.
The invention provides a router honeypot testing device based on a busy file system, which comprises a router simulation module, a data acquisition module, a testing module, a result analysis module and a control module. The router simulation module is used for building a router firmware simulation environment and simulating each mainstream router device and comprises a firmware extraction unit, a model execution unit and a model switching unit. The data acquisition module is used for monitoring and acquiring user behavior data, communication data and honeypot operation data in a simulation environment and comprises a user behavior data acquisition unit, a communication data acquisition unit, a honeypot operation data acquisition unit and a monitoring unit. The test module is used for generating, verifying and correcting a test script and outputting a qualified test script file to test the honeypot, and comprises a test script generating unit, a test script verifying unit, a test script correcting unit, a qualified script running unit and a data recording unit. The result analysis module is used for judging whether the honeypots to be tested are qualified or not and carrying out error feedback on unqualified honeypots and comprises a judgment unit, an analysis unit and a feedback unit. The control module is used for controlling and adjusting the modules.
Preferably, the router simulation module completes the establishment of the router firmware simulation environment through firmware unpacking, firmware user-level simulation, firmware system-level simulation and vulnerability analysis in sequence based on the busy file system.
Preferably, the objects collected by the honey pot operation data collecting unit comprise data flow packages of honey pots which are tested to be qualified and data flow packages uploaded by honey pots to be tested.
Preferably, the objects collected by the user behavior data collection unit comprise normal access behavior data packets and attack behavior data packets which occur at the target honeypot node.
Preferably, the test module generates a test script for the normal access behavior data packet and the attack behavior data packet which occur at the target honeypot node, determines whether the test script meets the test requirement by preferentially running the data traffic packet of the honeypot which is tested to be qualified, and outputs a qualified test script file by continuously correcting.
Preferably, the test script correction unit adopts a finite state machine to describe the interactive behavior of the GUI, and generates a test case set based on the finite state machine; generating a test script by using an automatic test tool, and establishing a mapping relation table of state transition and the test script; and automatically repairing the original test script according to the change information and the mapping table, testing the modified script again, and confirming that no new error is introduced into the modification or other codes generate errors.
Preferably, the feedback unit captures and marks error position data blocks of unqualified honeypots.
The invention also provides a router honeypot test method based on the busy file system, which comprises the following steps:
s1, building a router firmware simulation environment through the busybox file system, and simulating each mainstream router device;
s2, monitoring user behavior data, communication data and honeypot operation data aiming at the target honeypot node in the busy file system, and acquiring the data;
s3, generating a test script by adopting the user behavior data, running a test script file in the standard honeypot system, and respectively recording test result data; judging whether the test script meets the test requirement or not, and outputting a qualified test script file through continuous correction;
s4, inputting qualified test script files into the honeypot system to be tested, and judging whether the honeypot system is qualified according to whether the test result data is matched with the standard honeypot system operation data; if the two groups of test result data are matched, the honeypot system is qualified; if the two groups of test result data are not matched, the honeypot system is unqualified;
and S5, feeding back error data information of unqualified honeypots.
Compared with the prior art, the invention has the following beneficial technical effects:
according to the invention, the router simulation module, the data acquisition module, the test module, the result analysis module and the control module are matched, firstly, a router firmware simulation environment is built according to the busy file system, then, the test script is generated by adopting user behavior data, the qualified test script file is output through continuous correction, and finally, the qualified test script file is input into the honeypot system, so that the test process is completed. The problem that the honeypot product needs to spend a large amount of energy to modify and debug the original test program due to the change of the test requirements is solved, the test requirements of different routers are met, and the test efficiency and the test effect of the honeypot nodes of the routers are improved. And error data information of unqualified honeypots is fed back, so that honeypot products can be corrected and perfected.
Drawings
FIG. 1 is a block diagram of an apparatus according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method according to an embodiment of the present invention.
Detailed Description
Example one
As shown in fig. 1, the router honeypot test apparatus based on the busy file system provided by the present invention includes a router simulation module, a data acquisition module, a test module, a result analysis module and a control module. The router simulation module is used for building a router firmware simulation environment and simulating each mainstream router device and comprises a firmware extraction unit, a model execution unit and a model switching unit. The data acquisition module is used for monitoring and acquiring user behavior data, communication data and honeypot operation data in a simulation environment and comprises a user behavior data acquisition unit, a communication data acquisition unit, a honeypot operation data acquisition unit and a monitoring unit. The test module is used for generating, verifying and correcting a test script and outputting a qualified test script file to test the honeypot, and comprises a test script generating unit, a test script verifying unit, a test script correcting unit, a qualified script running unit and a data recording unit. The result analysis module is used for judging whether the honeypots to be tested are qualified or not and carrying out error feedback on unqualified honeypots and comprises a judgment unit, an analysis unit and a feedback unit. The control module is used for controlling and adjusting the modules.
Example two
As shown in fig. 1, the router honeypot test apparatus based on the busy file system provided by the present invention includes a router simulation module, a data acquisition module, a test module, a result analysis module and a control module. The router simulation module is used for building a router firmware simulation environment and simulating each mainstream router device and comprises a firmware extraction unit, a model execution unit and a model switching unit. The data acquisition module is used for monitoring and acquiring user behavior data, communication data and honeypot operation data in a simulation environment and comprises a user behavior data acquisition unit, a communication data acquisition unit, a honeypot operation data acquisition unit and a monitoring unit. The test module is used for generating, verifying and correcting a test script and outputting a qualified test script file to test the honeypot, and comprises a test script generating unit, a test script verifying unit, a test script correcting unit, a qualified script running unit and a data recording unit. The result analysis module is used for judging whether the honeypots to be tested are qualified or not and carrying out error feedback on unqualified honeypots and comprises a judgment unit, an analysis unit and a feedback unit. The control module is used for controlling and adjusting the modules.
Further, the router simulation module completes the establishment of a router firmware simulation environment through firmware unpacking, firmware user-level simulation, firmware system-level simulation and vulnerability analysis in sequence based on the busy file system.
Furthermore, the objects collected by the honey pot operation data collection unit comprise data flow packages of the honey pots which are tested to be qualified and data flow packages uploaded by the honey pots to be tested.
Further, the objects collected by the user behavior data collection unit comprise normal access behavior data packets and attack behavior data packets which occur at the target honeypot node.
Furthermore, the test module generates a test script for the normal access behavior data packet and the attack behavior data packet which occur at the target honeypot node, determines whether the test script meets the test requirement by preferentially running the data traffic packet of the honeypot which is tested to be qualified, and outputs a qualified test script file by continuously correcting.
Furthermore, the test script correction unit adopts a finite state machine to describe the interaction behavior of the GUI, and generates a test case set based on the finite state machine; generating a test script by using an automatic test tool, and establishing a mapping relation table of state transition and the test script; and automatically repairing the original test script according to the change information and the mapping table, testing the modified script again, and confirming that no new error is introduced into the modification or other codes generate errors.
Further, the feedback unit captures and marks error position data blocks of unqualified honeypots.
EXAMPLE III
As shown in fig. 2, the present invention further provides a router honeypot test method based on the busy file system, which includes the following steps:
s1, building a router firmware simulation environment through the busybox file system, and simulating each mainstream router device;
s2, monitoring user behavior data, communication data and honeypot operation data aiming at the target honeypot node in the busy file system, and acquiring the data;
s3, generating a test script by adopting the user behavior data, running a test script file in the standard honeypot system, and respectively recording test result data; judging whether the test script meets the test requirement or not, and outputting a qualified test script file through continuous correction;
s4, inputting qualified test script files into the honeypot system to be tested, and judging whether the honeypot system is qualified according to whether the test result data is matched with the standard honeypot system operation data; if the two groups of test result data are matched, the honeypot system is qualified; if the two groups of test result data are not matched, the honeypot system is unqualified;
and S5, feeding back error data information of unqualified honeypots.
According to the invention, the router simulation module, the data acquisition module, the test module, the result analysis module and the control module are matched, firstly, a router firmware simulation environment is built according to the busy file system, then, the test script is generated by adopting user behavior data, the qualified test script file is output through continuous correction, and finally, the qualified test script file is input into the honeypot system, so that the test process is completed. The problem that the honeypot product needs to spend a large amount of energy to modify and debug the original test program due to the change of the test requirements is solved, the test requirements of different routers are met, and the test efficiency and the test effect of the honeypot nodes of the routers are improved. And error data information of unqualified honeypots is fed back, so that honeypot products can be corrected and perfected.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited thereto, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.
Claims (8)
1. The router honeypot testing device based on the busy file system is characterized by comprising a router simulation module, a data acquisition module, a testing module, a result analysis module and a control module;
the router simulation module is used for building a router firmware simulation environment and simulating each mainstream router device and comprises a firmware extraction unit, a model execution unit and a model switching unit;
the data acquisition module is used for monitoring and acquiring user behavior data, communication data and honeypot operation data in a simulation environment and comprises a user behavior data acquisition unit, a communication data acquisition unit, a honeypot operation data acquisition unit and a monitoring unit;
the test module is used for generating, verifying and correcting a test script and outputting a qualified test script file to test the honeypot, and comprises a test script generating unit, a test script verifying unit, a test script correcting unit, a qualified script running unit and a data recording unit;
the result analysis module is used for judging whether the honeypots to be tested are qualified or not and carrying out error feedback on unqualified honeypots and comprises a judgment unit, an analysis unit and a feedback unit;
the control module is used for controlling and adjusting the modules.
2. The honeypot testing device of router based on busy file system of claim 1, wherein the router simulation module completes establishment of the router firmware simulation environment through firmware unpacking, firmware user-level simulation, firmware system-level simulation and vulnerability analysis in sequence based on the busy file system.
3. The router honeypot testing apparatus based on the busy file system of claim 1, wherein the objects collected by the honeypot operation data collection unit include data traffic packets of honeypots that have been tested to be qualified and data traffic packets uploaded by honeypots to be tested.
4. The router honeypot test device based on the busy box file system of claim 3, wherein the objects collected by the user behavior data collection unit include normal access behavior data packets and attack behavior data packets occurring at the target honeypot node.
5. The router honeypot test device based on the busy file system of claim 4, wherein the test module generates a test script for the normal access behavior data packet and the attack behavior data packet occurring at the target honeypot node, determines whether the test script meets the test requirement by preferentially running the data traffic packet of the honeypot that has been tested to be qualified, and outputs a qualified test script file by continuously modifying.
6. The router honeypot test device based on the busy file system according to claim 4, wherein the test script modification unit employs a finite state machine to describe the interactive behavior of the GUI, and generates the test case set based on the finite state machine; generating a test script by using an automatic test tool, and establishing a mapping relation table of state transition and the test script; and automatically repairing the original test script according to the change information and the mapping table, testing the modified script again, and confirming that no new error is introduced into the modification or other codes generate errors.
7. The router honeypot test device based on the busy file system of claim 4, wherein the feedback unit captures and marks error location data blocks of the failed honeypots.
8. The busy box file system based router honeypot testing method according to any one of claims 1 to 7, wherein the steps are as follows:
s1, building a router firmware simulation environment through the busybox file system, and simulating each mainstream router device;
s2, monitoring user behavior data, communication data and honeypot operation data aiming at the target honeypot node in the busy file system, and acquiring the data;
s3, generating a test script by adopting the user behavior data, running a test script file in the standard honeypot system, and respectively recording test result data; judging whether the test script meets the test requirement or not, and outputting a qualified test script file through continuous correction;
s4, inputting qualified test script files into the honeypot system to be tested, and judging whether the honeypot system is qualified according to whether the test result data is matched with the standard honeypot system operation data; if the two groups of test result data are matched, the honeypot system is qualified; if the two groups of test result data are not matched, the honeypot system is unqualified;
and S5, feeding back error data information of unqualified honeypots.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210502279.8A CN114826996A (en) | 2022-05-10 | 2022-05-10 | Router honeypot testing method and device based on busy file system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210502279.8A CN114826996A (en) | 2022-05-10 | 2022-05-10 | Router honeypot testing method and device based on busy file system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114826996A true CN114826996A (en) | 2022-07-29 |
Family
ID=82512861
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210502279.8A Pending CN114826996A (en) | 2022-05-10 | 2022-05-10 | Router honeypot testing method and device based on busy file system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114826996A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106021103A (en) * | 2016-05-16 | 2016-10-12 | 南京大学 | Code change-based mobile application test script automatic maintenance method |
| CN107644161A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Safety detecting method, device and the equipment of sample |
| US20190258805A1 (en) * | 2016-11-04 | 2019-08-22 | Singapore University Of Technology And Design | Computer-implemented method and data processing system for testing device security |
| CN110391937A (en) * | 2019-07-25 | 2019-10-29 | 哈尔滨工业大学 | A kind of Internet of Things honeynet system based on SOAP service simulation |
| CN111541670A (en) * | 2020-04-17 | 2020-08-14 | 广州锦行网络科技有限公司 | Novel dynamic honeypot system |
| CN112104613A (en) * | 2020-08-24 | 2020-12-18 | 广州锦行网络科技有限公司 | Honey net testing system based on data flow packet analysis and testing method thereof |
| CN112235241A (en) * | 2020-09-08 | 2021-01-15 | 广州大学 | Industrial control honeypot feature extraction method, system and medium based on fuzzy test |
| CN112417444A (en) * | 2020-12-03 | 2021-02-26 | 南京邮电大学 | Attack trapping system based on firmware simulation |
| CN113407187A (en) * | 2021-05-25 | 2021-09-17 | 鹏城实验室 | Method, device and equipment for constructing file system and computer storage medium |
| CN113515464A (en) * | 2021-09-14 | 2021-10-19 | 广州锦行网络科技有限公司 | Honeypot testing method and device based on linux system |
-
2022
- 2022-05-10 CN CN202210502279.8A patent/CN114826996A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106021103A (en) * | 2016-05-16 | 2016-10-12 | 南京大学 | Code change-based mobile application test script automatic maintenance method |
| CN107644161A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Safety detecting method, device and the equipment of sample |
| US20190258805A1 (en) * | 2016-11-04 | 2019-08-22 | Singapore University Of Technology And Design | Computer-implemented method and data processing system for testing device security |
| CN110391937A (en) * | 2019-07-25 | 2019-10-29 | 哈尔滨工业大学 | A kind of Internet of Things honeynet system based on SOAP service simulation |
| CN111541670A (en) * | 2020-04-17 | 2020-08-14 | 广州锦行网络科技有限公司 | Novel dynamic honeypot system |
| CN112104613A (en) * | 2020-08-24 | 2020-12-18 | 广州锦行网络科技有限公司 | Honey net testing system based on data flow packet analysis and testing method thereof |
| CN112235241A (en) * | 2020-09-08 | 2021-01-15 | 广州大学 | Industrial control honeypot feature extraction method, system and medium based on fuzzy test |
| CN112417444A (en) * | 2020-12-03 | 2021-02-26 | 南京邮电大学 | Attack trapping system based on firmware simulation |
| CN113407187A (en) * | 2021-05-25 | 2021-09-17 | 鹏城实验室 | Method, device and equipment for constructing file system and computer storage medium |
| CN113515464A (en) * | 2021-09-14 | 2021-10-19 | 广州锦行网络科技有限公司 | Honeypot testing method and device based on linux system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105141441B (en) | A kind of method that IP network graphically configures | |
| CN107659434A (en) | A kind of automatic test approach of Devices to test, apparatus and system | |
| CN101841436B (en) | Method for testing performance of IPFIX (Internet Protocol Flow Information Export) server, device and system thereof | |
| US20130124727A1 (en) | Client suitability test apparatus and method for a substation automating system | |
| CN103795707B (en) | Enterprise network security automatization test system and method | |
| CN108923999A (en) | A kind of net surfing server automatic performance test method and system | |
| CN108174405A (en) | Product test method and apparatus | |
| CN107094091B (en) | A kind of intelligent substation station level network configuration method of calibration and system | |
| CN104809041A (en) | Batch test method of whole cabinet server power supply | |
| CN110677322B (en) | Python language-based industrial control safety equipment automatic test system and method | |
| CN116132553A (en) | Big data transmission optimization method and system | |
| CN114826996A (en) | Router honeypot testing method and device based on busy file system | |
| CN107733743B (en) | Method and system for realizing automatic test of Ethernet bus data | |
| CN102089756A (en) | System for injecting protocol specific errors during the certification of components in a storage area network | |
| CN102624587A (en) | System and method capable of achieving defect detection for IEC60870-5-101/104 communication protocol | |
| CN1287309A (en) | Universal protocol testing method for embedded system | |
| CN107133170A (en) | A kind of detection method of car-mounted terminal automatic detection black box, apparatus and system | |
| CN111130917B (en) | Line testing method, device and system | |
| CN111475358A (en) | Automatic testing method and device for controller interface | |
| CN104394042B (en) | A kind of method of MIB tests ONU system upgrades | |
| CN111103495A (en) | Automatic test system and method for field debugging of cross-interval relay protection equipment | |
| CN103457957B (en) | A kind of network penetration test macro and method with adaptation function | |
| JP7433464B2 (en) | Code construction methods, apparatus, devices and storage media | |
| CN104301150A (en) | Network device configuration method | |
| CN113157551B (en) | ROS-oriented differential fuzzy test method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |