CN115174218B - Method for carrying out power grid safety protection based on high-simulation virtual honeypot technology - Google Patents
Method for carrying out power grid safety protection based on high-simulation virtual honeypot technology Download PDFInfo
- Publication number
- CN115174218B CN115174218B CN202210787610.5A CN202210787610A CN115174218B CN 115174218 B CN115174218 B CN 115174218B CN 202210787610 A CN202210787610 A CN 202210787610A CN 115174218 B CN115174218 B CN 115174218B
- Authority
- CN
- China
- Prior art keywords
- control center
- data
- virtual
- attack
- honeypot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000005516 engineering process Methods 0.000 title claims abstract description 30
- 238000004088 simulation Methods 0.000 title claims abstract description 30
- 238000007726 management method Methods 0.000 claims abstract description 32
- 230000000694 effects Effects 0.000 claims abstract description 23
- 238000012545 processing Methods 0.000 claims abstract description 13
- 238000007405 data analysis Methods 0.000 claims abstract description 10
- 235000012907 honey Nutrition 0.000 claims abstract description 7
- 238000013523 data management Methods 0.000 claims abstract description 4
- 238000001914 filtration Methods 0.000 claims description 14
- 238000004891 communication Methods 0.000 claims description 11
- 238000004458 analytical method Methods 0.000 claims description 8
- 238000013507 mapping Methods 0.000 claims description 6
- 230000005856 abnormality Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 238000007418 data mining Methods 0.000 claims description 3
- 238000002347 injection Methods 0.000 claims description 3
- 239000007924 injection Substances 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000007619 statistical method Methods 0.000 claims description 3
- 238000012800 visualization Methods 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 239000000243 solution Substances 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention discloses a method for carrying out power grid safety protection based on a high-simulation virtual honeypot technology, which comprises the following steps: the honeypot host obtains a plurality of virtual honeypots or network services with holes based on virtual software; capturing attack activities by utilizing the virtual honeypot or the network service to attract the attack, and uploading the attack activity data to a node control center; the node control center performs simple data processing and storage on the data, and then collects and uploads the data to the management control center; and the management control center performs data analysis and management on the data and performs alarm processing based on a data analysis result. The invention enlarges the collection surface of the data information by adopting a distributed honey system deployment mode; when one of the node control centers is recognized by an attacker, the whole honeypot system is not exposed, and the safety of the whole system is further enhanced.
Description
Technical Field
The invention relates to the technical field of honeypots, in particular to a method for carrying out power grid safety protection based on a high-simulation virtual honeypot technology.
Background
Along with further expansion of network coverage, the network brings various convenience to the life of people, and meanwhile, the network is also faced with more and more complex and diversified network threats, traditional network security technologies such as firewalls and intrusion detection belong to passive defense modes, and the network security technology has good alarming and defending measures for known security threats, and is an important direction of network security research for how unknown security threats are detected and defended; the honeypot technology adopts an active defense mode, has great advantages in the aspects of monitoring network intrusion, protecting network objects, information learning feedback, improving the capability of perfecting counterattack intrusion and other network safety, but has small moving range of an attacker captured by a single honeypot, and when the honeypot is recognized by the attacker, the whole honeypot system is exposed in front of the attacker, so that the network safety cannot be effectively ensured. Therefore, the invention provides a method for carrying out power grid safety protection based on a high-simulation virtual honeypot technology.
Disclosure of Invention
This section is intended to outline some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. Some simplifications or omissions may be made in this section as well as in the description summary and in the title of the application, to avoid obscuring the purpose of this section, the description summary and the title of the invention, which should not be used to limit the scope of the invention.
The present invention has been made in view of the above-described problems.
Therefore, the technical problems solved by the invention are as follows: the single honeypot captures the problem that the whole honeypot system can be exposed because the movable range of an attacker is small and the honeypot is recognized by the attacker.
In order to solve the technical problems, the invention provides the following technical scheme: a method for carrying out power grid safety protection based on a high-simulation virtual honeypot technology comprises the following steps:
the honeypot host obtains a plurality of virtual honeypots or network services with holes based on virtual software;
capturing attack activities by utilizing the virtual honeypot or the network service to attract the attack, and uploading the attack activity data to a node control center;
the node control center performs simple data processing and storage on the data, and then collects and uploads the data to the management control center;
and the management control center performs data analysis and management on the data and performs alarm processing based on a data analysis result.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the obtaining of the plurality of virtual honeypots or network services with holes based on the virtual software comprises the following steps:
creating a virtual environment based on a docker technology, packaging a program with a vulnerability code into the virtual docker environment, and mapping the code network service to a port of a host machine through port mapping.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the existing loopholes comprise:
injection loopholes, effective identity authentication and session management, sensitive information leakage, XML external entity leakage, invalid access control, cross-site scripting, unsafe deserialization and cross-site request counterfeiting.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the capture attack activity includes:
capturing based on tcp/IP messages, and knowing network services accessed by an attacker according to an IP port accessed by the attacker; business machines that normally run in the intranet do not access network services that the virtual honeypot exposes to the outside; the normal arp access or broadcast message is not an attack access, and the network service access exposed outwards aiming at the virtual honeypot can be basically judged as illegal attack access.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the node control center includes:
storing the captured original data and the data after analysis processing into a database; the data is simply processed based on the big data component.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the node control center further includes:
configuring and managing all honeypots of the network segment; the node control center carries out configuration of the virtual honeypot based on control instructions with various parameters of the honeypot issued by the management control center; and starting, stopping and deleting the virtual honeypot based on the control instruction issued by the management control center.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the summarized data is uploaded to a management control center, and the method comprises the following steps:
when the management control center needs to analyze the real access flow data, the node control center can summarize and upload the data to the management control center by sending an uploading instruction and uploading the data at regular time.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the management control center includes:
and setting a sorting mechanism of automatic front-end processing, filtering and classifying data uploaded by a node control center according to rules based on a big data component, and carrying out feature analysis and attack trend analysis by utilizing data mining, statistical analysis and visualization means.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the rule includes:
classifying according to units, sites and network protocol types; filtering according to communication IP and port: filtering address communication of broadcast address and network number; the filtering is performed for the communication of the whitelist IP.
As a preferable scheme of the method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology, the invention comprises the following steps: the alarm processing comprises:
carrying out alarm configuration, setting up mode matching rules on parameters, threshold values, alarm levels and alarm description information related to the alarm configuration based on data analysis results; various logs in a target system are monitored through a log management component in the system cluster, the running state of the system is analyzed, log information and the running state of the system are matched with a mode rule, and when an abnormality occurs, an alarm is given in time.
The invention has the beneficial effects that: the invention enlarges the collection surface of the data information by adopting a distributed honey system deployment mode; when one of the node control centers is recognized by an attacker, the whole honeypot system is not exposed, and the safety of the whole system is further enhanced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
FIG. 1 is a general flow chart of a method for grid security based on high-simulation virtual honeypot technology according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of deployment of a high-simulation honey pot by a host machine according to one embodiment of the present invention.
Detailed Description
So that the manner in which the above recited objects, features and advantages of the present invention can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
While the embodiments of the present invention have been illustrated and described in detail in the drawings, the cross-sectional view of the device structure is not to scale in the general sense for ease of illustration, and the drawings are merely exemplary and should not be construed as limiting the scope of the invention. In addition, the three-dimensional dimensions of length, width and depth should be included in actual fabrication.
Also in the description of the present invention, it should be noted that the orientation or positional relationship indicated by the terms "upper, lower, inner and outer", etc. are based on the orientation or positional relationship shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first, second, or third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected, and coupled" should be construed broadly in this disclosure unless otherwise specifically indicated and defined, such as: can be fixed connection, detachable connection or integral connection; it may also be a mechanical connection, an electrical connection, or a direct connection, or may be indirectly connected through an intermediate medium, or may be a communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Example 1
Referring to fig. 1, for one embodiment of the present invention, a method for performing power grid security protection based on a high-simulation virtual honeypot technology is provided, including:
s1: the honeypot host obtains a plurality of virtual honeypots or network services with holes based on virtual software;
further, a virtual environment is created based on the dock technology, a program with a vulnerability code is packaged into the virtual dock environment, and then the code network service is mapped to a port of a host machine through port mapping.
It should be noted that the existing vulnerabilities include injection vulnerabilities, effective identity authentication and session management, sensitive information disclosure, XML external entity disclosure, failed access control, cross-site scripting, unsafe deserialization, cross-site request forgery, and the like.
S2: capturing attack activities by utilizing the virtual honeypot or the network service to attract the attack, and uploading the attack activity data to a node control center;
further, capturing based on tcp/IP messages, and knowing network services accessed by an attacker according to an IP port accessed by the attacker;
it should be noted that, the service machine operating normally in the intranet will not access the network service exposed by the virtual honeypot; normal arp access or broadcast messages are not attack access, so network service access exposed outwards for the virtual honeypot can be basically judged as illegal attack access.
S3: the node control center performs simple data processing and storage on the data, and then collects and uploads the data to the management control center;
further, the node control center simply processes the data based on the big data component and temporarily stores the processed data and part of the original data in the database.
It should be noted that the data captured by the node control center is message data of real source flow access.
Further, the node control center uploads the data to the management control center when the management control center needs the data;
it should be noted that, the node control center uploads the data to the management control center, and sends an upload instruction and a timing upload instruction through the management control center, where the instruction specifically refers to a control instruction issued by the management center, and the content of the control instruction includes parameters such as a network protocol type, a source IP, a source port, a destination IP, a destination port, and the like, which require the node control center to capture attack access traffic.
S4: the management control center performs data analysis and management on the data and performs alarm processing based on a data analysis result;
further, a sorting mechanism of automatic front-end processing is set, and data uploaded by the node control center are classified and filtered according to a certain rule based on a big data component;
it should be noted that, the classification rule is to classify according to units, sites and network protocol types; the filtering rules include: filtering according to communication IP and port: filtering address communication of broadcast address and network number; the filtering is performed for the communication of the whitelist IP.
Furthermore, the classified and filtered data are subjected to feature analysis and attack trend analysis by means of data mining, statistical analysis, visualization and the like, so that attack activity features are obtained.
Furthermore, alarm configuration is carried out based on the obtained attack activity characteristics, and a mode matching rule is established;
it should be noted that the alarm configuration includes configuration related parameters, thresholds, alarm levels, alarm descriptions, and the like.
Further, based on a log management component in the system cluster, various logs of a target system are monitored and actively scanned, the running state of the system is analyzed, further, the acquired log information and the running state information of the system are subjected to pattern matching, timely alarm is carried out when abnormality occurs, and alarm information is synchronously uploaded to a management control center;
it should be noted that, the vulnerability scanning plug-in can scan the system log; the running state of the virtual honeypot system can be obtained through the attribute of monitoring the running state of the container in the dock technology; the running condition of the system is known through the analysis of the running state of the virtual honeypot system so as to discover the abnormality in time; when an abnormality occurs, alarm information prompt is carried out by sending mails, a system loudspeaker and defining a small program.
Example 2
Referring to fig. 2, for one embodiment of the present invention, a method for performing power grid security protection based on a high-simulation virtual honeypot technology is provided, and in order to verify the beneficial effects of the present invention, scientific demonstration is performed through economic benefit calculation and simulation experiments.
1. Deploying and configuring a high-interaction honey pot container in a host machine of a production control area at a station end, and mapping network services into a power monitoring system network;
2. the high-interaction network service comprises redis service, credit-preserving service, stability control service, PAS service, telecontrol service, stability service and POC service;
3. the high-simulation honey network is formed by utilizing the plurality of high-simulation virtual services to protect the normal operation of a real business system;
4. when an attacker attacks the virtual high-simulation honeynet, the high-simulation honeypot receives the access of the attacker and returns a response, and the attacker is attracted to carry out the next communication;
5. and (3) utilizing and analyzing log information output by the high-simulation interactive honey network, matching alarm rules, forming real-time alarm when matching is successful, prompting corresponding sites to make relevant protection, preventing an attacker from further expanding attack, and protecting the normal operation of a network environment.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.
Claims (5)
1. The method for carrying out power grid safety protection based on the high-simulation virtual honeypot technology is characterized by comprising the following steps of:
the honeypot host obtains a plurality of virtual honeypots or network services with holes based on virtual software;
capturing attack activities by utilizing the virtual honeypot or the network service to attract the attack, and uploading the attack activity data to a node control center;
the node control center processes the attack activity data, stores the attack activity data into a database, and then gathers and uploads the attack activity data to the management control center;
the management control center performs data analysis and management on the attack activity data and performs alarm processing based on a data analysis result;
the virtual software-based obtaining of multiple virtual honeypots or network services with vulnerabilities comprises:
creating a virtual environment based on a docker technology, packaging a program with a vulnerability code into the virtual docker environment, and mapping a code network service to a port of a honey pot host through port mapping;
the capture attack activity includes:
capturing based on tcp/IP messages, and knowing network services accessed by an attacker according to an IP port accessed by the attacker; since the business machine which normally runs in the intranet does not access the network service exposed by the virtual honeypot; normal arp access or broadcast message is not attack access, so that illegal attack access is judged aiming at the network service access exposed outwards by the virtual honeypot, and then attack activity is captured;
the node control center processes the attack activity data, stores the attack activity data in a database, and then summarizes and uploads the attack activity data to the management control center, and comprises the following steps:
the node control center processes the attack activity data based on the big data component and stores the processed data and part of attack activity data into the database;
when the management control center needs to analyze the real access flow data, two control instructions, namely an uploading instruction and a timing uploading instruction, are sent to enable the node control center to summarize and upload the real access flow data to the management control center, wherein the control instruction issued by the management control center is specifically a parameter which needs the node control center to upload the real access flow data, and the real access flow data comprises processed data in a database and partial attack activity data;
the management control center includes:
and setting a sorting mechanism of automatic front-end processing, filtering and classifying the data uploaded by the node control center based on the big data component according to filtering and classifying rules, and carrying out feature analysis and attack trend analysis by utilizing data mining, statistical analysis and visualization means.
2. The method for performing power grid safety protection based on the high-simulation virtual honeypot technology as set forth in claim 1, wherein the method comprises the following steps: the existing loopholes comprise:
injection loopholes, non-effective identity authentication and session management, sensitive information leakage, XML external entity leakage, invalid access control, cross-site scripting, unsafe deserialization and cross-site request counterfeiting.
3. The method for performing power grid safety protection based on the high-simulation virtual honeypot technology as set forth in claim 1, wherein the method comprises the following steps: the node control center further includes:
configuring and managing all honeypots of the network segment; the node control center configures the virtual honeypot based on the control instruction issued by the management control center; and starting, stopping and deleting the virtual honeypot based on the control instruction issued by the management control center.
4. The method for performing power grid safety protection based on the high-simulation virtual honeypot technology as set forth in claim 1, wherein the method comprises the following steps: the filtering and classifying rules include:
classifying according to units, sites and network protocol types; filtering according to communication IP and port: filtering address communication of broadcast address and network number; the filtering is performed for the communication of the whitelist IP.
5. The method for performing power grid safety protection based on the high-simulation virtual honeypot technology as set forth in claim 1, wherein the method comprises the following steps: the alarm processing comprises:
and (3) alarm configuration: configuring related parameters, threshold values, alarm levels and alarm description information based on data analysis results and establishing a pattern matching rule; various logs in a target system are monitored through a log management component in the system cluster, the running state of the system is analyzed, log information and the running state of the system are matched with a pattern matching rule, and when an abnormality occurs, an alarm is given in time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210787610.5A CN115174218B (en) | 2022-07-04 | 2022-07-04 | Method for carrying out power grid safety protection based on high-simulation virtual honeypot technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210787610.5A CN115174218B (en) | 2022-07-04 | 2022-07-04 | Method for carrying out power grid safety protection based on high-simulation virtual honeypot technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115174218A CN115174218A (en) | 2022-10-11 |
CN115174218B true CN115174218B (en) | 2024-04-09 |
Family
ID=83490999
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210787610.5A Active CN115174218B (en) | 2022-07-04 | 2022-07-04 | Method for carrying out power grid safety protection based on high-simulation virtual honeypot technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115174218B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110391937A (en) * | 2019-07-25 | 2019-10-29 | 哈尔滨工业大学 | A kind of Internet of Things honeynet system based on SOAP service simulation |
CN111818062A (en) * | 2020-07-10 | 2020-10-23 | 四川长虹电器股份有限公司 | Docker-based CentOS high-interaction honeypot system and implementation method thereof |
CN112187825A (en) * | 2020-10-13 | 2021-01-05 | 网络通信与安全紫金山实验室 | Honeypot defense method, system, equipment and medium based on mimicry defense |
CN114070630A (en) * | 2021-11-17 | 2022-02-18 | 国网四川省电力公司眉山供电公司 | Viscous honeypot system and interaction method thereof |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11265346B2 (en) * | 2019-12-19 | 2022-03-01 | Palo Alto Networks, Inc. | Large scale high-interactive honeypot farm |
-
2022
- 2022-07-04 CN CN202210787610.5A patent/CN115174218B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110391937A (en) * | 2019-07-25 | 2019-10-29 | 哈尔滨工业大学 | A kind of Internet of Things honeynet system based on SOAP service simulation |
CN111818062A (en) * | 2020-07-10 | 2020-10-23 | 四川长虹电器股份有限公司 | Docker-based CentOS high-interaction honeypot system and implementation method thereof |
CN112187825A (en) * | 2020-10-13 | 2021-01-05 | 网络通信与安全紫金山实验室 | Honeypot defense method, system, equipment and medium based on mimicry defense |
CN114070630A (en) * | 2021-11-17 | 2022-02-18 | 国网四川省电力公司眉山供电公司 | Viscous honeypot system and interaction method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN115174218A (en) | 2022-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104836702B (en) | Mainframe network unusual checking and sorting technique under a kind of large traffic environment | |
Bringer et al. | A survey: Recent advances and future trends in honeypot research | |
Artail et al. | A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks | |
CN102882884B (en) | Honeynet-based risk prewarning system and method in information production environment | |
US20140359708A1 (en) | Honeyport active network security | |
EP2612481B1 (en) | Method and system for classifying traffic | |
US20030188189A1 (en) | Multi-level and multi-platform intrusion detection and response system | |
KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
Kumar et al. | Intrusion detection systems: a review | |
CN106992955A (en) | APT fire walls | |
Beg et al. | Feasibility of intrusion detection system with high performance computing: A survey | |
Victor et al. | Intrusion detection systems-analysis and containment of false positives alerts | |
Jadhav et al. | A novel approach for the design of network intrusion detection system (NIDS) | |
CN113645181B (en) | Distributed protocol attack detection method and system based on isolated forest | |
CN115174218B (en) | Method for carrying out power grid safety protection based on high-simulation virtual honeypot technology | |
RU2703329C1 (en) | Method of detecting unauthorized use of network devices of limited functionality from a local network and preventing distributed network attacks from them | |
CN111885020A (en) | Network attack behavior real-time capturing and monitoring system with distributed architecture | |
CN116781380A (en) | Campus network security risk terminal interception traceability system | |
El-Alfy et al. | Detecting cyber-attacks on wireless mobile networks using multicriterion fuzzy classifier with genetic attribute selection | |
Li-Juan | Honeypot-based defense system research and design | |
CN115150140A (en) | Distributed attack trapping system and method based on centralized and unified defense deployment | |
Zaheer et al. | Intrusion detection and mitigation framework for SDN controlled IoTs network | |
Farooqi et al. | Intrusion detection system for IP multimedia subsystem using K-nearest neighbor classifier | |
Singhrova | A host based intrusion detection system for DDoS attack in WLAN | |
Rodrigues et al. | Design and implementation of a low-cost low interaction IDS/IPS system using virtual honeypot approach |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |