CN117220900A - Method and system for automatically detecting honeypot system - Google Patents
Method and system for automatically detecting honeypot system Download PDFInfo
- Publication number
- CN117220900A CN117220900A CN202310870852.5A CN202310870852A CN117220900A CN 117220900 A CN117220900 A CN 117220900A CN 202310870852 A CN202310870852 A CN 202310870852A CN 117220900 A CN117220900 A CN 117220900A
- Authority
- CN
- China
- Prior art keywords
- honeypot
- test
- type
- fingerprint
- target equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000001514 detection method Methods 0.000 claims abstract description 41
- 235000012907 honey Nutrition 0.000 claims abstract description 12
- 238000012360 testing method Methods 0.000 claims description 59
- 230000003993 interaction Effects 0.000 claims description 22
- 230000004044 response Effects 0.000 claims description 9
- 238000011056 performance test Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 238000011076 safety test Methods 0.000 claims description 4
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 230000004083 survival effect Effects 0.000 claims description 3
- 238000007689 inspection Methods 0.000 claims 1
- 238000004088 simulation Methods 0.000 abstract description 12
- 238000011156 evaluation Methods 0.000 abstract description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
Abstract
The application discloses a method and a system for automatically detecting a honeypot system, which can automatically detect the functional integrity of the honeypot system, simultaneously carry out safety detection on a plurality of network protocols and industrial control protocols, automatically detect the simulation concealment of the honeypot, save a great deal of labor cost and obviously improve the working efficiency; the method has the advantages of low requirements on detection personnel, quick mastering, high detection efficiency, capability of acquiring mass data for comparison, and quick comprehensive evaluation, analysis and judgment of whether the honey tank simulation concealment meets the requirements.
Description
Technical Field
The application relates to a method and a system for automatically detecting a honeypot system, belonging to the field of computer systems.
Background
The honey pot is a computer which does not take any security precaution measure and is connected with a network, but different from a general computer, a plurality of data recording programs and special-purpose self-exposure programs are operated in the honey pot, the honey pot can be regarded as a computer system with a plurality of loopholes, meanwhile, an administrator can clearly recognize the loopholes, and the honey pot can conveniently know the invasion tendency of the invader and take targeted defending measures on the invader as long as the honey pot records one action of the invader when being invaded.
The honeypot acts differently from a firewall, which has limitations and vulnerabilities in that it must be built and defended against a known dangerous rule system, if an intruder launches a new form of attack, the firewall does not deal with the corresponding rule, and the firewall acts like a dummy, and the system protected by the firewall is destroyed.
As network attacks increase, the means become more and more diverse and complex. It becomes important to attract attacks by means of honeypots and to analyze the attack method. A good honeypot system needs to simulate various protocols and equipment, and has the characteristics of containing a certain preset loopholes, ensuring complete functions and high interaction, being hidden in simulation and difficult to judge as honeypots by attackers. The disadvantages of the prior art are mainly represented by:
1) Lack of method for automatically detecting functional integrity of honeypot
There are tens of internet universal protocols and industrial control protocols at present. Each protocol supports a large number of instructions, each with a different address and parameters. When it is required to detect whether the functions of the protocols are normal and complete at the same time, the manual efficiency is extremely low, but no method is available at present to detect the protocols at the same time with high efficiency.
2) Security testing of different network protocols requires the use of different security test tools
At present, besides the HTTP protocol, the safety detection tools of other protocols are fewer, the pertinence of each tool is strong, the supported protocols are single, and the requirements of carrying out safety detection on up to dozens of network protocols and industrial control protocols at the same time cannot be met.
3) Lack of automatic detection method for honey pot simulation concealment
The honeypot simulation is used for attracting an attacker to attack, relieving the pressure of the real working system under attack, and analyzing and tracing the attack behavior. So the honeypot simulation needs to be hidden as much as possible and is not recognized as a honeypot by an attacker. Therefore, it is necessary to detect the honeypot from the viewpoint of an attacker, avoid identifying the honeypot, and improve the concealment of the honeypot, but no corresponding effective detection method exists at present.
Disclosure of Invention
In order to solve the problems that the prior art lacks a method for automatically detecting the functional integrity of a honeypot system, simultaneously carrying out safety detection on a plurality of network protocols and industrial control protocols and automatically detecting the simulation concealment of the honeypot, and simultaneously solves the problems that the honeypot detection has high requirements on detection personnel, can not be mastered quickly, has low manual detection efficiency, can not obtain mass data for comparison and can not be used for quickly and comprehensively judging whether the simulation concealment of the honeypot meets the requirements, the application provides a method for automatically detecting the honeypot system, which can automatically detect various honeypots and various objects in aspects of functions, performances, safety and the like, and improves the test completeness and the test efficiency; meanwhile, the honey pot simulation concealment is tested by using interaction test, security test and fingerprint identification, and the honey pot simulation concealment is correspondingly improved.
According to one aspect of the present application, there is provided a method of automatically detecting a honeypot system, comprising the steps of:
s1: presetting, and setting the type of parameters to be measured.
S2: and carrying out port test and IP test on the target equipment.
S3: and identifying honeypots, wherein fingerprint testing and interaction testing are carried out on the target equipment.
S4: and performing special detection on the target equipment determined to be the honeypot.
S5: and generating a detection report, outputting test contents and generating a honeypot identifiable comprehensive score.
Optionally, the step S3 further includes:
and assisting in identification, including protocol testing and data testing of the target equipment.
Optionally, the special detection in S4 includes: and performing performance test and safety test on the target equipment.
Optionally, the types of parameters to be measured in S1 include: target IP range.
Optionally, the parameter types to be tested in S1 further include a port range, a system type, and a detection type, and whether performance test and security test are performed or not may be set in the detection type, and if not, the test is not performed.
Optionally, the port test in S2 includes: checking the open port number and port type of the target device.
Optionally, the IP test in S2 includes: and carrying out survival identification on the target equipment IP, checking whether the target IP exists by sending tcp and udp messages to the target, if so, judging whether the acquired active IP is a public network IP, if so, continuing to inquire in a corresponding database, acquiring information of an operator and a cloud host provider, and comprehensively judging whether the acquired active IP is likely to be a honeypot according to the service type, the information of the operator, the cloud host and the like.
Optionally, the first database includes preset data information or purchased data information according to actual requirements.
Optionally, the fingerprint test in S3 includes: and scanning fingerprint information of the target equipment, matching the fingerprint information in a second database, and judging whether the target equipment is a honey pot or not according to a matching result.
Optionally, the fingerprint information includes at least one of: host fingerprint, operating system fingerprint, application fingerprint, protocol fingerprint.
Optionally, the second database includes a plurality of host names and fingerprint information corresponding to the host names, a plurality of operating systems and fingerprint information corresponding to the operating systems, a plurality of applications and fingerprint information corresponding to the applications, and a plurality of protocols and fingerprint information corresponding to the protocols.
Optionally, the interaction test includes: and identifying the application type according to the application fingerprint, performing automatic interaction test by using a corresponding interaction script according to the application type, and scoring the interaction degree according to the number and complexity of the steps of interaction in combination with a scoring model.
Optionally, the protocol test includes: and according to the port number automatic matching protocol type, calling a corresponding test script to request, receiving response information to analyze, judging whether the result is normal, outputting request and response log information, and judging whether the target equipment is a honeypot according to the response accuracy.
Optionally, the data testing includes: and using the provided login information to log in the system, searching whether the configuration information of the scanning system and the application is normal, searching a user name and a user file name according to a template, checking a database instance according to a database type, identifying a database instance which is not default by the system, accessing data in a table and judging whether the data is business data.
Optionally, the performance test includes: and automatically simulating multiple IP and interaction between a user and the target equipment by using multithreading, and simulating login, inquiry, modification, deletion and operation.
Optionally, the security test includes: and automatically calling a corresponding security vulnerability scanning script to test according to the target equipment operating system, the application type and the protocol type.
Optionally, the S1 includes:
s1-1: presetting the target IP range as a single IP or a plurality of IP or IP sections; support comma separated IP lists.
S1-2: presetting the port range as a single port or a plurality of ports or port intervals; port ranges specified in comma separated port list, number xxx-xxx, are supported.
S1-3: presetting the system type, and automatically identifying the system type when the system type is not set; the system type is optional, and the options can be linux, unix, windows and industrial control equipment.
Optionally, the S2 includes: and automatically carrying out port scanning on the target equipment according to the scanning script and the preset port range, checking an open port number and a port type, and identifying a service type.
In another aspect, the present application also provides an automatic detection system for a honeypot system, the system comprising:
the preset module is used for setting the type of the parameter to be detected;
the identifying module is used for identifying the target equipment and judging whether the target equipment is a honeypot system or not;
the special detection module is used for carrying out special detection on the honeypot system;
and the output module is used for recording the results of the identification and the special detection and outputting a detection report.
The application has the beneficial effects that:
1) The method for automatically detecting the honeypot system can automatically detect the functional integrity of the honeypot system, simultaneously detect a plurality of network protocols and industrial control protocols safely, automatically detect the simulation concealment of the honeypot, save a great deal of labor cost and obviously improve the working efficiency;
2) The method for automatically detecting the honeypot system has the advantages of low requirements on detection personnel, quick mastering, high detection efficiency, capability of acquiring mass data for comparison, and quick comprehensive evaluation, analysis and judgment of whether the honeypot simulation concealment meets the requirements.
Drawings
FIG. 1 is a flow chart of an overall test in one embodiment of the application;
FIG. 2 is a flow chart of an interactive test in an embodiment of the application.
Detailed Description
The present application is described in detail below with reference to examples, but the present application is not limited to these examples.
According to one embodiment of the present application, there is provided a method for automatically detecting a honeypot system, including the steps of:
s1: presetting, namely setting the types of parameters to be tested, including a target IP range, a port range, a system type and a detection type, wherein the detection type is set for performance test and security test.
S2: port testing and IP testing are carried out on target equipment, port scanning is automatically carried out on the target equipment according to a scanning script and the preset port range, an open port number and a port type are checked, and a service type is identified;
and carrying out survival identification on the target equipment IP, checking whether the target IP exists by sending tcp and udp messages to the target, if so, judging whether the acquired active IP is a public network IP, if so, continuing to inquire in a first database, acquiring information of an operator and a cloud host provider, and comprehensively judging whether the acquired active IP is likely to be a honeypot according to the service type, the information of the operator, the cloud host and the like.
S3: honeypot identification, including carrying out fingerprint test and interactive test to target equipment, fingerprint test includes: the fingerprint information of the target equipment is scanned and matched in a second database, whether the target equipment is a honey pot or not is judged according to a matching result, the fingerprint information comprises a host fingerprint, an operating system fingerprint, an application fingerprint and a protocol fingerprint, and the second database comprises a plurality of host names and fingerprint information corresponding to the host names, a plurality of operating systems and fingerprint information corresponding to the operating systems, a plurality of applications and fingerprint information corresponding to the applications and protocols and fingerprint information corresponding to the protocols.
The specific flow of the interaction test is shown in fig. 2, which comprises the following steps: and identifying the application type according to the application fingerprint, performing automatic interaction test by using a corresponding interaction script according to the application type, and scoring the interaction degree according to the number and complexity of the steps of interaction in combination with a scoring model.
The step S3 further comprises the following steps:
and assisting in identification, including protocol testing and data testing of the target equipment.
The protocol test includes: and according to the port number automatic matching protocol type, calling a corresponding test script to request, receiving response information to analyze, judging whether the result is normal, outputting request and response log information, and judging whether the target equipment is a honeypot according to the response accuracy.
The data testing includes: and using the provided login information to log in the system, searching whether the configuration information of the scanning system and the application is normal, searching a user name and a user file name according to a template, checking a database instance according to a database type, identifying a database instance which is not default by the system, accessing data in a table and judging whether the data is business data.
S4: performing special detection on the target equipment determined to be the honeypot, wherein the special detection comprises performance test and safety test on the target equipment;
the performance test comprises: automatically simulating multiple IP and interaction between a user and the target equipment by using multithreading, and simulating login, inquiry, modification, deletion and operation;
the security test comprises: and automatically calling a corresponding security vulnerability scanning script to test according to the target equipment operating system, the application type and the protocol type.
S5: and generating a detection report, outputting test contents and generating a honeypot identifiable comprehensive score.
According to another embodiment of the present application, there is also provided an automatic detection system for a honeypot system, the system including:
the preset module is used for setting the type of the parameter to be detected;
the identifying module is used for identifying the target equipment and judging whether the target equipment is a honeypot system or not;
the special detection module is used for carrying out special detection on the honeypot system;
and the output module is used for recording the results of the identification and the special detection and outputting a detection report.
While the application has been described in terms of preferred embodiments, it will be understood by those skilled in the art that various changes and modifications can be made without departing from the scope of the application, and it is intended to cover the principles of the application as defined in the appended claims.
Claims (10)
1. A method for automatically detecting a honeypot system, comprising the steps of:
s1: presetting, namely setting the type of parameters to be measured;
s2: performing port test and IP test on target equipment;
s3: honeypot identification, including fingerprint testing and interaction testing of the target device;
s4: performing special detection on the target equipment determined to be the honeypot;
s5: and generating a detection report, outputting test contents and generating a honeypot identifiable comprehensive score.
2. The method for automatically detecting a honeypot system of claim 1, wherein S3 further comprises:
auxiliary identification, including protocol testing and data testing of the target device;
preferably, the interaction test comprises: according to the application fingerprint identification application type, carrying out automatic interaction test by using a corresponding interaction script according to the application type, and scoring the interaction degree according to the number and complexity of the steps of interaction in combination with a scoring model;
preferably, the protocol test comprises: according to the port number automatic matching protocol type, calling a corresponding test script to request and receiving response information to analyze, judging whether the result is normal, outputting request and response log information, and judging whether the target equipment is a honeypot according to response accuracy;
preferably, the data testing comprises: and using the provided login information to log in the system, searching whether the configuration information of the scanning system and the application is normal, searching a user name and a user file name according to a template, checking a database instance according to a database type, identifying a database instance which is not default by the system, accessing data in a table and judging whether the data is business data.
3. The method of automatically detecting a honeypot system of claim 1, wherein the specialized detection in S4 comprises: performing performance test and safety test on the target equipment;
preferably, the performance test comprises: automatically simulating multiple IP and interaction between a user and the target equipment by using multithreading, and simulating login, inquiry, modification, deletion and operation;
preferably, the safety test comprises: and automatically calling a corresponding security vulnerability scanning script to test according to the target equipment operating system, the application type and the protocol type.
4. The method for automatically detecting a honeypot system according to claim 1, wherein the types of parameters to be detected in S1 include: a target IP range;
preferably, the parameter types to be measured in S1 further include a port range, a system type, and a detection type.
5. The method of automatically detecting a honeypot system of claim 1, wherein the port test in S2 comprises: checking the open port number and port type of the target device.
6. The method of automatically detecting a honeypot system of claim 1, wherein the IP test in S2 comprises: the method comprises the steps of performing survival identification on target equipment IP, checking whether the target IP exists by sending tcp and udp messages to the target, and inquiring the active IP in a first database to obtain operator information, cloud host information and geographic position information;
preferably, the first database includes preset data information or purchased data information according to actual requirements.
7. The method of automatically detecting a honeypot system of claim 1, wherein the fingerprint test in S3 comprises: scanning fingerprint information of the target equipment and matching the fingerprint information in a second database, and judging whether the target equipment is a honey pot or not according to a matching result;
preferably, the fingerprint information includes at least one of: host fingerprint, operating system fingerprint, application fingerprint, protocol fingerprint;
preferably, the second database includes a plurality of host names and fingerprint information corresponding thereto, a plurality of operating systems and fingerprint information corresponding thereto, a plurality of applications and fingerprint information corresponding thereto, and a plurality of protocols and fingerprint information corresponding thereto.
8. The method for automatically detecting a honeypot system of claim 5, wherein S1 comprises:
s1-1: presetting the target IP range as a single IP or a plurality of IP or IP sections;
s1-2: presetting the port range as a single port or a plurality of ports or port intervals;
s1-3: presetting the system type, and automatically identifying the system type when the system type is not set.
9. The method of automatically detecting a honeypot system of claim 8, wherein S2 comprises: and automatically carrying out port scanning on the target equipment according to the scanning script and the preset port range, checking an open port number and a port type, and identifying a service type.
10. An automated inspection system for a honeypot system, the system comprising:
the preset module is used for setting the type of the parameter to be detected;
the identifying module is used for identifying the target equipment and judging whether the target equipment is a honeypot system or not;
the special detection module is used for carrying out special detection on the honeypot system;
and the output module is used for recording the results of the identification and the special detection and outputting a detection report.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310870852.5A CN117220900A (en) | 2023-07-14 | 2023-07-14 | Method and system for automatically detecting honeypot system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310870852.5A CN117220900A (en) | 2023-07-14 | 2023-07-14 | Method and system for automatically detecting honeypot system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117220900A true CN117220900A (en) | 2023-12-12 |
Family
ID=89034098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310870852.5A Pending CN117220900A (en) | 2023-07-14 | 2023-07-14 | Method and system for automatically detecting honeypot system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117220900A (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018084808A1 (en) * | 2016-11-04 | 2018-05-11 | Singapore University Of Technology And Design | Computer-implemented method and data processing system for testing device security |
| CN109617878A (en) * | 2018-12-13 | 2019-04-12 | 烽台科技(北京)有限公司 | A kind of construction method and system, computer readable storage medium of honey net |
| US20190230105A1 (en) * | 2018-01-23 | 2019-07-25 | Rapid7, Inc. | Detecting anomalous internet behavior |
| CN111683055A (en) * | 2020-05-14 | 2020-09-18 | 北京邮电大学 | Industrial honey pot control method and device |
| CN112217800A (en) * | 2020-09-14 | 2021-01-12 | 广州大学 | Honeypot identification method, system, device and medium |
| CN112383538A (en) * | 2020-11-11 | 2021-02-19 | 西安热工研究院有限公司 | Hybrid high-interaction industrial honeypot system and method |
| CN112578761A (en) * | 2021-02-03 | 2021-03-30 | 山东云天安全技术有限公司 | Industrial control honey pot safety protection device and method |
| CN112800417A (en) * | 2021-04-15 | 2021-05-14 | 远江盛邦(北京)网络安全科技股份有限公司 | Identification method and system of feedback honeypot system based on service state machine |
| CN113132293A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团湖南有限公司 | Attack detection method and device and public honeypot system |
| CN113472819A (en) * | 2021-09-03 | 2021-10-01 | 国际关系学院 | Honeypot detection and identification method and device based on fingerprint characteristics |
| US20210344690A1 (en) * | 2020-05-01 | 2021-11-04 | Amazon Technologies, Inc. | Distributed threat sensor analysis and correlation |
| CN114679292A (en) * | 2021-06-10 | 2022-06-28 | 腾讯云计算(北京)有限责任公司 | Honeypot identification method, device, equipment and medium based on network space mapping |
| CN114826663A (en) * | 2022-03-18 | 2022-07-29 | 烽台科技(北京)有限公司 | Honeypot identification method, honeypot identification device, honeypot identification equipment and storage medium |
-
2023
- 2023-07-14 CN CN202310870852.5A patent/CN117220900A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018084808A1 (en) * | 2016-11-04 | 2018-05-11 | Singapore University Of Technology And Design | Computer-implemented method and data processing system for testing device security |
| US20190230105A1 (en) * | 2018-01-23 | 2019-07-25 | Rapid7, Inc. | Detecting anomalous internet behavior |
| CN109617878A (en) * | 2018-12-13 | 2019-04-12 | 烽台科技(北京)有限公司 | A kind of construction method and system, computer readable storage medium of honey net |
| CN113132293A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团湖南有限公司 | Attack detection method and device and public honeypot system |
| US20210344690A1 (en) * | 2020-05-01 | 2021-11-04 | Amazon Technologies, Inc. | Distributed threat sensor analysis and correlation |
| CN111683055A (en) * | 2020-05-14 | 2020-09-18 | 北京邮电大学 | Industrial honey pot control method and device |
| CN112217800A (en) * | 2020-09-14 | 2021-01-12 | 广州大学 | Honeypot identification method, system, device and medium |
| CN112383538A (en) * | 2020-11-11 | 2021-02-19 | 西安热工研究院有限公司 | Hybrid high-interaction industrial honeypot system and method |
| CN112578761A (en) * | 2021-02-03 | 2021-03-30 | 山东云天安全技术有限公司 | Industrial control honey pot safety protection device and method |
| CN112800417A (en) * | 2021-04-15 | 2021-05-14 | 远江盛邦(北京)网络安全科技股份有限公司 | Identification method and system of feedback honeypot system based on service state machine |
| CN114679292A (en) * | 2021-06-10 | 2022-06-28 | 腾讯云计算(北京)有限责任公司 | Honeypot identification method, device, equipment and medium based on network space mapping |
| WO2022257226A1 (en) * | 2021-06-10 | 2022-12-15 | 腾讯云计算(北京)有限责任公司 | Cyberspace mapping-based honeypot recognition method and apparatus, device, and medium |
| CN113472819A (en) * | 2021-09-03 | 2021-10-01 | 国际关系学院 | Honeypot detection and identification method and device based on fingerprint characteristics |
| CN114826663A (en) * | 2022-03-18 | 2022-07-29 | 烽台科技(北京)有限公司 | Honeypot identification method, honeypot identification device, honeypot identification equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| N. NAIK等: ""Honeypots That Bite Back: A Fuzzy Technique for Identifying and Inhibiting Fingerprinting Attacks on Low Interaction Honeypots"", 《2018 IEEE INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS (FUZZ-IEEE)》, 14 October 2018 (2018-10-14) * |
| 向全青;: "基于网络扫描技术的动态蜜罐网络设计与实现", 信息技术, no. 06, 25 June 2013 (2013-06-25) * |
| 高丰;杜德慧;: "基于蜜网的网络监测系统的设计与实现", 信息网络安全, no. 09, 15 September 2011 (2011-09-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324310B (en) | Network asset fingerprint identification method, system and equipment | |
| CN110149350B (en) | Network attack event analysis method and device associated with alarm log | |
| CN108183895B (en) | Network asset information acquisition system | |
| EP1665011B1 (en) | Method and system for displaying network security incidents | |
| US8555393B2 (en) | Automated testing for security vulnerabilities of devices | |
| CN112182588B (en) | Threat information-based operating system vulnerability analysis and detection method and system | |
| CN108830084B (en) | Handheld terminal for realizing vulnerability scanning and protection reinforcement and protection method | |
| CN110881043B (en) | Method and device for detecting web server vulnerability | |
| US8146146B1 (en) | Method and apparatus for integrated network security alert information retrieval | |
| CN114070629A (en) | Safety arrangement and automatic response method, device and system for APT (advanced persistent threat) attack | |
| CN110460481B (en) | Identification method of network key assets | |
| Laštovička et al. | Network monitoring and enumerating vulnerabilities in large heterogeneous networks | |
| CN114143064A (en) | Multi-source network security alarm event tracing and automatic processing method and device | |
| CN116708028B (en) | External attack surface management method and system based on attacker view angle | |
| Adamović | Penetration testing and vulnerability assessment: introduction, phases, tools and methods | |
| CN113381980A (en) | Information security defense method and system, electronic device and storage medium | |
| CN116318783B (en) | Network industrial control equipment safety monitoring method and device based on safety index | |
| CN117220900A (en) | Method and system for automatically detecting honeypot system | |
| CN115913634A (en) | Network security abnormity detection method and system based on deep learning | |
| KR100772177B1 (en) | Method and apparatus for generating intrusion detection event to test security function | |
| CN115361219A (en) | Log file processing method, electronic device and storage medium | |
| US11108800B1 (en) | Penetration test monitoring server and system | |
| Vos | Capability Maturity Measurement of a Security Operations Center through Analysis Detection | |
| CN111355688A (en) | Core method and device for automatic infiltration and analysis based on AI technology | |
| Swart et al. | Towards a platform to visualize the state of South Africa's information security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |