CN102685147B - Mobile communication honeypot capturing system and implementation method thereof - Google Patents
Mobile communication honeypot capturing system and implementation method thereof Download PDFInfo
- Publication number
- CN102685147B CN102685147B CN201210175212.4A CN201210175212A CN102685147B CN 102685147 B CN102685147 B CN 102685147B CN 201210175212 A CN201210175212 A CN 201210175212A CN 102685147 B CN102685147 B CN 102685147B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- mobile communication
- wireless link
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a mobile communication honeypot capturing system comprising a mobile communication terminal, a wireless link access module, a data capturing module and an application process central module, wherein the mobile communication terminal is communicated with the wireless link access module through a wireless channel link; and the data capturing module is connected with the application process central module through a server-side communication interface module. The invention further discloses an implementation method of the mobile communication honeypot capturing system; the mobile communication honeypot capturing system and the implementation method are independent of hardware equipment and system platforms of a mobile communication terminal and have universality; in addition, the communication behavior is monitored on the wireless link without occupying terminal resources.
Description
Technical field
The invention belongs to radio network technique field, relate to a kind of honey jar capture systems and its implementation, specifically a kind of artificial antenna access environment carries out the honey jar capture systems of monitoring and its implementation for communication of mobile terminal behavior.
Background technology
The world today, mobile communication technology fast development, its superiority runs through the every aspect of life.While it brings convenience to us, also threat is caused to the secure communication of user.Popularizing along with smart mobile phone, its efficient multitask switching and wireless networking capabilities are loved by the people, but inevitably, also greatly improved by the possibility of virus attack.For this phenomenon, someone proposes terminal protection, core net erection, the solution such as mobile phone protection based on base station.In the solution of terminal protection, although market today there is the protection capacity of safety protection software for mobile phone viruses, because it is all rooted in certain hardware device, thus flexibility compared with low, resources occupation rate is large; Because it is difficult to meet diversified cell phone system, poor universality, so market prospects need to be considered; Because it lacks the function of safety protection of wireless link, so viral intercepting and capturing rate is low.In the scheme of core net erection, core net associated nets source device layout difficulty, feature that cost is high make the program there is limitation.The scheme of protecting in the mobile phone based on base station, base station flexibility is poor, and portability is low, also makes program Shortcomings.
The Honeypot Techniques adopted in network safety prevention is that mobile communication security protection provides new thinking.Honeypot Techniques is former is a kind ofly can be detected by hacker, attack and be even broken and the secure resources of divulging a secret.It is by luring hacker attacks into, and then collects evidence and analyze the attack of hacker, under the prerequisite hiding real server address, implements security protection.
Really, the information security issue for mobile communication is difficult to be solved always, greatly have impact on the communication support of cellphone subscriber thus.The mobile communication honey jar capture systems that the artificial antenna access environment that the present invention proposes carries out mobile terminal behavior monitoring can address this problem very well.The present invention is based on Honeypot Techniques, and by this Technology application on wireless link, the communication behavior for mobile terminal carries out monitoring, analyzing, and excavates potential safety hazard, optimizes protective environment.Meanwhile, this device layout is simple, easy to implement, must greatly reduce the safety problem such as information stealth, loss future, and rationally carries out in business activity, plays very important effect in personal information security protection etc.
Summary of the invention
The object of the present invention is to provide a kind of mobile communication honey jar capture systems, it is the method that a kind of artificial antenna access environment carries out for communication of mobile terminal behavior monitoring, effectively potential safety hazard is excavated with this, optimize protective environment, thus greatly improve system safety protective capacities, overcome the shortcomings such as existing safety prevention measure virus intercepting and capturing rate in mobile communication is low, very flexible.
Another object of the present invention is the implementation method providing a kind of mobile communication honey jar capture systems.
The technical solution used in the present invention is: a kind of mobile communication honey jar capture systems, comprises mobile communication terminal, wireless link access module, data capture module and application processing center module;
Described mobile communication terminal is communicated by wireless channel link with wireless link access module;
Described data capture module is connected by server end communication interface modules with application processing center module.
As preferably, described wireless link access module comprises radio-frequency module, baseband module, protocol stack module, gateway module, and described radio-frequency module receives aerial signal, sends into baseband module after process; Process from baseband module sense data during transmission, gone out by antenna transmission; Baseband module primary responsibility is modulated correlation reception data, demodulation; Protocol stack module is resolved the frame received from baseband module according to mobile communication standard, delivers to data capture module; Broadcast the corresponding command during transmission, artificial antenna access environment, is caught by wireless link access module to control cellphone information; Gateway module, according to the data type received, differentiates the network type of access, carries out alternately with real communication environment.
This wireless link access module primary responsibility builds access network in the wireless context, and the access environment of Reality simulation base station, lures that mobile phone communicates with it into, catch related data.Wireless link access module can be one or more, relevant to the range of signal that will catch.
As preferably, described data capture module intercepts and captures data mutual between protocol stack module and gateway module, and is sent to upper layer application processing center module.
What this data capture module completed wireless link access module and application processing center intermodule is connected work.
As preferably, described application processing center module comprises server end communication interface modules, communication behavior monitoring modular, back-end data library module, human-computer interaction module; Described server end communication interface modules is connected with data capture module, realizes digital received and sent control information; Communication behavior monitoring modular invoking server end communication interface modules, obtains the data after data capture module process, analyzes content wherein, scans also and background data base comparison, detect known virus and attack in Content of Communication; Meanwhile, call human-computer interaction module and send related data to mobile terminal, by following the tracks of, monitoring, analyze its communication behavior, excavate new potential safety hazard, thus upgrade, optimize background data base; Back-end data library module realizes malicious act comparison and real-time update function; Human-computer interaction module calling communication behavior monitoring module display monitoring result, invoking server end communication interface modules sends control information and controls wireless link access module, realizes informing mobile communication terminal behavior monitoring result, assistance behavior monitoring module tracks is correlated with malicious communication behavioral function.
The implementation method of above-mentioned mobile communication honey jar capture systems, comprises the following steps:
1) wireless link access module initialization, the radio signal of broadcast containing system parameters, waits for that mobile communication terminal connects access;
2) mobile communication terminal initialization, scanning communication network, according to the signal parameter received, sends connection request to it, carries out access and prepares;
3) wireless link access module is managed for configuration self environment, sends signal to mobile communication terminal, allows access, and distributes related communication resource for it;
4) communicate to connect after successfully setting up, mobile terminal is to wireless link access module reported data;
5) wireless link access module is to the original communication data received, and carries out the sequence of operations such as procotol parsing, with wireless environment that is virtually reality like reality, realizes information interaction;
6) data capture module intercepts and captures data mutual between protocol stack submodule and gateway submodule in wireless link access module, processes and form executable file to it, is sent to application processing center module;
7) the communication behavior monitoring modular in processing center module is according to the fileinfo received, and comprehensive utilization back-end data database data, carries out communication behavior monitoring, new malicious act carried out adding database to simultaneously;
8) regulator of this monitoring system can be known the system safety state of mobile terminal at any time by human-computer interaction module and inform mobile terminal monitoring result, realizes the function of safety protection of radio link layer.
beneficial effect:the present invention is by broadcast radio signal, and artificial antenna access environment, lures mobile communication terminal access monitoring device into, carries out the monitoring of malicious communication behavior, analysis and record after treatment at radio link layer.Carry out in the process communicated at mobile terminal, no matter whether virus exists, the transmission of information must through wireless link, the present invention makes full use of this feature, simultaneously in conjunction with the thought of Honeypot Techniques, honey jar capture systems is applied to wireless link, excavates potential safety hazard, optimize protective environment, thus greatly improve system safety protective capacities.Existing security protection system all needs to be rooted in certain fixed platform, and security protection process of the present invention is at wireless link but not mobile communication terminal carries out, break away from the constraint of particular platform, thus alleviate the load of mobile terminal, reduce resources occupation rate, decrease drain on manpower and material resources, strengthen versatility.In addition, layout of the present invention is simple, easy to implement, cost is low, flexibility is high.
Accompanying drawing explanation
Fig. 1 is the operation principle schematic diagram of mobile communication honey jar acquisition equipment of the present invention;
Wherein have: the first mobile communication terminal 101, second mobile communication terminal 102, wireless link access module 103, RF front-end module 104, baseband module 105, protocol stack module 106, gateway module 107, data capture module 108, application processing center module 109, communication behavior monitoring modular 110, human-computer interaction module 111, server end communication interface 112, back-end data library module 113.
Fig. 2 is mobile communication honey jar catching method schematic flow diagram of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the invention will be further described:
As shown in Figure 1, this honey jar capture systems comprises a wireless link access module 103 and is placed on the first mobile communication terminal 101, second mobile communication terminal 102(namely by the user of wireless network access base station) near, the actual communication process under artificial antenna environment.Data capture module 108 intercept note and GPRS (GPRS, General Packet Radio Service) data after by wire message way transfer of data to application processing center 109.Data, at the inner data intercept of communication network, are then sent to application processing center and are further processed, finally realize the monitoring of communication behavior by such realization.
Wireless link access module 103 of the present invention is embedded devices, and its assembly radio-frequency module 104, baseband module 105 realize in FPGA platform, and protocol stack module 106, gateway module 107 run on X86 platform.Its effect is placed near the first mobile communication terminal 101 or the second mobile communication terminal 102, artificial antenna access environment, the communication data by wireless link access base station is caught by radio-frequency front-end 104, send into baseband module 105 after process and carry out demodulation, and give X86 platform by the frame after demodulation; Read the data after modulating from baseband module 105 during transmission to process, gone out by antenna transmission.Protocol stack module 106 carries out signalling analysis to the frame received, and obtains international mobile subscriber identity (IMSI, International Mobile Subscriber Identity) number and Content of Communication; Broadcast different command to mobile phone during transmission, whether access wireless link access module 103 to control mobile phone.Gateway module 107 primary responsibility is according to the data type received, differentiate that the network accessed is global system for mobile communications (GSM, Global System for Mobile Communications) core net or the Internet, carry out with real communication environment alternately.Wherein the first mobile communication terminal 101, second mobile communication terminal 102 differs, and establish a capital will in the coverage of same wireless link access module 103, as long as there is one can lure access into the mobile terminal under its coverage near wireless link access module 103.
After application processing center module 109 receives the resolution data of catching by server communication port one 12, carry out communication behavior monitoring, and compare with background data base 113, detect known virus and attack in Content of Communication.In addition, in testing process, excavate new potential safety hazard by data interaction, thus upgrade, optimize background data base.The regulator of this detection system can be known the system safety state of mobile terminal at any time by human-computer interaction module and inform mobile terminal behavior monitoring result simultaneously, realizes the function of safety protection of radio link layer.
As shown in Figure 2, specific works flow process of the present invention comprises the following steps:
Step 201: wireless link access module carries out initialization, waits for that mobile communication terminal connects access, and now mobile communication terminal has been placed in the network that wireless link access module covers;
Step 202: mobile communication terminal initialization Sampling network signal, accept the broadcast singal in network, strong and weak according to the signal obtained, determine wireless link access module, initiatively send connection request to it, set up wireless link with wireless link access module after allowing to be connected, both sides realize proper communication.
Step 203: described access module builds access network in the wireless context, the protocol stack in this module, to receiving original communication data, carries out the sequence of operations such as procotol parsing, with wireless environment that is virtually reality like reality, realizes information interaction;
Here, described protocol stack can be gsm protocol stack or GPRS protocol stack.
Step 204: data capture module intercepts and captures data mutual between protocol stack submodule and gateway submodule in wireless link access module, processes and form executable file to it, is sent to application processing center module;
Step 205: upper layer application processing center receives the data uploaded by server terminal communication interface.Here, described data can be short message content or GPRS data.
Step 206 ~ 207: the communication behavior monitoring modular in application processing center module, according to the fileinfo received, is analyzed content wherein, scanned also and background data base comparison, detect known virus and attack in Content of Communication; Meanwhile, call human-computer interaction module and send related data to mobile terminal, by following the tracks of, monitoring, analyze its communication behavior, excavate new potential safety hazard, and upgrade, optimize background data base.
Step 208: the regulator of this honey jar capture systems is known the system safety state of mobile terminal at any time by the human-computer interaction module on x86 platform and informs mobile terminal behavior monitoring result, realizes the function of safety protection of radio link layer.
It should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention, can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.The all available prior art of each part not clear and definite in the present embodiment is realized.
Claims (2)
1. a mobile communication honey jar capture systems, is characterized in that: comprise mobile communication terminal, wireless link access module, data capture module and application processing center module;
Described mobile communication terminal is communicated by wireless channel link with wireless link access module;
Described data capture module is connected by server end communication interface modules with application processing center module;
Described wireless link access module comprises radio-frequency module, baseband module, protocol stack module, gateway module, and described radio-frequency module receives aerial signal, sends into baseband module after process; Process from baseband module sense data during transmission, gone out by antenna transmission; Baseband module primary responsibility is modulated correlation reception data, demodulation; Protocol stack module is resolved the frame received from baseband module according to mobile communication standard, delivers to data capture module; Broadcast the corresponding command during transmission, artificial antenna access environment, is caught by wireless link access module to control cellphone information; Gateway module, according to the data type received, differentiates the network type of access, carries out alternately with real communication environment;
Described data capture module intercepts and captures data mutual between protocol stack module and gateway module, and is sent to upper layer application processing center module;
Described application processing center module comprises server end communication interface modules, communication behavior monitoring modular, back-end data library module, human-computer interaction module; Described server end communication interface modules is connected with data capture module, realizes digital received and sent control information; Communication behavior monitoring modular invoking server end communication interface modules, obtains the data after data capture module process, analyzes content wherein, scans also and background data base comparison, detect known virus and attack in Content of Communication; Meanwhile, call human-computer interaction module and send related data to mobile communication terminal, by following the tracks of, monitoring, analyze its communication behavior, excavate new potential safety hazard, thus upgrade, optimize background data base; Back-end data library module realizes malicious act comparison and real-time update function; Human-computer interaction module calling communication behavior monitoring module display monitoring result, invoking server end communication interface modules sends control information and controls wireless link access module, realizes informing mobile communication terminal behavior monitoring result, facilitating communications behavior monitoring module tracks is correlated with malicious communication behavioral function.
2. an implementation method for mobile communication honey jar capture systems described in claim 1, is characterized in that: comprise the following steps:
1) wireless link access module initialization, the radio signal of broadcast containing system parameters, waits for that mobile communication terminal connects access;
2) mobile communication terminal initialization, scanning communication network, according to the signal parameter received, sends connection request to it, carries out access and prepares;
3) wireless link access module is managed for configuration self environment, sends signal to mobile communication terminal, allows access, and distributes related communication resource for it;
4) communicate to connect after successfully setting up, mobile communication terminal is to wireless link access module reported data;
5) wireless link access module is to the original communication data received, and carries out the operation of procotol parsing, with wireless environment that is virtually reality like reality, realizes information interaction;
6) data capture module intercepts and captures data mutual between protocol stack submodule and gateway submodule in wireless link access module, processes and form executable file to it, is sent to application processing center module;
7) the communication behavior monitoring modular in application processing center module is according to the fileinfo received, and comprehensive utilization back-end data database data, carries out communication behavior monitoring, new malicious act carried out adding database to simultaneously;
8) regulator of this capture systems can be known the system safety state of mobile communication terminal at any time by human-computer interaction module and inform mobile communication terminal monitors result, realizes the function of safety protection of radio link layer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210175212.4A CN102685147B (en) | 2012-05-31 | 2012-05-31 | Mobile communication honeypot capturing system and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210175212.4A CN102685147B (en) | 2012-05-31 | 2012-05-31 | Mobile communication honeypot capturing system and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102685147A CN102685147A (en) | 2012-09-19 |
| CN102685147B true CN102685147B (en) | 2015-04-15 |
Family
ID=46816510
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210175212.4A Expired - Fee Related CN102685147B (en) | 2012-05-31 | 2012-05-31 | Mobile communication honeypot capturing system and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102685147B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105656839A (en) * | 2014-11-11 | 2016-06-08 | 江苏威盾网络科技有限公司 | System and method for security protection of mobile terminal based on encryption technology |
| CN104980423A (en) * | 2014-11-26 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Advanced persistent threat trapping system and method |
| EP3041190B1 (en) * | 2014-12-30 | 2020-11-25 | Juniper Networks, Inc. | Dynamic service handling using a honeypot |
| CN107644161A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Safety detecting method, device and the equipment of sample |
| CN108366088A (en) * | 2017-12-28 | 2018-08-03 | 广州华夏职业学院 | A kind of information security early warning system for Instructing network |
| CN110875904A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Method for realizing attack processing, honeypot deployment method, honeypot deployment medium and honeypot deployment device |
| CN110475227B (en) * | 2019-07-26 | 2022-03-22 | 上海帆一尚行科技有限公司 | Method, device and system for protecting information security of Internet of vehicles and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873556A (en) * | 2010-06-24 | 2010-10-27 | 北京安天电子设备有限公司 | Honeypot capture system for malicious information in communication network |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1999925B1 (en) * | 2006-03-27 | 2011-07-06 | Telecom Italia S.p.A. | A method and system for identifying malicious messages in mobile communication networks, related network and computer program product therefor |
| US8881283B2 (en) * | 2006-10-06 | 2014-11-04 | Juniper Networks, Inc. | System and method of malware sample collection on mobile networks |
-
2012
- 2012-05-31 CN CN201210175212.4A patent/CN102685147B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873556A (en) * | 2010-06-24 | 2010-10-27 | 北京安天电子设备有限公司 | Honeypot capture system for malicious information in communication network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102685147A (en) | 2012-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102685147B (en) | Mobile communication honeypot capturing system and implementation method thereof | |
| Jover | LTE security, protocol exploits and location tracking experimentation with low-cost software radio | |
| Mjølsnes et al. | Easy 4G/LTE IMSI catchers for non-programmers | |
| US20150229669A1 (en) | Method and device for detecting distributed denial of service attack | |
| Dabrowski et al. | The messenger shoots back: Network operator based IMSI catcher detection | |
| US20200045073A1 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
| CN111800412B (en) | Advanced sustainable threat tracing method, system, computer equipment and storage medium | |
| CN105516986A (en) | Method for detecting pseudo base station, terminal, data processor and system | |
| CN113206814B (en) | Network event processing method and device and readable storage medium | |
| CN107094293A (en) | A kind of device and method for obtaining WiFi terminal real MAC address | |
| CN105307119A (en) | Pseudo base station positioning method based on RSSI base station signal estimation | |
| CN104320782A (en) | WiFi signal blocking system and method | |
| Song et al. | A mobile communication honeypot observing system | |
| CN104581731A (en) | Determining method and system for mobile phone terminal hijack process by pseudo base station | |
| CN104683965A (en) | Interception method and equipment for spam short messages of pseudo base station | |
| CN105262712A (en) | Network intrusion detection method and device | |
| CN113595799A (en) | Mobile network shooting range system and network flow attack simulation method | |
| CN103369482A (en) | Equipment and method for monitoring short messages of mobile terminal | |
| CN107241274A (en) | A kind of integrated service wireless router of Internet of Things and system | |
| CN104486292A (en) | Enterprise-resource safety-access control method, device and system | |
| CN101778364A (en) | System and method for discovering and governing behaviors of copying SIM cards of mobile phones by adopting forced login | |
| WO2018209652A1 (en) | Adaptive network data collection and composition | |
| CN106973396A (en) | Capture systems and method under a kind of mobile phone black state | |
| CN101827359A (en) | System and method for discovering and handling illegally copied SIM cards | |
| CN108600969A (en) | A kind of method and system of LTE network lower-pilot short message and speech message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150415 Termination date: 20180531 |