CN104978519A - Implementation method and device of application-type honeypot - Google Patents
Implementation method and device of application-type honeypot Download PDFInfo
- Publication number
- CN104978519A CN104978519A CN201410598007.8A CN201410598007A CN104978519A CN 104978519 A CN104978519 A CN 104978519A CN 201410598007 A CN201410598007 A CN 201410598007A CN 104978519 A CN104978519 A CN 104978519A
- Authority
- CN
- China
- Prior art keywords
- application service
- honey jar
- application
- service
- honeypot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an implementation method and device of an application-type honeypot. The implementation method comprises the following steps: obtaining application service to be simulated and the attribute information and the application environment of the application service to be simulated, and deploying the same application service and application environment into the honeypot; setting the corresponding attributes of the honeypot, for example, a login account of the application service of the honeypot is set to be the same with the application service to be simulated, and the known controllable security holes of at least one application service is opened; according to a user flag, carrying out decryption processing on all pieces of business data in the application service, applying a confounding algorithm to carry out deformation processing on all pieces of business data, and then, importing the business data into the application service of the honeypot; and importing newly-added business data into the application service of the honeypot in fixed time or real time. The invention also provides corresponding equipment. The application-type honeypot can be combined with the real business data of the user to confuse an attacker to a maximum degree, and the attacker is enabled to think that the honeypot is the real application service data of the user.
Description
Technical field
The present invention relates to computer safety field, particularly a kind of implementation method of applied honey jar and device.
Background technology
Honeypot Techniques is a kind of by disguising oneself as value with the main frame of BUG or defect and service, attract assailant or malicious code invasion, thus analyze behavior motive and the ins and outs of this assailant or malicious code, for research and defence etc.
Current network security industry is generally divided into low mutual honey jar and height mutual honey jar two class for Honeypot Techniques: it is very elementary mutual that low mutual honey jar generally adopts low layer analogue technique to realize, the network behavior caught is also very limited, Typical Representative is HoneyD, Nepenthes, Dionaea; The service of camouflage after Full Featured service that what high mutual honey jar adopted is generally or amendment, in network install agents or flow analysis module or install behavior monitoring module in system background.
But along with the evolution of network power amplifier technology, for the Detection Techniques also evolution thereupon of honey jar service, the interests that current assailant pursues are more prone to secret of the trade or government's back-end data, because Honeypot Techniques is comprehensively open, generally invading successfully, first assailant detects the resource value on current hosts, if have value, after taking all data, just hide, to ensure sustainable acquisition more data in the future.And current Honeypot Techniques or product enter to provide basic service to simulate, or run real service on a virtual machine, but the data carried are very simple, and being therefore easy to perceived current system is honey jar, thus cannot get the real intention of assailant and collect evidence.
Summary of the invention
Based on the problems referred to above, the invention provides a kind of implementation method and device of applied honey jar, by adopting the true application service and True Data that processed, the service of solving in existing Honeypot Techniques and data too simple, easily be perceived the problem into honey jar, ensure the activity of data in honey jar simultaneously, reach the object that assailant or malicious code can be attracted to run in honey jar.
A kind of applied honey jar implementation method, comprising:
Obtain the application service that will simulate and attribute information thereof and applied environment, and dispose identical application service and applied environment in honey jar; Namely honey jar is built with real service;
The login account arranging the application service of described honey jar is identical with the application service that will simulate, and the known controllable security breaches of at least one application service open; According to the usual requirement to honey pot system, the security configuration that main frame is used for honey jar maintenance and management will arrange high as far as possible; Security strategy for the honey jar service come out will arrange low as far as possible, therefore also should ensure that honey jar place equipment should lower than the level of security of actual services system equipment, and the application service of honey jar arranges corresponding controllable safety leak, to enable assailant be easier to access the data in honey jar;
The application service arranging described honey jar is full-time record, and described daily record only keeper there is amendment authority; Namely record detailed interactive log, and the control of authority read and revise is in safe range.
According to user's mark, DecryptDecryption process is carried out to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar;
According to Preset Time, regularly or in the application service of honey jar, import newly-increased business datum in real time.
In described method, described honey jar adopts the equipment identical with the application service that will simulate.
In described method, what be set to by the fire wall of honey jar place equipment only to allow honey jar service and honey jar administrative institute to need outreaches request, forbids other access behaviors, and carries out record to other access behaviors produced.Port for other services request all should be closed, and blocks the unknown and enters and outreach request.
In described method, application service in described honey jar is set to most I and runs authority.
In described method, also comprise and attack monitoring is carried out to the application service of honey jar, if process is lost, then determine to occur Vulnerability events.
A kind of applied honey jar implement device, comprising:
Application deployment module, for obtaining the application service and attribute information thereof and applied environment that will simulate, and disposes identical application service and applied environment in honey jar;
Control module is set, identical with the application service that will simulate for the login account arranging the application service of described honey jar, and the known controllable security breaches of at least one application service open; The application service arranging described honey jar is full-time record, and described daily record only keeper there is amendment authority;
Data importing module, for according to user's mark, carries out DecryptDecryption process to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar;
Update module, for according to Preset Time, regularly or in the application service of honey jar, import newly-increased business datum in real time.
In described device, described honey jar adopts the equipment identical with the application service that will simulate.
In described device, described arrange that the fire wall of honey jar place equipment is also set to only to allow honey jar service and honey jar administrative institute to need by control module outreach request, forbid other access behaviors, and record carried out to other access behaviors produced.
In described device, the described control module that arranges also runs authority for application service in described honey jar being set to most I.
In described device, also comprise monitoring module, for carrying out attack monitoring to the application service of honey jar, if process is lost, then determine to occur Vulnerability events.
Advantage of the present invention is, passage is deployed in the true application service on true main frame, and making scanning tools cannot distinguish this equipment is actual services equipment or honey jar equipment, and assailant is thought, and current device is its intrusion target; And by follow-up supplementing business datum, honey jar is become and enlivens main frame, make assailant more be ready to hide in main frame.And by carrying out DecryptDecryption process to the whole business datums in application service, both ensure that the confidence level of data in honey jar, in turn ensure that data message can not be revealed.The honey jar that the present invention realizes, by reply network sweep with attack more traditional honey jar in threat and more easily confuse assailant, contributes to the darker behavior intention of realizing assailant and analyzes evidence obtaining.
The invention provides a kind of method described in applied honey jar implementation method and device, comprising: obtain the application service that will simulate and attribute information thereof and applied environment, and dispose identical application service and applied environment in honey jar; And the respective attributes of honey jar is arranged, the login account as the application service of honey jar as described in arranging is identical with the application service that will simulate, and the known controllable security breaches of at least one application service open; According to user's mark, DecryptDecryption process is carried out to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar; And regularly or in real time can import newly-increased business datum in the application service of honey jar.The present invention also proposes corresponding equipment, by application layer honey jar of the present invention, can in conjunction with the actual services data of user, and farthest confuse assailant, honey jar is the true application service data of user to make it think.
Accompanying drawing explanation
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the implementation method process flow diagram of a kind of applied honey jar of the present invention;
Fig. 2 is the implement device structural drawing of a kind of applied honey jar of the present invention.
Embodiment
In order to make those skilled in the art person understand technical scheme in the embodiment of the present invention better, and enable above-mentioned purpose of the present invention, feature and advantage become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail.
The invention provides a kind of implementation method and device of applied honey jar, by adopting the true application service and True Data that processed, the service of solving in existing Honeypot Techniques and data too simple, easily be perceived the problem into honey jar, ensure the activity of data in honey jar simultaneously, reach the object that assailant or malicious code can be attracted to run in honey jar.
A kind of applied honey jar implementation method, as shown in Figure 1, comprising:
S101: obtain the application service that will simulate and attribute information thereof and applied environment, and dispose identical application service and applied environment in honey jar; Namely honey jar is built with real service;
S102: the login account arranging the application service of described honey jar is identical with the application service that will simulate, and the known controllable security breaches of at least one application service open; According to the usual requirement to honey pot system, the security configuration that main frame is used for honey jar maintenance and management will arrange high as far as possible; Security strategy for the honey jar service come out will arrange low as far as possible, therefore also should ensure that honey jar place equipment should lower than the level of security of actual services system equipment, and the application service of honey jar arranges corresponding controllable safety leak, to enable assailant be easier to access the data in honey jar; Known controlled security breaches are as account weak passwurd, and IP connects restriction etc., makes assailant than being easier to have access to the data in honey jar;
S103: the application service arranging described honey jar is full-time record, and described daily record only keeper there is amendment authority; Namely record detailed interactive log, and the control of authority read and revise is in safe range, carries out data interaction as the passages such as syslog can be adopted.
S104: according to user's mark, DecryptDecryption process is carried out to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar; Data DecryptDecryption refers to the distortion some sensitive information being carried out to data, realize the reliably protecting of privacy-sensitive data, even can also carry out the data of the current honey jar of random configuration data stuffing, reach and neither user profile is revealed, data can be made again to seem reasonable, reach the object of fascination assailant;
S105: according to Preset Time, regularly or in the application service of honey jar, import newly-increased business datum in real time.The Added Business data regularly or in real time imported also need to carry out the process such as DecryptDecryption, and regularly or in real time import newly-increased business datum, can keep the activity of honey jar, make it closer to real application service.Newly-increased business datum can be obtained by multiple channel, as the daily record of application service, regular backup or some audit product also possess same ability.
In described method, described honey jar adopts the equipment identical with the application service that will simulate.Adopt identical device to carry out simulation and can ensure that honey jar adopts real equipment and service arrangement to realize, be deployed on real main process equipment instead of on virtual machine, make scanning tools cannot distinguish honey jar and true main frame.
In described method, what be set to by the fire wall of honey jar place equipment only to allow honey jar service and honey jar administrative institute to need outreaches request, forbids other access behaviors, and carries out record to other access behaviors produced.Port for other services request all should be closed, and blocks the unknown and enters and outreach request.
In described method, application service in described honey jar is set to most I and runs authority.
In described method, also comprise and attack monitoring is carried out to the application service of honey jar, if process is lost, then determine to occur Vulnerability events.The means of process monitoring or the dump of collapse process can be adopted, once the process of discovery is lost, then think to have occurred serious Vulnerability events.
The present invention also proposes a kind of applied honey jar implement device, as shown in Figure 2, comprising:
Application deployment module 201, for obtaining the application service and attribute information thereof and applied environment that will simulate, and disposes identical application service and applied environment in honey jar;
Control module 202 is set, identical with the application service that will simulate for the login account arranging the application service of described honey jar, and the known controllable security breaches of at least one application service open; The application service arranging described honey jar is full-time record, and described daily record only keeper there is amendment authority;
Data importing module 203, for according to user's mark, carries out DecryptDecryption process to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar;
Update module 204, for according to Preset Time, regularly or in the application service of honey jar, import newly-increased business datum in real time.
In described device, described honey jar adopts the equipment identical with the application service that will simulate.
In described device, described arrange that the fire wall of honey jar place equipment is also set to only to allow honey jar service and honey jar administrative institute to need by control module outreach request, forbid other access behaviors, and record carried out to other access behaviors produced.
In described device, the described control module that arranges also runs authority for application service in described honey jar being set to most I.
In described device, also comprise monitoring module 205, for carrying out attack monitoring to the application service of honey jar, if process is lost, then determine to occur Vulnerability events.
Advantage of the present invention is, passage is deployed in the true application service on true main frame, and making scanning tools cannot distinguish this equipment is actual services equipment or honey jar equipment, and assailant is thought, and current device is its intrusion target; And by follow-up supplementing business datum, honey jar is become and enlivens main frame, make assailant more be ready to hide in main frame.And by carrying out DecryptDecryption process to the whole business datums in application service, both ensure that the confidence level of data in honey jar, in turn ensure that data message can not be revealed.The honey jar that the present invention realizes, by reply network sweep with attack more traditional honey jar in threat and more easily confuse assailant, contributes to the darker behavior intention of realizing assailant and analyzes evidence obtaining.
The invention provides a kind of method described in applied honey jar implementation method and device, comprising: obtain the application service that will simulate and attribute information thereof and applied environment, and dispose identical application service and applied environment in honey jar; And the respective attributes of honey jar is arranged, the login account as the application service of honey jar as described in arranging is identical with the application service that will simulate, and the known controllable security breaches of at least one application service open; According to user's mark, DecryptDecryption process is carried out to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar; And regularly or in real time can import newly-increased business datum in the application service of honey jar.The present invention also proposes corresponding equipment, by application layer honey jar of the present invention, can in conjunction with the actual services data of user, and farthest confuse assailant, honey jar is the true application service data of user to make it think.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for system embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Although depict the present invention by embodiment, those of ordinary skill in the art know, the present invention has many distortion and change and do not depart from spirit of the present invention, and the claim appended by wishing comprises these distortion and change and do not depart from spirit of the present invention.
Claims (10)
1. an applied honey jar implementation method, is characterized in that, comprising:
Obtain the application service that will simulate and attribute information thereof and applied environment, and dispose identical application service and applied environment in honey jar;
The login account arranging the application service of described honey jar is identical with the application service that will simulate, and the known controllable security breaches of at least one application service open; The application service arranging described honey jar is full-time record, and described daily record only keeper there is amendment authority;
According to user's mark, DecryptDecryption process is carried out to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar;
According to Preset Time, regularly or in the application service of honey jar, import newly-increased business datum in real time.
2. the method for claim 1, is characterized in that, described honey jar adopts the equipment identical with the application service that will simulate.
3. method as claimed in claim 2, is characterized in that, what be set to by the fire wall of honey jar place equipment only to allow honey jar service and honey jar administrative institute to need outreaches request, forbids other access behaviors, and carries out record to other access behaviors produced.
4. the method for claim 1, is characterized in that, the application service of described honey jar is set to most I and runs authority.
5. the method for claim 1, is characterized in that, also comprises and carries out attack monitoring to the application service of honey jar, if process is lost, then determine to occur Vulnerability events.
6. an applied honey jar implement device, is characterized in that, comprising:
Application deployment module, for obtaining the application service and attribute information thereof and applied environment that will simulate, and disposes identical application service and applied environment in honey jar;
Control module is set, identical with the application service that will simulate for the login account arranging the application service of described honey jar, and the known controllable security breaches of at least one application service open; The application service arranging described honey jar is full-time record, and described daily record only keeper there is amendment authority;
Data importing module, for according to user's mark, carries out DecryptDecryption process to the whole business datums in described application service, and uses Obfuscating Algorithms by after whole business datum deformation process, import in the application service of honey jar;
Update module, for according to Preset Time, regularly or in the application service of honey jar, import newly-increased business datum in real time.
7. device as claimed in claim 6, is characterized in that, described honey jar adopts the equipment identical with the application service that will simulate.
8. device as claimed in claim 7, it is characterized in that, described arrange that the fire wall of honey jar place equipment is also set to only to allow honey jar service and honey jar administrative institute to need by control module outreach request, forbid other access behaviors, and record carried out to other access behaviors produced.
9. device as claimed in claim 6, is characterized in that, the described control module that arranges also runs authority for the application service of described honey jar being set to most I.
10. device as claimed in claim 6, is characterized in that, also comprise monitoring module, for carrying out attack monitoring to the application service of honey jar, if process is lost, then determines to occur Vulnerability events.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410598007.8A CN104978519A (en) | 2014-10-31 | 2014-10-31 | Implementation method and device of application-type honeypot |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410598007.8A CN104978519A (en) | 2014-10-31 | 2014-10-31 | Implementation method and device of application-type honeypot |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104978519A true CN104978519A (en) | 2015-10-14 |
Family
ID=54275013
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410598007.8A Pending CN104978519A (en) | 2014-10-31 | 2014-10-31 | Implementation method and device of application-type honeypot |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104978519A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209919A (en) * | 2016-09-18 | 2016-12-07 | 深圳市深信服电子科技有限公司 | A kind of network safety protection method and network security protection system |
| CN107332823A (en) * | 2017-06-06 | 2017-11-07 | 北京明朝万达科技股份有限公司 | A kind of server camouflage method and system based on machine learning |
| CN107644161A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Safety detecting method, device and the equipment of sample |
| CN108134797A (en) * | 2017-12-28 | 2018-06-08 | 广州锦行网络科技有限公司 | System and method is realized in attack counter based on Honeypot Techniques |
| CN108768989A (en) * | 2018-05-18 | 2018-11-06 | 刘勇 | It is a kind of using the APT attack defense methods of mimicry technology, system |
| CN109033885A (en) * | 2017-06-09 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data response method, terminal device and server |
| CN109462599A (en) * | 2018-12-13 | 2019-03-12 | 烽台科技(北京)有限公司 | A kind of honey jar management system |
| CN109711173A (en) * | 2019-02-03 | 2019-05-03 | 北京大学 | A kind of password file leakage detection method |
| US10419480B1 (en) | 2017-08-24 | 2019-09-17 | Amdocs Development Limited | System, method, and computer program for real-time cyber intrusion detection and intruder identity analysis |
| CN110709843A (en) * | 2017-05-08 | 2020-01-17 | 美光科技公司 | Encrypted lasso software tamper detection |
| CN110865597A (en) * | 2018-12-18 | 2020-03-06 | 哈尔滨安天科技集团股份有限公司 | Industrial control system and safety protection method thereof |
| CN110912898A (en) * | 2019-11-26 | 2020-03-24 | 成都知道创宇信息技术有限公司 | Method and device for disguising equipment assets, electronic equipment and storage medium |
| CN111404934A (en) * | 2020-03-16 | 2020-07-10 | 广州锦行网络科技有限公司 | Network attack tracing method and system based on dynamic and static combination mode and honey mark technology |
| CN111506316A (en) * | 2020-03-20 | 2020-08-07 | 微梦创科网络科技(中国)有限公司 | Automatic honeypot deployment method and device |
| CN111756742A (en) * | 2020-06-24 | 2020-10-09 | 广州锦行网络科技有限公司 | Honeypot deception defense system and deception defense method thereof |
| CN112104613A (en) * | 2020-08-24 | 2020-12-18 | 广州锦行网络科技有限公司 | Honey net testing system based on data flow packet analysis and testing method thereof |
| CN114070630A (en) * | 2021-11-17 | 2022-02-18 | 国网四川省电力公司眉山供电公司 | Viscous honeypot system and interaction method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
| EP2244418A1 (en) * | 2008-07-28 | 2010-10-27 | Chengdu Huawei Symantec Technologies Co., Ltd. | Database security monitoring method, device and system |
| CN103440454A (en) * | 2013-08-01 | 2013-12-11 | 上海交通大学 | Search engine keyword-based active honeypot detection method |
-
2014
- 2014-10-31 CN CN201410598007.8A patent/CN104978519A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2244418A1 (en) * | 2008-07-28 | 2010-10-27 | Chengdu Huawei Symantec Technologies Co., Ltd. | Database security monitoring method, device and system |
| CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
| CN103440454A (en) * | 2013-08-01 | 2013-12-11 | 上海交通大学 | Search engine keyword-based active honeypot detection method |
Non-Patent Citations (2)
| Title |
|---|
| 张鑫: "基于蜜罐技术的攻击特征自动提取技术研究", 《中国优秀硕士学位论文全文数据库》 * |
| 王宏群等: "基于蜜罐技术的企业网络安全模型研究", 《湖南理工学院学报(自然科学版)》 * |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107644161A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Safety detecting method, device and the equipment of sample |
| CN106209919A (en) * | 2016-09-18 | 2016-12-07 | 深圳市深信服电子科技有限公司 | A kind of network safety protection method and network security protection system |
| CN110709843B (en) * | 2017-05-08 | 2023-08-25 | 美光科技公司 | Encryption lux software compromise detection |
| CN110709843A (en) * | 2017-05-08 | 2020-01-17 | 美光科技公司 | Encrypted lasso software tamper detection |
| CN107332823A (en) * | 2017-06-06 | 2017-11-07 | 北京明朝万达科技股份有限公司 | A kind of server camouflage method and system based on machine learning |
| CN109033885A (en) * | 2017-06-09 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data response method, terminal device and server |
| US10419480B1 (en) | 2017-08-24 | 2019-09-17 | Amdocs Development Limited | System, method, and computer program for real-time cyber intrusion detection and intruder identity analysis |
| CN108134797A (en) * | 2017-12-28 | 2018-06-08 | 广州锦行网络科技有限公司 | System and method is realized in attack counter based on Honeypot Techniques |
| CN108768989A (en) * | 2018-05-18 | 2018-11-06 | 刘勇 | It is a kind of using the APT attack defense methods of mimicry technology, system |
| CN109462599A (en) * | 2018-12-13 | 2019-03-12 | 烽台科技(北京)有限公司 | A kind of honey jar management system |
| CN110865597A (en) * | 2018-12-18 | 2020-03-06 | 哈尔滨安天科技集团股份有限公司 | Industrial control system and safety protection method thereof |
| CN109711173B (en) * | 2019-02-03 | 2020-10-09 | 北京大学 | Password file leakage detection method |
| CN109711173A (en) * | 2019-02-03 | 2019-05-03 | 北京大学 | A kind of password file leakage detection method |
| CN110912898A (en) * | 2019-11-26 | 2020-03-24 | 成都知道创宇信息技术有限公司 | Method and device for disguising equipment assets, electronic equipment and storage medium |
| CN111404934A (en) * | 2020-03-16 | 2020-07-10 | 广州锦行网络科技有限公司 | Network attack tracing method and system based on dynamic and static combination mode and honey mark technology |
| CN111404934B (en) * | 2020-03-16 | 2021-01-29 | 广州锦行网络科技有限公司 | Network attack tracing method and system based on dynamic and static combination mode and honey mark technology |
| CN111506316A (en) * | 2020-03-20 | 2020-08-07 | 微梦创科网络科技(中国)有限公司 | Automatic honeypot deployment method and device |
| CN111506316B (en) * | 2020-03-20 | 2023-02-24 | 微梦创科网络科技(中国)有限公司 | Automatic honeypot deployment method and device |
| CN111756742A (en) * | 2020-06-24 | 2020-10-09 | 广州锦行网络科技有限公司 | Honeypot deception defense system and deception defense method thereof |
| CN111756742B (en) * | 2020-06-24 | 2021-07-13 | 广州锦行网络科技有限公司 | Honeypot deception defense system and deception defense method thereof |
| CN112104613A (en) * | 2020-08-24 | 2020-12-18 | 广州锦行网络科技有限公司 | Honey net testing system based on data flow packet analysis and testing method thereof |
| CN114070630A (en) * | 2021-11-17 | 2022-02-18 | 国网四川省电力公司眉山供电公司 | Viscous honeypot system and interaction method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104978519A (en) | Implementation method and device of application-type honeypot | |
| CN110381045B (en) | Attack operation processing method and device, storage medium and electronic device | |
| Zhang et al. | Three decades of deception techniques in active cyber defense-retrospect and outlook | |
| US20180309787A1 (en) | Deploying deception campaigns using communication breadcrumbs | |
| Brewer | Advanced persistent threats: minimising the damage | |
| EP2955894B1 (en) | Deception network system | |
| CN109462599B (en) | Honeypot management system | |
| CN104104679A (en) | Data processing method based on private cloud | |
| CN104980423A (en) | Advanced persistent threat trapping system and method | |
| Eastman et al. | Big data and predictive analytics: on the cybersecurity front line | |
| CN118337540B (en) | Internet of things-based network intrusion attack recognition system and method | |
| CN115277068A (en) | Novel honeypot system and method based on deception defense | |
| Anisetti et al. | Security threat landscape | |
| CN115134166A (en) | Attack tracing method based on honey holes | |
| Gudala et al. | Leveraging Machine Learning for Enhanced Threat Detection and Response in Zero Trust Security Frameworks: An Exploration of Real-Time Anomaly Identification and Adaptive Mitigation Strategies | |
| Aljurayban et al. | Framework for cloud intrusion detection system service | |
| Pitropakis et al. | It's All in the Cloud: Reviewing Cloud Security | |
| Saini et al. | Vulnerability and Attack Detection Techniques: Intrusion Detection System | |
| Asgarkhani et al. | A strategic approach to managing security in SCADA systems | |
| Lau et al. | Securing supervisory control and data acquisition control systems | |
| Mocanu et al. | Intrusion Detection Platform with Virtual Honeypots | |
| Wagner | Building More Resilient Cybersecurity Solutions for Infrastructure Systems | |
| Asante et al. | DIGITAL FORENSIC READINESS FRAMEWORK BASED ON HONEYPOT AND HONEYNET FOR BYOD | |
| Le | Quality trade-offs in self-protecting system | |
| Lakshmi | Security enabled UAVs for Tech-Agriculture monitoring rice crops using FIBOR architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151014 |