CN109495472A - A kind of defence method for intranet and extranet camera configuration weak passwurd loophole - Google Patents
A kind of defence method for intranet and extranet camera configuration weak passwurd loophole Download PDFInfo
- Publication number
- CN109495472A CN109495472A CN201811375787.4A CN201811375787A CN109495472A CN 109495472 A CN109495472 A CN 109495472A CN 201811375787 A CN201811375787 A CN 201811375787A CN 109495472 A CN109495472 A CN 109495472A
- Authority
- CN
- China
- Prior art keywords
- camera
- router
- intranet
- access
- honey jar
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of defence methods for intranet and extranet camera configuration weak passwurd loophole, honey jar are arranged at the net end of camera, while the public network end of camera being linked into the rear of router, and access to router and control list configuration;Under intranet environment, by 23 and 80 ports of honey jar exposure camera, when there is the attack of camera vulnerability scanning, scanning flow packet is obtained by honey jar, the source IP address of scanning flow packet is analyzed and obtains Intranet and attack host;Under outer network environment, the flow of all access cameras uniformly passes through router filter, to allowing the IP address accessed to let pass, otherwise forbids.It in the method for the present invention, is filtered using illegal request of the router acls to outer net, does not need to forbid all extranet access, ensure that the functionality of camera;Intranet deployment is carried out using Cowrie honey jar, low rate of false alarm can better understand the Means of Intrusion and process of attacker.
Description
Technical field
The present invention relates to a kind of total defense methods that camera weak passwurd loophole is directed under environment of internet of things, are mainly used for
There is the camera of default initial log password in solution, since Cipher Strength is lower, it is easy to by scanning explosion attack and divide
Cloth refusal service (DDoS) attack, it is real by the way that router access control list (ACL) and honey jar are arranged in camera network segment
It is defendd while now attack outer net and Intranet, belongs to cyberspace safe practice.
Background technique
Internet protocol camera system is widely used in the public places such as traffic, school, enterprise, market as security device.
With the development of technology of Internet of things, more and more families also begin to use internet protocol camera system to protect household safe.In order to
It is remotely monitored convenient for administrator, internet protocol camera system generally has public network IP (or port mapping), accesses internet, therefore permitted
The internet protocol camera system of public network is exposed to also at the target in hacker's eye more.Internet protocol camera system is once broken, that
User, which will have no privacy, to be sayed.The loophole of related network camera chain discloses in recent years and attack report is increasing.
Such as 2 months 2015, prestige view in Haikang met with " black Swan ", and by exposure there are severe compromise, part monitoring device is controlled by IP overseas
System, caused by information leakage loss and following potential threaten be difficult to estimate.The Mirai Botnet thing that in September, 2016 occurs
Part is also to cause U.S.'s suspension event so that camera forms Botnet and initiates network attack.In March, 2017, the big China in Zhejiang
Scientific and technological 11 sections of camera products are exposed there are the back door 0Day, can remotely obtain administrator's account password, it is contemplated that about 280,000 equipment
It is affected.So having great meaning to the research of camera safety.
A large amount of camera is scanned using the SYN of TCP there are weak passwurd loophole at this stage, using stateless or ignore TCP
The method of link information is screened by reading the ACK of SYN and TCP of return TCP, judges whether 23 and 2323 ports open
It opens;Explosion is carried out using 62 pairs of weak passwurd username and passwords in Mirai source code in the state of unlatching.After explosion success
Camera shell is logged in, the system information of camera is obtained, meanwhile, write-in can be connect by establishing telnet with camera
Corresponding download module is scanned the downloading of virus, with this other cameras is caused with the influence and destruction of duration.It is many
All there is this loophole in the Multiple Type camera of brand, such as the DS-2CD3T26 that Haikang prestige regards, big China DH-IPC-HDW23A0RN-
The cameras such as ZS.
For the weak passwurd loophole of camera, since the solidification of camera password both makes to restart or can not prevent two in firmware
Subinfection, due to infected camera can also work normally thus it is extremely difficult determine whether it is infected, and if source of infection nothing
Method confirmation, it is monitored still can not fundamentally to prevent camera.In view of such circumstances, the defence of the camera of the series is arranged
It applies, is NO VIDEO PLEASE head connection outer net, but be unable to satisfy the requirement such as resource unofficial biography in this way, there are certain drawbacks.Another kind is anti-
Imperial measure is to enhance its password complexity intensity, but such mode is unable to ensure absolute safety, also can not be from the root
The lasting scanning of infection camera is solved to destroy.
Summary of the invention
Goal of the invention: for the camera that weak passwurd loophole exists in the prior art, attacker is by continuously transmitting data
Packet carries out logon attempt, can get control when logining successfully and can upload the deficiency of viral code, the present invention provides one
Kind configures safe, cheap, the efficient defence method of weak passwurd loophole for intranet and extranet camera, by setting to camera network segment
It sets honey jar while giving network segment configuration of routers ACL, to take precautions against Intranet and outer net attack, can either guarantee camera in all directions
Safety, and there is easy to maintain and practicability, researching value with higher.
Technical solution: to achieve the above object, the technical solution adopted by the present invention are as follows:
Honey jar is arranged at the net end of camera in a kind of defence method for intranet and extranet camera configuration weak passwurd loophole,
The public network end of camera is linked into the rear of router simultaneously, and accesses to router and controls list (ACL) configuration;?
Under intranet environment, pass through honey jar when there is the attack of camera vulnerability scanning by 23 and 80 ports of honey jar exposure camera
Scanning flow packet is obtained, the source IP address of scanning flow packet is analyzed and obtains Intranet attack host;In outer network environment
Under, the flow of all access cameras uniformly passes through router filter, to allowing the IP address accessed to let pass, otherwise prohibits
Only.
The present invention can all be on the defensive to the intranet and extranet of camera, be used to reach by one honey jar of framework under intranet environment
To the effect of monitoring, when thering is infected camera to send scanning information, honey jar can be allowed to open the induction of 23/80 port
Attacker goes scanning device, according to honey jar mechanism can acquisition scan message, analyze message;Pass through router under outer network environment
ACL configuration is realized to the filtering screening by camera flow, has the function that malice scans flow and cannot pass through camera.
In the method for the present invention, the functions such as detection and filtering of flow, come complete independently, alleviate camera by router
Work load, router are configured by ACL, have haved the function that shunting and current limliting;Meanwhile using router acls to outer net
Illegal request is filtered, and is not needed to forbid all extranet access, be ensure that the functionality of camera;Use Cowrie honey jar
Intranet deployment is carried out, low rate of false alarm can better understand the Means of Intrusion and process of attacker.
Preferably, honey jar is configured at the public network end of camera, by 23 and 80 ports of honey jar exposure camera, works as appearance
When camera vulnerability scanning is attacked, scanning flow packet is obtained by the Linux host of open port, Linux host is again
The request for accessing 23 and 80 ports of camera is forwarded in the listening port of honey jar, honey jar is to the key message in request
(such as source IP address, purpose IP address, weak passwurd account, weak passwurd password etc.) is stored;Finally logging in honey jar can look into
It sees database information, i.e., infected camera is searched by honey jar and Intranet attacks host.
Using the method for the present invention, attacker can be allowed to the scanning flow of camera and attacked during the work of camera
Defence can not be also achieved that by camera by hitting flow.It transfers ownership in defence, honey jar can receive to come self-scanning flow and attack
All message informations of flow, the later period, the information such as purpose IP address can be with seat offence person by analysis processing such as source IP address
Geographical location.
Preferably, it accesses to router when controlling list configuration, using packet filtering technology, reads on the router
Information in three layers and the 4th layer of packet header;On public network, to allowing the IP address accessed to let pass, to the IP of non-permitted access
Address, first judges whether it accesses 23 and 80 ports of camera, if being then filtered to the IP address.
Preferably, it accesses to router when controlling list configuration, the IP's for allowing to access uses access-list
1permit ip order configures router, while using access-list 11deny tcp any any eq 80;access-
The order configuration router of list 11deny tcp any any eq 23, in addition uses access-list 111permit any
Any order configures router, to receive all unsuccessful orders of matching;The router configured through accesses control list, can abide by
It follows one by one matching principle and safety filtering is carried out to all flows by the router.
The utility model has the advantages that the defence method provided by the invention for intranet and extranet camera configuration weak passwurd loophole, relative to
The prior art has the advantage that the ACL configuration of 1, router can identify and shield the scanning of illegal request and port,
It is effectively prevented weak passwurd scanning;2, the opening of honey jar particular port can identify and position the IP of infected camera, effectively
Prevent camera infect diffusion;3, this method not only prevents the security attack of outer net, and can also provide safety in Intranet
Protection, i.e. double protection functions;4, for a user, easy to use, it is only necessary to configuration of routers ACL and to increase a honey
Tank, for existing network without doing excessive change, applicability is wide;5, this set system mode that this method proposes is more stable, can solve
The threat of certainly most of secure context, reaches preferable actual effect.
Detailed description of the invention
Fig. 1 is the ACL configuration rule figure of router.
Specific embodiment
The present invention will be further explained with reference to the accompanying drawing.
ACL technology is widely adopted in the router, it is a kind of flow control technology based on packet filtering, and control list is logical
It crosses using source address, destination address and port numbers as the basic element of packet inspection, and can specify that qualified data
Whether packet allows to pass through.
Honeypot Techniques are substantially the technologies that a kind of couple of attacker is cheated, by arranging some masters as bait
Machine, network service or information lure that attacker implements to attack to them into, since honey jar can not execute corresponding malicious code,
Attack information can be saved by intact, and so as to be captured and analyzed to attack, understanding attacker is made
Tool and method, thus it is speculated that attack intension and motivation can allow defender clearly to understand faced security threat, and lead to
Technology and management means are crossed to enhance the security protection ability of system.
The present invention needs while defending Intranet and outer net to attack, therefore honey jar will be connect simultaneously in Intranet network segment and public network network segment
On, quantity can do increase and decrease appropriate according to the demand of user.
Under intranet environment, scanning attack of the camera by internal computer, can dispose a honey jar machine in order to prevent
The ports such as device and exposure 23/80.When there is the scanning attack to camera loophole, scanning flow packet can be carried out by honey jar
It obtains, and the source IP address of analysis bag obtains internal attack machine;Both made camera by malicious code infections such as Botnets
Afterwards equally the flow packet that camera is issued can be obtained by honey jar.
Under outer network environment, public network IP is scanned attack to camera in order to prevent, by imaging the part of public network
Head is linked into the rear of router, and carries out ACL configuration to router, unified to the flow of the camera of all access through passing by one's way
Camera can just be reached by the filtering of device, let pass to allowing to access IP address, if not the IP in rule then judges its visit
It asks the port of camera, if the practical port of access port non-80,23 etc. can let pass, otherwise forbids accessing.It is same on public network
Honey jar can be disposed, when carrying out the attack of malice scanning explosion to camera loophole, honey jar can be very good to obtain and attack when existing
Flow is hit, attack source IP is analyzed, achievees the purpose that protect camera.
ACL uses packet filtering technology, read on the router in third layer and the 4th layer of packet header information (such as source address,
Destination address, agreement mouth, port numbers etc.), on public network, we are with allowing in a network segment IP of these addressable cameras
Location is IP1, IP2, IP3.Use access-list 1permit IP1 wildcard mask;Access-list 1permit IP2 is counter to be covered
Code;The orders such as access-list 1permit IP3 wildcard mask configure router, only allow the outer net IP in rule that can just enter
The network segment, for non-IP1, the address of IP2, IP3 need first to judge that it accesses whether Internal camera head end mouth is public port,
Such as 80,23, if it is it is filtered.Use access-list 11deny tcp any any eq 80;access-list
The order configuration router of 11deny tcp any any eq 23.It is last to be ordered because ACL finally has one to hide, current two
Matching rule can be rejected by default when unsuccessful it is all, so configuration access-list 111permit any any;Receive all
Unsuccessful order is matched, safe mistake can be carried out to all flows by the router by following one by one matching principle according to ACL
Filter.Router acls workflow is as follows:
(11) accesses control list intercepts data packet all on this route, judges whether the data packet is rule
Allow in library by IP (being determined according to the IP in configuration code), if successful match enters step (12), otherwise enter step
Suddenly (13);
(12) accesses control list is proved to be successful this IP, allows to request to pass through;
(13) if the IP of source request is mismatched, we just judge whether request page etc. is 23 ports or Web page
Face if it is intercepts this data packet, and does filtration treatment, otherwise enters step (14);
(14) access of this data packet is nonsensitive data or equipment, is configured according to accesses control list the last item, is permitted
Perhaps it passes through.
Honey jar uses Cowrie.It establishes the medium interactive honey jar of Cowrie and (simulates one in a distinctive control environment
A network service, allow attacker part interaction), available attacker be used for Brute Force dictionary, input order with
And the malicious file for uploading or downloading.After uploading malicious file, the operation for executing malicious file will fail attacker, so
It is relatively safer for honey jar itself.Cowrie and relevant configuration file are installed on Linux host, including walked as follows
It is rapid:
(21) listening port of honey jar is modified;
(22) port forwarding is done into the request of the Intranet access port of server 23 and 80, is forwarded to the listening port of honey jar
In;
(23) real (non-honey jar) telent is serviced, web services port is changed to 65522,65523;
(24) mysql database is installed, cowrie has and will attack IP, and time, history executes the records such as order and directly deposits
In the database;
(25) database of entitled cowrie is established using root user and all tables in the library are licensed into cowrie;
(26) enter in cowrie installation directory, using cowrie user's log database, into the library cowrie, will/
Opt/cowrie/doc/sql/mysql.sql can be made into multiple tables as data source;
(27) the database configuration for modifying configuration file cowrie.cfg, makes the password and cowrie data in configuration file
Library user password is consistent;
(28) start honey jar.
Honey jar workflow is as follows:
The data packet that (31) 23/80 equal sensitive ports carry out weak passwurd scanning monitors the Linux host of open port;
(32) respective request is forwarded in the listening port of honey jar by Linux host, and honey jar is to the key message in request
Such as source address, destination address, weak passwurd account, weak passwurd password stored accordingly;
(33) honey jar is logged in, checks database information, searches infected camera and Intranet attack host.
The above is only a preferred embodiment of the present invention, it should be pointed out that: for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (4)
1. a kind of defence method for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that: at the net end of camera
Honey jar is set, while the public network end of camera being linked into the rear of router, and is accessed to router and is controlled list and match
It sets;Under intranet environment, led to by 23 and 80 ports of honey jar exposure camera when there is the attack of camera vulnerability scanning
Honey jar is crossed to obtain scanning flow packet, analyze the source IP address of scanning flow packet and obtain Intranet attack host;In outer net
Under environment, the flow of all access cameras uniformly passes through router filter, to allowing the IP address accessed to let pass, otherwise
Forbid.
2. the defence method according to claim 1 for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that:
Honey jar is configured at the public network end of camera, by 23 and 80 ports of honey jar exposure camera, when there is camera vulnerability scanning
When attack, scanning flow packet is obtained by the Linux host of open port, Linux host will access camera again
The request of 23 and 80 ports is forwarded in the listening port of honey jar, and honey jar stores the key message in request, passes through honey
Tank searches infected camera and Intranet attacks host.
3. the defence method according to claim 1 for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that:
It is accessed when controlling list configuration to router, using packet filtering technology, reads third layer and the 4th layer of packet on the router
Information in head;On public network, to allowing the IP address accessed to let pass, to the IP address of non-permitted access, it is first judged
23 and 80 ports for whether accessing camera, if being then filtered to the IP address.
4. the defence method according to claim 1 for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that:
It is accessed when controlling list configuration to router, the IP's for allowing to access uses 1 permit ip order of access-list
Router is configured, while using 11 deny tcp any any eq 80 of access-list;access-list 11 deny
The order configuration router of tcp any any eq 23, is in addition matched using 111 permit any any order of access-list
Router is set, to receive all unsuccessful orders of matching;The router configured through accesses control list, can follow and match one by one
Principle carries out safety filtering to all flows by the router.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811375787.4A CN109495472A (en) | 2018-11-19 | 2018-11-19 | A kind of defence method for intranet and extranet camera configuration weak passwurd loophole |
PCT/CN2019/093344 WO2020103454A1 (en) | 2018-11-19 | 2019-06-27 | Defense method for configuring weak password vulnerabilities of internal and external network cameras |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811375787.4A CN109495472A (en) | 2018-11-19 | 2018-11-19 | A kind of defence method for intranet and extranet camera configuration weak passwurd loophole |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109495472A true CN109495472A (en) | 2019-03-19 |
Family
ID=65696980
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811375787.4A Pending CN109495472A (en) | 2018-11-19 | 2018-11-19 | A kind of defence method for intranet and extranet camera configuration weak passwurd loophole |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109495472A (en) |
WO (1) | WO2020103454A1 (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110290138A (en) * | 2019-06-27 | 2019-09-27 | 苏宁消费金融有限公司 | Limitation login method and system suitable for test database |
CN110381041A (en) * | 2019-06-28 | 2019-10-25 | 奇安信科技集团股份有限公司 | Distributed denial of service attack situation detection method and device |
CN110798482A (en) * | 2019-11-11 | 2020-02-14 | 杭州安恒信息技术股份有限公司 | System-level honeypot network isolation system based on linux network filter |
CN111181998A (en) * | 2020-01-09 | 2020-05-19 | 南京邮电大学 | Design method of honeypot capture system for terminal equipment of Internet of things |
WO2020103454A1 (en) * | 2018-11-19 | 2020-05-28 | 南京邮电大学 | Defense method for configuring weak password vulnerabilities of internal and external network cameras |
CN111431891A (en) * | 2020-03-20 | 2020-07-17 | 广州锦行网络科技有限公司 | Honey pot deployment method |
CN111628981A (en) * | 2020-05-21 | 2020-09-04 | 公安部第三研究所 | Network security system and method capable of being linked with application system |
CN111797384A (en) * | 2020-05-14 | 2020-10-20 | 广州锦行网络科技有限公司 | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis |
CN112242974A (en) * | 2019-07-16 | 2021-01-19 | 中国移动通信集团浙江有限公司 | Attack detection method and device based on behaviors, computing equipment and storage medium |
CN113132293A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团湖南有限公司 | Attack detection method and device and public honeypot system |
CN114615077A (en) * | 2022-03-30 | 2022-06-10 | 中国农业银行股份有限公司 | Honeypot-based network access control method, device and equipment |
CN114650153A (en) * | 2020-12-17 | 2022-06-21 | 浙江宇视科技有限公司 | Video network security risk prevention system and method |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114866326A (en) * | 2022-05-16 | 2022-08-05 | 上海磐御网络科技有限公司 | Camera honeypot construction method based on linux system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102882884A (en) * | 2012-10-13 | 2013-01-16 | 山东电力集团公司电力科学研究院 | Honeynet-based risk prewarning system and method in information production environment |
CN104980423A (en) * | 2014-11-26 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Advanced persistent threat trapping system and method |
CN105681353A (en) * | 2016-03-22 | 2016-06-15 | 浙江宇视科技有限公司 | Method and device of defending port scanning invasion |
US20170223052A1 (en) * | 2016-01-29 | 2017-08-03 | Sophos Limited | Honeypot network services |
US20180146009A1 (en) * | 2016-11-18 | 2018-05-24 | Brad Austin Primm | Computer network security system for protecting against malicious software |
CN108768917A (en) * | 2017-08-23 | 2018-11-06 | 长安通信科技有限责任公司 | A kind of Botnet detection method and system based on network log |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090125470A1 (en) * | 2007-11-09 | 2009-05-14 | Juniper Networks, Inc. | System and Method for Managing Access Control Lists |
CN106034046A (en) * | 2015-03-20 | 2016-10-19 | 中兴通讯股份有限公司 | Method and device for sending access control list (ACL) |
CN107330331B (en) * | 2016-04-29 | 2020-11-13 | 阿里巴巴集团控股有限公司 | Method, device and system for identifying system with vulnerability |
CN109495472A (en) * | 2018-11-19 | 2019-03-19 | 南京邮电大学 | A kind of defence method for intranet and extranet camera configuration weak passwurd loophole |
-
2018
- 2018-11-19 CN CN201811375787.4A patent/CN109495472A/en active Pending
-
2019
- 2019-06-27 WO PCT/CN2019/093344 patent/WO2020103454A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102882884A (en) * | 2012-10-13 | 2013-01-16 | 山东电力集团公司电力科学研究院 | Honeynet-based risk prewarning system and method in information production environment |
CN104980423A (en) * | 2014-11-26 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Advanced persistent threat trapping system and method |
US20170223052A1 (en) * | 2016-01-29 | 2017-08-03 | Sophos Limited | Honeypot network services |
CN105681353A (en) * | 2016-03-22 | 2016-06-15 | 浙江宇视科技有限公司 | Method and device of defending port scanning invasion |
US20180146009A1 (en) * | 2016-11-18 | 2018-05-24 | Brad Austin Primm | Computer network security system for protecting against malicious software |
CN108768917A (en) * | 2017-08-23 | 2018-11-06 | 长安通信科技有限责任公司 | A kind of Botnet detection method and system based on network log |
Non-Patent Citations (2)
Title |
---|
叶清等: "《网络安全原理》", 31 May 2014, 武汉大学出版社 * |
李享梅等: "《交换与路由技术》", 30 September 2017 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020103454A1 (en) * | 2018-11-19 | 2020-05-28 | 南京邮电大学 | Defense method for configuring weak password vulnerabilities of internal and external network cameras |
CN110290138B (en) * | 2019-06-27 | 2021-12-21 | 苏宁消费金融有限公司 | Restricted login method and system suitable for test database |
CN110290138A (en) * | 2019-06-27 | 2019-09-27 | 苏宁消费金融有限公司 | Limitation login method and system suitable for test database |
CN110381041A (en) * | 2019-06-28 | 2019-10-25 | 奇安信科技集团股份有限公司 | Distributed denial of service attack situation detection method and device |
CN110381041B (en) * | 2019-06-28 | 2021-12-14 | 奇安信科技集团股份有限公司 | Distributed denial of service attack situation detection method and device |
CN112242974A (en) * | 2019-07-16 | 2021-01-19 | 中国移动通信集团浙江有限公司 | Attack detection method and device based on behaviors, computing equipment and storage medium |
CN110798482A (en) * | 2019-11-11 | 2020-02-14 | 杭州安恒信息技术股份有限公司 | System-level honeypot network isolation system based on linux network filter |
CN113132293A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团湖南有限公司 | Attack detection method and device and public honeypot system |
CN111181998B (en) * | 2020-01-09 | 2022-07-26 | 南京邮电大学 | Design method of honeypot capture system for terminal equipment of Internet of things |
CN111181998A (en) * | 2020-01-09 | 2020-05-19 | 南京邮电大学 | Design method of honeypot capture system for terminal equipment of Internet of things |
CN111431891A (en) * | 2020-03-20 | 2020-07-17 | 广州锦行网络科技有限公司 | Honey pot deployment method |
CN111797384B (en) * | 2020-05-14 | 2021-04-16 | 广州锦行网络科技有限公司 | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis |
CN111797384A (en) * | 2020-05-14 | 2020-10-20 | 广州锦行网络科技有限公司 | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis |
CN111628981A (en) * | 2020-05-21 | 2020-09-04 | 公安部第三研究所 | Network security system and method capable of being linked with application system |
CN111628981B (en) * | 2020-05-21 | 2022-09-23 | 公安部第三研究所 | Network security system and method capable of being linked with application system |
CN114650153A (en) * | 2020-12-17 | 2022-06-21 | 浙江宇视科技有限公司 | Video network security risk prevention system and method |
CN114650153B (en) * | 2020-12-17 | 2024-04-05 | 浙江宇视科技有限公司 | Video network security risk prevention system and method |
CN114615077A (en) * | 2022-03-30 | 2022-06-10 | 中国农业银行股份有限公司 | Honeypot-based network access control method, device and equipment |
Also Published As
Publication number | Publication date |
---|---|
WO2020103454A1 (en) | 2020-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109495472A (en) | A kind of defence method for intranet and extranet camera configuration weak passwurd loophole | |
US10462181B2 (en) | Method, system, and apparatus to identify and study advanced threat tactics, techniques and procedures | |
US8516575B2 (en) | Systems, methods, and media for enforcing a security policy in a network including a plurality of components | |
US20150047032A1 (en) | System and method for computer security | |
CN107872456A (en) | Network intrusion prevention method, apparatus, system and computer-readable recording medium | |
US20080098476A1 (en) | Method and Apparatus for Defending Against Zero-Day Worm-Based Attacks | |
EP1900172A1 (en) | Anti-hacker system with honey pot | |
CN113422779B (en) | Active security defense system based on centralized management and control | |
Chen et al. | Intrusion detection | |
CN117614717A (en) | Whole-flow handling system and method based on network security alarm event | |
Jeremiah | Intrusion detection system to enhance network security using raspberry pi honeypot in kali linux | |
CN116471121A (en) | Security defense method, gateway proxy device, and storage medium | |
KR101006372B1 (en) | System and method for sifting out the malicious traffic | |
CN106856478A (en) | A kind of safety detection method and device based on LAN | |
CN115549943B (en) | Four-honey-based integrated network attack detection method | |
Veena et al. | Implementing file and real time based intrusion detections in secure direct method using advanced honeypot | |
Alsaqour et al. | Defense in Depth: Multilayer of security | |
Cisco | Design Considerations | |
Verwoerd | Active network security | |
Nielson | Classical Network Security Technology | |
Goh | Intrusion deception in defense of computer systems | |
Asarcıklı | Firewall monitoring using intrusion detection systems | |
Yun | Network defense-in-depth: evaluating host-based intrusion detection systems | |
CN117955675A (en) | Network attack defending method and device, electronic equipment and storage medium | |
AlFraih et al. | Design of a worm isolation and unknown worm monitoring system based on honeypot |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190319 |
|
RJ01 | Rejection of invention patent application after publication |