CN109495472A - A kind of defence method for intranet and extranet camera configuration weak passwurd loophole - Google Patents

A kind of defence method for intranet and extranet camera configuration weak passwurd loophole Download PDF

Info

Publication number
CN109495472A
CN109495472A CN201811375787.4A CN201811375787A CN109495472A CN 109495472 A CN109495472 A CN 109495472A CN 201811375787 A CN201811375787 A CN 201811375787A CN 109495472 A CN109495472 A CN 109495472A
Authority
CN
China
Prior art keywords
camera
router
intranet
access
honey jar
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811375787.4A
Other languages
Chinese (zh)
Inventor
季木
季一木
姚橹
吴夜
刘尚东
王汝传
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201811375787.4A priority Critical patent/CN109495472A/en
Publication of CN109495472A publication Critical patent/CN109495472A/en
Priority to PCT/CN2019/093344 priority patent/WO2020103454A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a kind of defence methods for intranet and extranet camera configuration weak passwurd loophole, honey jar are arranged at the net end of camera, while the public network end of camera being linked into the rear of router, and access to router and control list configuration;Under intranet environment, by 23 and 80 ports of honey jar exposure camera, when there is the attack of camera vulnerability scanning, scanning flow packet is obtained by honey jar, the source IP address of scanning flow packet is analyzed and obtains Intranet and attack host;Under outer network environment, the flow of all access cameras uniformly passes through router filter, to allowing the IP address accessed to let pass, otherwise forbids.It in the method for the present invention, is filtered using illegal request of the router acls to outer net, does not need to forbid all extranet access, ensure that the functionality of camera;Intranet deployment is carried out using Cowrie honey jar, low rate of false alarm can better understand the Means of Intrusion and process of attacker.

Description

A kind of defence method for intranet and extranet camera configuration weak passwurd loophole
Technical field
The present invention relates to a kind of total defense methods that camera weak passwurd loophole is directed under environment of internet of things, are mainly used for There is the camera of default initial log password in solution, since Cipher Strength is lower, it is easy to by scanning explosion attack and divide Cloth refusal service (DDoS) attack, it is real by the way that router access control list (ACL) and honey jar are arranged in camera network segment It is defendd while now attack outer net and Intranet, belongs to cyberspace safe practice.
Background technique
Internet protocol camera system is widely used in the public places such as traffic, school, enterprise, market as security device. With the development of technology of Internet of things, more and more families also begin to use internet protocol camera system to protect household safe.In order to It is remotely monitored convenient for administrator, internet protocol camera system generally has public network IP (or port mapping), accesses internet, therefore permitted The internet protocol camera system of public network is exposed to also at the target in hacker's eye more.Internet protocol camera system is once broken, that User, which will have no privacy, to be sayed.The loophole of related network camera chain discloses in recent years and attack report is increasing. Such as 2 months 2015, prestige view in Haikang met with " black Swan ", and by exposure there are severe compromise, part monitoring device is controlled by IP overseas System, caused by information leakage loss and following potential threaten be difficult to estimate.The Mirai Botnet thing that in September, 2016 occurs Part is also to cause U.S.'s suspension event so that camera forms Botnet and initiates network attack.In March, 2017, the big China in Zhejiang Scientific and technological 11 sections of camera products are exposed there are the back door 0Day, can remotely obtain administrator's account password, it is contemplated that about 280,000 equipment It is affected.So having great meaning to the research of camera safety.
A large amount of camera is scanned using the SYN of TCP there are weak passwurd loophole at this stage, using stateless or ignore TCP The method of link information is screened by reading the ACK of SYN and TCP of return TCP, judges whether 23 and 2323 ports open It opens;Explosion is carried out using 62 pairs of weak passwurd username and passwords in Mirai source code in the state of unlatching.After explosion success Camera shell is logged in, the system information of camera is obtained, meanwhile, write-in can be connect by establishing telnet with camera Corresponding download module is scanned the downloading of virus, with this other cameras is caused with the influence and destruction of duration.It is many All there is this loophole in the Multiple Type camera of brand, such as the DS-2CD3T26 that Haikang prestige regards, big China DH-IPC-HDW23A0RN- The cameras such as ZS.
For the weak passwurd loophole of camera, since the solidification of camera password both makes to restart or can not prevent two in firmware Subinfection, due to infected camera can also work normally thus it is extremely difficult determine whether it is infected, and if source of infection nothing Method confirmation, it is monitored still can not fundamentally to prevent camera.In view of such circumstances, the defence of the camera of the series is arranged It applies, is NO VIDEO PLEASE head connection outer net, but be unable to satisfy the requirement such as resource unofficial biography in this way, there are certain drawbacks.Another kind is anti- Imperial measure is to enhance its password complexity intensity, but such mode is unable to ensure absolute safety, also can not be from the root The lasting scanning of infection camera is solved to destroy.
Summary of the invention
Goal of the invention: for the camera that weak passwurd loophole exists in the prior art, attacker is by continuously transmitting data Packet carries out logon attempt, can get control when logining successfully and can upload the deficiency of viral code, the present invention provides one Kind configures safe, cheap, the efficient defence method of weak passwurd loophole for intranet and extranet camera, by setting to camera network segment It sets honey jar while giving network segment configuration of routers ACL, to take precautions against Intranet and outer net attack, can either guarantee camera in all directions Safety, and there is easy to maintain and practicability, researching value with higher.
Technical solution: to achieve the above object, the technical solution adopted by the present invention are as follows:
Honey jar is arranged at the net end of camera in a kind of defence method for intranet and extranet camera configuration weak passwurd loophole, The public network end of camera is linked into the rear of router simultaneously, and accesses to router and controls list (ACL) configuration;? Under intranet environment, pass through honey jar when there is the attack of camera vulnerability scanning by 23 and 80 ports of honey jar exposure camera Scanning flow packet is obtained, the source IP address of scanning flow packet is analyzed and obtains Intranet attack host;In outer network environment Under, the flow of all access cameras uniformly passes through router filter, to allowing the IP address accessed to let pass, otherwise prohibits Only.
The present invention can all be on the defensive to the intranet and extranet of camera, be used to reach by one honey jar of framework under intranet environment To the effect of monitoring, when thering is infected camera to send scanning information, honey jar can be allowed to open the induction of 23/80 port Attacker goes scanning device, according to honey jar mechanism can acquisition scan message, analyze message;Pass through router under outer network environment ACL configuration is realized to the filtering screening by camera flow, has the function that malice scans flow and cannot pass through camera.
In the method for the present invention, the functions such as detection and filtering of flow, come complete independently, alleviate camera by router Work load, router are configured by ACL, have haved the function that shunting and current limliting;Meanwhile using router acls to outer net Illegal request is filtered, and is not needed to forbid all extranet access, be ensure that the functionality of camera;Use Cowrie honey jar Intranet deployment is carried out, low rate of false alarm can better understand the Means of Intrusion and process of attacker.
Preferably, honey jar is configured at the public network end of camera, by 23 and 80 ports of honey jar exposure camera, works as appearance When camera vulnerability scanning is attacked, scanning flow packet is obtained by the Linux host of open port, Linux host is again The request for accessing 23 and 80 ports of camera is forwarded in the listening port of honey jar, honey jar is to the key message in request (such as source IP address, purpose IP address, weak passwurd account, weak passwurd password etc.) is stored;Finally logging in honey jar can look into It sees database information, i.e., infected camera is searched by honey jar and Intranet attacks host.
Using the method for the present invention, attacker can be allowed to the scanning flow of camera and attacked during the work of camera Defence can not be also achieved that by camera by hitting flow.It transfers ownership in defence, honey jar can receive to come self-scanning flow and attack All message informations of flow, the later period, the information such as purpose IP address can be with seat offence person by analysis processing such as source IP address Geographical location.
Preferably, it accesses to router when controlling list configuration, using packet filtering technology, reads on the router Information in three layers and the 4th layer of packet header;On public network, to allowing the IP address accessed to let pass, to the IP of non-permitted access Address, first judges whether it accesses 23 and 80 ports of camera, if being then filtered to the IP address.
Preferably, it accesses to router when controlling list configuration, the IP's for allowing to access uses access-list 1permit ip order configures router, while using access-list 11deny tcp any any eq 80;access- The order configuration router of list 11deny tcp any any eq 23, in addition uses access-list 111permit any Any order configures router, to receive all unsuccessful orders of matching;The router configured through accesses control list, can abide by It follows one by one matching principle and safety filtering is carried out to all flows by the router.
The utility model has the advantages that the defence method provided by the invention for intranet and extranet camera configuration weak passwurd loophole, relative to The prior art has the advantage that the ACL configuration of 1, router can identify and shield the scanning of illegal request and port, It is effectively prevented weak passwurd scanning;2, the opening of honey jar particular port can identify and position the IP of infected camera, effectively Prevent camera infect diffusion;3, this method not only prevents the security attack of outer net, and can also provide safety in Intranet Protection, i.e. double protection functions;4, for a user, easy to use, it is only necessary to configuration of routers ACL and to increase a honey Tank, for existing network without doing excessive change, applicability is wide;5, this set system mode that this method proposes is more stable, can solve The threat of certainly most of secure context, reaches preferable actual effect.
Detailed description of the invention
Fig. 1 is the ACL configuration rule figure of router.
Specific embodiment
The present invention will be further explained with reference to the accompanying drawing.
ACL technology is widely adopted in the router, it is a kind of flow control technology based on packet filtering, and control list is logical It crosses using source address, destination address and port numbers as the basic element of packet inspection, and can specify that qualified data Whether packet allows to pass through.
Honeypot Techniques are substantially the technologies that a kind of couple of attacker is cheated, by arranging some masters as bait Machine, network service or information lure that attacker implements to attack to them into, since honey jar can not execute corresponding malicious code, Attack information can be saved by intact, and so as to be captured and analyzed to attack, understanding attacker is made Tool and method, thus it is speculated that attack intension and motivation can allow defender clearly to understand faced security threat, and lead to Technology and management means are crossed to enhance the security protection ability of system.
The present invention needs while defending Intranet and outer net to attack, therefore honey jar will be connect simultaneously in Intranet network segment and public network network segment On, quantity can do increase and decrease appropriate according to the demand of user.
Under intranet environment, scanning attack of the camera by internal computer, can dispose a honey jar machine in order to prevent The ports such as device and exposure 23/80.When there is the scanning attack to camera loophole, scanning flow packet can be carried out by honey jar It obtains, and the source IP address of analysis bag obtains internal attack machine;Both made camera by malicious code infections such as Botnets Afterwards equally the flow packet that camera is issued can be obtained by honey jar.
Under outer network environment, public network IP is scanned attack to camera in order to prevent, by imaging the part of public network Head is linked into the rear of router, and carries out ACL configuration to router, unified to the flow of the camera of all access through passing by one's way Camera can just be reached by the filtering of device, let pass to allowing to access IP address, if not the IP in rule then judges its visit It asks the port of camera, if the practical port of access port non-80,23 etc. can let pass, otherwise forbids accessing.It is same on public network Honey jar can be disposed, when carrying out the attack of malice scanning explosion to camera loophole, honey jar can be very good to obtain and attack when existing Flow is hit, attack source IP is analyzed, achievees the purpose that protect camera.
ACL uses packet filtering technology, read on the router in third layer and the 4th layer of packet header information (such as source address, Destination address, agreement mouth, port numbers etc.), on public network, we are with allowing in a network segment IP of these addressable cameras Location is IP1, IP2, IP3.Use access-list 1permit IP1 wildcard mask;Access-list 1permit IP2 is counter to be covered Code;The orders such as access-list 1permit IP3 wildcard mask configure router, only allow the outer net IP in rule that can just enter The network segment, for non-IP1, the address of IP2, IP3 need first to judge that it accesses whether Internal camera head end mouth is public port, Such as 80,23, if it is it is filtered.Use access-list 11deny tcp any any eq 80;access-list The order configuration router of 11deny tcp any any eq 23.It is last to be ordered because ACL finally has one to hide, current two Matching rule can be rejected by default when unsuccessful it is all, so configuration access-list 111permit any any;Receive all Unsuccessful order is matched, safe mistake can be carried out to all flows by the router by following one by one matching principle according to ACL Filter.Router acls workflow is as follows:
(11) accesses control list intercepts data packet all on this route, judges whether the data packet is rule Allow in library by IP (being determined according to the IP in configuration code), if successful match enters step (12), otherwise enter step Suddenly (13);
(12) accesses control list is proved to be successful this IP, allows to request to pass through;
(13) if the IP of source request is mismatched, we just judge whether request page etc. is 23 ports or Web page Face if it is intercepts this data packet, and does filtration treatment, otherwise enters step (14);
(14) access of this data packet is nonsensitive data or equipment, is configured according to accesses control list the last item, is permitted Perhaps it passes through.
Honey jar uses Cowrie.It establishes the medium interactive honey jar of Cowrie and (simulates one in a distinctive control environment A network service, allow attacker part interaction), available attacker be used for Brute Force dictionary, input order with And the malicious file for uploading or downloading.After uploading malicious file, the operation for executing malicious file will fail attacker, so It is relatively safer for honey jar itself.Cowrie and relevant configuration file are installed on Linux host, including walked as follows It is rapid:
(21) listening port of honey jar is modified;
(22) port forwarding is done into the request of the Intranet access port of server 23 and 80, is forwarded to the listening port of honey jar In;
(23) real (non-honey jar) telent is serviced, web services port is changed to 65522,65523;
(24) mysql database is installed, cowrie has and will attack IP, and time, history executes the records such as order and directly deposits In the database;
(25) database of entitled cowrie is established using root user and all tables in the library are licensed into cowrie;
(26) enter in cowrie installation directory, using cowrie user's log database, into the library cowrie, will/ Opt/cowrie/doc/sql/mysql.sql can be made into multiple tables as data source;
(27) the database configuration for modifying configuration file cowrie.cfg, makes the password and cowrie data in configuration file Library user password is consistent;
(28) start honey jar.
Honey jar workflow is as follows:
The data packet that (31) 23/80 equal sensitive ports carry out weak passwurd scanning monitors the Linux host of open port;
(32) respective request is forwarded in the listening port of honey jar by Linux host, and honey jar is to the key message in request Such as source address, destination address, weak passwurd account, weak passwurd password stored accordingly;
(33) honey jar is logged in, checks database information, searches infected camera and Intranet attack host.
The above is only a preferred embodiment of the present invention, it should be pointed out that: for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (4)

1. a kind of defence method for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that: at the net end of camera Honey jar is set, while the public network end of camera being linked into the rear of router, and is accessed to router and is controlled list and match It sets;Under intranet environment, led to by 23 and 80 ports of honey jar exposure camera when there is the attack of camera vulnerability scanning Honey jar is crossed to obtain scanning flow packet, analyze the source IP address of scanning flow packet and obtain Intranet attack host;In outer net Under environment, the flow of all access cameras uniformly passes through router filter, to allowing the IP address accessed to let pass, otherwise Forbid.
2. the defence method according to claim 1 for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that: Honey jar is configured at the public network end of camera, by 23 and 80 ports of honey jar exposure camera, when there is camera vulnerability scanning When attack, scanning flow packet is obtained by the Linux host of open port, Linux host will access camera again The request of 23 and 80 ports is forwarded in the listening port of honey jar, and honey jar stores the key message in request, passes through honey Tank searches infected camera and Intranet attacks host.
3. the defence method according to claim 1 for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that: It is accessed when controlling list configuration to router, using packet filtering technology, reads third layer and the 4th layer of packet on the router Information in head;On public network, to allowing the IP address accessed to let pass, to the IP address of non-permitted access, it is first judged 23 and 80 ports for whether accessing camera, if being then filtered to the IP address.
4. the defence method according to claim 1 for intranet and extranet camera configuration weak passwurd loophole, it is characterised in that: It is accessed when controlling list configuration to router, the IP's for allowing to access uses 1 permit ip order of access-list Router is configured, while using 11 deny tcp any any eq 80 of access-list;access-list 11 deny The order configuration router of tcp any any eq 23, is in addition matched using 111 permit any any order of access-list Router is set, to receive all unsuccessful orders of matching;The router configured through accesses control list, can follow and match one by one Principle carries out safety filtering to all flows by the router.
CN201811375787.4A 2018-11-19 2018-11-19 A kind of defence method for intranet and extranet camera configuration weak passwurd loophole Pending CN109495472A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811375787.4A CN109495472A (en) 2018-11-19 2018-11-19 A kind of defence method for intranet and extranet camera configuration weak passwurd loophole
PCT/CN2019/093344 WO2020103454A1 (en) 2018-11-19 2019-06-27 Defense method for configuring weak password vulnerabilities of internal and external network cameras

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811375787.4A CN109495472A (en) 2018-11-19 2018-11-19 A kind of defence method for intranet and extranet camera configuration weak passwurd loophole

Publications (1)

Publication Number Publication Date
CN109495472A true CN109495472A (en) 2019-03-19

Family

ID=65696980

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811375787.4A Pending CN109495472A (en) 2018-11-19 2018-11-19 A kind of defence method for intranet and extranet camera configuration weak passwurd loophole

Country Status (2)

Country Link
CN (1) CN109495472A (en)
WO (1) WO2020103454A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110290138A (en) * 2019-06-27 2019-09-27 苏宁消费金融有限公司 Limitation login method and system suitable for test database
CN110381041A (en) * 2019-06-28 2019-10-25 奇安信科技集团股份有限公司 Distributed denial of service attack situation detection method and device
CN110798482A (en) * 2019-11-11 2020-02-14 杭州安恒信息技术股份有限公司 System-level honeypot network isolation system based on linux network filter
CN111181998A (en) * 2020-01-09 2020-05-19 南京邮电大学 Design method of honeypot capture system for terminal equipment of Internet of things
WO2020103454A1 (en) * 2018-11-19 2020-05-28 南京邮电大学 Defense method for configuring weak password vulnerabilities of internal and external network cameras
CN111431891A (en) * 2020-03-20 2020-07-17 广州锦行网络科技有限公司 Honey pot deployment method
CN111628981A (en) * 2020-05-21 2020-09-04 公安部第三研究所 Network security system and method capable of being linked with application system
CN111797384A (en) * 2020-05-14 2020-10-20 广州锦行网络科技有限公司 Honeypot weak password self-adaptive matching method and system based on attack behavior analysis
CN112242974A (en) * 2019-07-16 2021-01-19 中国移动通信集团浙江有限公司 Attack detection method and device based on behaviors, computing equipment and storage medium
CN113132293A (en) * 2019-12-30 2021-07-16 中国移动通信集团湖南有限公司 Attack detection method and device and public honeypot system
CN114615077A (en) * 2022-03-30 2022-06-10 中国农业银行股份有限公司 Honeypot-based network access control method, device and equipment
CN114650153A (en) * 2020-12-17 2022-06-21 浙江宇视科技有限公司 Video network security risk prevention system and method

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114866326A (en) * 2022-05-16 2022-08-05 上海磐御网络科技有限公司 Camera honeypot construction method based on linux system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882884A (en) * 2012-10-13 2013-01-16 山东电力集团公司电力科学研究院 Honeynet-based risk prewarning system and method in information production environment
CN104980423A (en) * 2014-11-26 2015-10-14 哈尔滨安天科技股份有限公司 Advanced persistent threat trapping system and method
CN105681353A (en) * 2016-03-22 2016-06-15 浙江宇视科技有限公司 Method and device of defending port scanning invasion
US20170223052A1 (en) * 2016-01-29 2017-08-03 Sophos Limited Honeypot network services
US20180146009A1 (en) * 2016-11-18 2018-05-24 Brad Austin Primm Computer network security system for protecting against malicious software
CN108768917A (en) * 2017-08-23 2018-11-06 长安通信科技有限责任公司 A kind of Botnet detection method and system based on network log

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090125470A1 (en) * 2007-11-09 2009-05-14 Juniper Networks, Inc. System and Method for Managing Access Control Lists
CN106034046A (en) * 2015-03-20 2016-10-19 中兴通讯股份有限公司 Method and device for sending access control list (ACL)
CN107330331B (en) * 2016-04-29 2020-11-13 阿里巴巴集团控股有限公司 Method, device and system for identifying system with vulnerability
CN109495472A (en) * 2018-11-19 2019-03-19 南京邮电大学 A kind of defence method for intranet and extranet camera configuration weak passwurd loophole

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882884A (en) * 2012-10-13 2013-01-16 山东电力集团公司电力科学研究院 Honeynet-based risk prewarning system and method in information production environment
CN104980423A (en) * 2014-11-26 2015-10-14 哈尔滨安天科技股份有限公司 Advanced persistent threat trapping system and method
US20170223052A1 (en) * 2016-01-29 2017-08-03 Sophos Limited Honeypot network services
CN105681353A (en) * 2016-03-22 2016-06-15 浙江宇视科技有限公司 Method and device of defending port scanning invasion
US20180146009A1 (en) * 2016-11-18 2018-05-24 Brad Austin Primm Computer network security system for protecting against malicious software
CN108768917A (en) * 2017-08-23 2018-11-06 长安通信科技有限责任公司 A kind of Botnet detection method and system based on network log

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
叶清等: "《网络安全原理》", 31 May 2014, 武汉大学出版社 *
李享梅等: "《交换与路由技术》", 30 September 2017 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020103454A1 (en) * 2018-11-19 2020-05-28 南京邮电大学 Defense method for configuring weak password vulnerabilities of internal and external network cameras
CN110290138B (en) * 2019-06-27 2021-12-21 苏宁消费金融有限公司 Restricted login method and system suitable for test database
CN110290138A (en) * 2019-06-27 2019-09-27 苏宁消费金融有限公司 Limitation login method and system suitable for test database
CN110381041A (en) * 2019-06-28 2019-10-25 奇安信科技集团股份有限公司 Distributed denial of service attack situation detection method and device
CN110381041B (en) * 2019-06-28 2021-12-14 奇安信科技集团股份有限公司 Distributed denial of service attack situation detection method and device
CN112242974A (en) * 2019-07-16 2021-01-19 中国移动通信集团浙江有限公司 Attack detection method and device based on behaviors, computing equipment and storage medium
CN110798482A (en) * 2019-11-11 2020-02-14 杭州安恒信息技术股份有限公司 System-level honeypot network isolation system based on linux network filter
CN113132293A (en) * 2019-12-30 2021-07-16 中国移动通信集团湖南有限公司 Attack detection method and device and public honeypot system
CN111181998B (en) * 2020-01-09 2022-07-26 南京邮电大学 Design method of honeypot capture system for terminal equipment of Internet of things
CN111181998A (en) * 2020-01-09 2020-05-19 南京邮电大学 Design method of honeypot capture system for terminal equipment of Internet of things
CN111431891A (en) * 2020-03-20 2020-07-17 广州锦行网络科技有限公司 Honey pot deployment method
CN111797384B (en) * 2020-05-14 2021-04-16 广州锦行网络科技有限公司 Honeypot weak password self-adaptive matching method and system based on attack behavior analysis
CN111797384A (en) * 2020-05-14 2020-10-20 广州锦行网络科技有限公司 Honeypot weak password self-adaptive matching method and system based on attack behavior analysis
CN111628981A (en) * 2020-05-21 2020-09-04 公安部第三研究所 Network security system and method capable of being linked with application system
CN111628981B (en) * 2020-05-21 2022-09-23 公安部第三研究所 Network security system and method capable of being linked with application system
CN114650153A (en) * 2020-12-17 2022-06-21 浙江宇视科技有限公司 Video network security risk prevention system and method
CN114650153B (en) * 2020-12-17 2024-04-05 浙江宇视科技有限公司 Video network security risk prevention system and method
CN114615077A (en) * 2022-03-30 2022-06-10 中国农业银行股份有限公司 Honeypot-based network access control method, device and equipment

Also Published As

Publication number Publication date
WO2020103454A1 (en) 2020-05-28

Similar Documents

Publication Publication Date Title
CN109495472A (en) A kind of defence method for intranet and extranet camera configuration weak passwurd loophole
US10462181B2 (en) Method, system, and apparatus to identify and study advanced threat tactics, techniques and procedures
US8516575B2 (en) Systems, methods, and media for enforcing a security policy in a network including a plurality of components
US20150047032A1 (en) System and method for computer security
CN107872456A (en) Network intrusion prevention method, apparatus, system and computer-readable recording medium
US20080098476A1 (en) Method and Apparatus for Defending Against Zero-Day Worm-Based Attacks
EP1900172A1 (en) Anti-hacker system with honey pot
CN113422779B (en) Active security defense system based on centralized management and control
Chen et al. Intrusion detection
CN117614717A (en) Whole-flow handling system and method based on network security alarm event
Jeremiah Intrusion detection system to enhance network security using raspberry pi honeypot in kali linux
CN116471121A (en) Security defense method, gateway proxy device, and storage medium
KR101006372B1 (en) System and method for sifting out the malicious traffic
CN106856478A (en) A kind of safety detection method and device based on LAN
CN115549943B (en) Four-honey-based integrated network attack detection method
Veena et al. Implementing file and real time based intrusion detections in secure direct method using advanced honeypot
Alsaqour et al. Defense in Depth: Multilayer of security
Cisco Design Considerations
Verwoerd Active network security
Nielson Classical Network Security Technology
Goh Intrusion deception in defense of computer systems
Asarcıklı Firewall monitoring using intrusion detection systems
Yun Network defense-in-depth: evaluating host-based intrusion detection systems
CN117955675A (en) Network attack defending method and device, electronic equipment and storage medium
AlFraih et al. Design of a worm isolation and unknown worm monitoring system based on honeypot

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190319

RJ01 Rejection of invention patent application after publication