CN109617878A - A kind of construction method and system, computer readable storage medium of honey net - Google Patents
A kind of construction method and system, computer readable storage medium of honey net Download PDFInfo
- Publication number
- CN109617878A CN109617878A CN201811525549.7A CN201811525549A CN109617878A CN 109617878 A CN109617878 A CN 109617878A CN 201811525549 A CN201811525549 A CN 201811525549A CN 109617878 A CN109617878 A CN 109617878A
- Authority
- CN
- China
- Prior art keywords
- honey net
- honey
- host computer
- available set
- net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Abstract
The present invention is suitable for network technique field, provides the construction method and system of a kind of honey net, comprising: obtain the IP available set in honey net;The IP of preset ratio is selected from the IP available set, and according to preset strategy, each IP to select generates corresponding template profile;According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;It is monitored by the fictitious host computer and captures the all-network behavioral data by the fictitious host computer.In the present invention, the establishment of honey net can rely only on a host completely, do not depend on multiple host or third party's virtual environment, extensive honey jar is simulated by fictitious host computer generation, to complete the establishment of honey net, networking cost is low.
Description
Technical field
The invention belongs to the construction method and system of network technique field more particularly to a kind of honey net, computer-readable deposit
Storage media.
Background technique
Honey jar attracts attack by the operation system of simulating realistic environment, and records the behavioral data of attacker, with
Realize that early warning is traced to the source and attacked to the evidence collection for network security, behavior.Multiple honey jars constitute sweet net, deploy sweet net
Afterwards, the real estate of user can be less susceptible to be found by attacker, to allow attacker that can not find true target, win for user
Take the valuable emergency response time.
Traditional sweet net is deployed on more physical hosts, or the commercial virtualization such as be deployed in VMware, Xen, Hyper-V
In environment, need to expend higher hardware cost and additional soft ware authorization expense.
Summary of the invention
In view of this, the embodiment of the invention provides the construction methods and system, computer-readable storage medium of a kind of honey net
Matter, to solve the problems, such as that sweet wet end is affixed one's name at high cost in the prior art.
The first aspect of the embodiment of the present invention provides a kind of construction method of honey net, comprising:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each selected
IP generates corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network behavioral data by the fictitious host computer.
The second aspect of the embodiment of the present invention provide it is a kind of honey net establishment system, including memory, processor and
Store the computer program that can be run in the memory and on the processor, which is characterized in that the processor is held
Row the computer program when for realizing:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each selected
IP generates corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
The third aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, and the construction method of honey net as described above is realized when the computer program is executed by processor
The step of.
Existing beneficial effect is the embodiment of the present invention compared with prior art:
In the embodiment of the present invention, the establishment of honey net can rely only on a host completely, not depend on multiple host or third party
Virtual environment simulates extensive honey jar by fictitious host computer generation, to complete the establishment of honey net, networking cost is low.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the implementation flow chart of the construction method of honey net provided in an embodiment of the present invention;
Fig. 2 is the specific implementation flow chart of the construction method S101 of honey net provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides honey net construction method S101 specific implementation flow chart;
Fig. 4 be another embodiment of the present invention provides honey net construction method implementation flow chart;
Fig. 5 is the configuration diagram of the establishment system of honey net provided in an embodiment of the present invention;
Fig. 6 is the schematic diagram of the establishment system of honey net provided in an embodiment of the present invention.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Fig. 1 shows the implementation process of the construction method of honey net provided in an embodiment of the present invention, and details are as follows:
S101: the IP available set in honey net is obtained.
Sweet net, the analog network being made of multiple honey jars.Honey jar is a kind of software application system, is lured for serving as invasion
Bait lures hacker to come to attack.After attacker's invasion, pass through monitoring and analysis, so that it may know how to invade, at any time
Solution is directed to the newest attack and loophole that organization server starts.Honey jar can also be collected by the connection between eavesdropping hacker
Various tools used in hacker, and grasp their social networks.
Honey jar is a kind of software application system, for serving as invasion bait, hacker is lured to come to attack.Attacker's invasion
Afterwards, pass through monitoring and analysis, so that it may know how to invade, understand newest attack for what organization server started at any time
It hits and loophole.Honey jar can also collect various tools used in hacker, and grasp them by the connection between eavesdropping hacker
Social networks.Sweet net is known as by the analog network that multiple honey jars form.
Each honey jar due to constituting honey net requires to possess an independent IP, in embodiments of the present invention, honey
First have to detect survival host in network before net starting, the IP set A for host of having been survived, and according to no classification
Inter-domain routing (Classless Inter-Domain Routing, CIDR) calculates the whole IP set B, set B in honey net
Set difference operation is done with set A, to obtain the IP available set C of honey net.The specific implementation of S101 is as shown in Figure 2:
S201: the machine IP and subnet mask are obtained.
Specified network interface card information is read according to the configuration information of honey net, to get the machine IP and subnet mask.
S202: the machine IP and subnet mask that get are calculated, CIDR is obtained.
By calculating the machine IP and subnet mask, CIDR is obtained, that is, gets whole IP set B in honey net.
S203: it is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry is deposited
The IP set of host living.
Request message is constructed according to address resolution protocol (Address Resolution Protocol, ARP) and CIDR,
And to send the request message to each IP address, inquiry obtains Batch sending ARP broadcast data packet by local area network
The IP set A of survival host.
S204: IP set and CIDR based on the survival host export the IP available set.
Set difference operation is carried out to IP set B and IP set A, finally obtains and exports IP available set C.
Further, as shown in figure 3, after S204, the method also includes:
S205: by coordinating, the IP available set is verified in calling system order.
One-time authentication is carried out to the IP set C being not used by by association journey (gevent) calling system order ping, with drop
Low resultant error.
S206: IP is retained to the IP available set removal after verifying and is exported.
Finally, removal retains IP in IP available set after this authentication, finally obtained IP available set C is exported.
S102: selecting the IP of preset ratio, and according to preset strategy from the IP available set, every for what is selected
One IP generates corresponding template profile.
After obtaining IP available set C, a certain proportion of IP is selected according to demand, to each IP selected, according to one
Template profile is generated after fixed strategy combination.Wherein, template profile is the combination for including following multiple policy: behaviour
Make system type, system fingerprint, MAC Address, production firm, data processing rule and IP etc..In embodiments of the present invention, as
The strategy that template profile generates foundation is generated according to system fingerprint (i.e. the network characterization of real estate) and agent rule, and
The selection percentage of IP is used to determine the open-ended quantity of honey net, to influence the workload of attacker.
S103: it according to the corresponding template profile, generates fictitious host computer and binds corresponding IP.
After the selection for completing IP, according to template profile, around user equipment namely net locating for user equipment
Fictitious host computer is generated in network in bulk, each fictitious host computer is respectively allocated an IP as an independent honey jar, that is, every
A IP binds an independent fictitious host computer.Thus one, a large amount of honey jar is mingled in true user network, forms honey
Net makes the real estate of user be not easy to be found.
S104: being monitored by the fictitious host computer and captures all-network data packet by the fictitious host computer.
After having disposed fictitious host computer, the host process of fictitious host computer can monitor the flow that host specifies network interface card, by catching
The data packet of all processes is obtained, the behavior that attacker accesses fictitious host computer IP all can be recorded and analyze.
Above S101~S104 is the establishment for completing honey net, which can rely only on a host completely, not depend on more
Platform host or third party's virtual environment, extensive honey jar is simulated by fictitious host computer generation, so that the establishment of honey net is completed,
Networking cost is low.
Fig. 4 shows the implementation process for the construction method netted another embodiment of the present invention provides honey, in the corresponding implementation of Fig. 1
On the basis of example, the present embodiment is after S104, further includes:
S105: the network packet is distributed into the corresponding fictitious host computer, the network data is coated with the void
Quasi- host is used for according to the corresponding protocol type of the network packet, according to matched processing rule to the network packet
It is handled.
By being parsed from link layer, network layer and application layer to the data packet captured, the information parsed
Including MAC Address, IP, port, protocol type and behavioral data.Based on the information that parsing obtains, judge whether to belong to honey net
Scope of offical duty if it is distributes to corresponding fictitious host computer processing if not then abandoning.Fictitious host computer is being assigned to need
After the information to be parsed, different protocol types is handled according to matched processing rule respectively: the response of ARP and ICMP
Directly by program structure, the data of transport layer and application layer can further be handled respectively data packet according to different ports.If
It does not handle rule to be matched, is then handled by independent protocol module, if there is data processing rule is matched, then according to data
Processing rule gives corresponding server processing after modifying data packet, reply to attacker again after the data message processing of return.
In addition, host is also responsible for interacting the request of attacker processing, and to interaction data carry out record and into
The analysis of one step, to obtain the behavioural information of attacker, analyzes the behavioural information of attacker.
In embodiments of the present invention, corresponding processing result and analysis result can be saved into the database of honey net.
Fig. 5 is the system architecture schematic diagram of honey net provided in an embodiment of the present invention.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Fig. 6 is the schematic diagram of the establishment system for the honey net that one embodiment of the invention provides.As shown in fig. 6, the embodiment
The establishment system 6 of honey net includes: processor 60, memory 61 and is stored in the memory 61 and can be in the processor
The computer program 62 run on 60, such as the constituting procedure of honey net.When the processor 60 executes the computer program 62
Realize the step in the construction method embodiment of above-mentioned each honey net, such as step 101 shown in FIG. 1 is to 104.
Illustratively, the computer program 62 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 61, and are executed by the processor 60, to complete the present invention.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 62 in the establishment system 6 of the honey net is described, comprising:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each selected
IP generates corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
Optionally, the IP available set obtained in honey net, comprising:
Obtain the machine IP and subnet mask;
The machine IP and subnet mask that get are calculated, uncategorized inter-domain routing CIDR is obtained;
It is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry obtains survival host
IP set;
IP set and CIDR based on the survival host, export the IP available set.
Optionally, it is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net described, it is defeated
Out after the IP available set, further includes:
By coordinating, the IP available set is verified in calling system order;
IP is retained to the IP available set removal after verifying and is exported.
Optionally, it is also used to realize when the processor executes the computer program:
The network packet is distributed into the corresponding fictitious host computer, the network data is coated with the fictitious host computer
For according to the corresponding protocol type of the network packet, according to matched processing rule to the network packet at
Reason.
The establishment system 6 of the honey net can be the meter such as desktop PC, notebook, palm PC and cloud server
Calculate equipment.The establishment system 6 of the honey net may include, but be not limited only to, processor 60, memory 61.Those skilled in the art
It is appreciated that Fig. 6 is only the example of the establishments system 6 of honey net, the restriction for the establishment system 6 netted to honey is not constituted, it can be with
Including than illustrating more or fewer components, perhaps combining certain components or different components, such as the establishment of the honey net
System 6 can also include input-output equipment, network access equipment, bus etc..
Alleged processor 60 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 61 can be the internal storage unit of the establishment system 6 of the honey net, such as the establishment system of honey net
The hard disk or memory of system 6.The memory 61 is also possible to the External memory equipment of the establishment system 6 of the honey net, such as institute
State the plug-in type hard disk being equipped in the establishment system 6 of honey net, intelligent memory card (Smart Media Card, SMC), secure digital
(Secure Digital, SD) card, flash card (Flash Card) etc..Further, the memory 61 can also both include
The internal storage unit of the establishment system 6 of the honey net also includes External memory equipment.The memory 61 is described for storing
Other programs and data needed for the establishment system 6 of computer program and the honey net.The memory 61 can be also used for
Temporarily store the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list
Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system
The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as
Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device
Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..Computer-readable Jie
Matter may include: can carry the computer program code any entity or device, recording medium, USB flash disk, mobile hard disk,
Magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described
The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice
Subtract, such as does not include electric carrier signal and electricity according to legislation and patent practice, computer-readable medium in certain jurisdictions
Believe signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of construction method of honey net characterized by comprising
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each IP life selected
At corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
2. the construction method of honey net as described in claim 1, which is characterized in that the IP available set obtained in honey net,
Include:
Obtain the machine IP and subnet mask;
The machine IP and subnet mask that get are calculated, uncategorized inter-domain routing CIDR is obtained;
It is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry obtains the IP of survival host
Set;
IP set and CIDR based on the survival host, export the IP available set.
3. the construction method of honey net as claimed in claim 2, which is characterized in that described according to address resolution protocol and CIDR
Construction request message is simultaneously broadcasted in the honey net, after exporting the IP available set, further includes:
By coordinating, the IP available set is verified in calling system order;
IP is retained to the IP available set removal after verifying and is exported.
4. the construction method of honey net as described in claim 1, which is characterized in that the construction method of the honey net further include:
The network packet is distributed into the corresponding fictitious host computer, the network data is coated with the fictitious host computer and is used for
According to the corresponding protocol type of the network packet, the network packet is handled according to matched processing rule.
5. the construction method of honey net as claimed in claim 4, which is characterized in that the construction method of the honey net further include:
Processing result is saved to the database of the honey net.
6. a kind of establishment system of honey net, which is characterized in that including memory, processor and store in the memory simultaneously
The computer program that can be run on the processor, which is characterized in that the processor is used when executing the computer program
In realization:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each IP life selected
At corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
7. the establishment system of honey net as claimed in claim 6, which is characterized in that the IP available set obtained in honey net,
Include:
Obtain the machine IP and subnet mask;
The machine IP and subnet mask that get are calculated, uncategorized inter-domain routing CIDR is obtained;
It is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry obtains the IP of survival host
Set;
IP set and CIDR based on the survival host, export the IP available set.
8. the establishment system of honey net as claimed in claim 7, which is characterized in that described according to address resolution protocol and CIDR
Construction request message is simultaneously broadcasted in the honey net, after exporting the IP available set, further includes:
By coordinating, the IP available set is verified in calling system order;
IP is retained to the IP available set removal after verifying and is exported.
9. the establishment system of honey net as claimed in claim 7, which is characterized in that the processor executes the computer program
When be also used to realize:
The network packet is distributed into the corresponding fictitious host computer, the network data is coated with the fictitious host computer and is used for
According to the corresponding protocol type of the network packet, the network packet is handled according to matched processing rule.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In when the computer program is executed by processor the step of any one of such as claim 1 to 5 of realization the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811525549.7A CN109617878A (en) | 2018-12-13 | 2018-12-13 | A kind of construction method and system, computer readable storage medium of honey net |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811525549.7A CN109617878A (en) | 2018-12-13 | 2018-12-13 | A kind of construction method and system, computer readable storage medium of honey net |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109617878A true CN109617878A (en) | 2019-04-12 |
Family
ID=66008220
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811525549.7A Pending CN109617878A (en) | 2018-12-13 | 2018-12-13 | A kind of construction method and system, computer readable storage medium of honey net |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109617878A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110071929A (en) * | 2019-04-28 | 2019-07-30 | 江苏极元信息技术有限公司 | A kind of defence method of the magnanimity bait capture attack source based on virtual platform |
CN110505195A (en) * | 2019-06-26 | 2019-11-26 | 中电万维信息技术有限责任公司 | The dispositions method and system of fictitious host computer |
CN110784361A (en) * | 2019-10-31 | 2020-02-11 | 国网河南省电力公司电力科学研究院 | Virtualized cloud honey network deployment method, device, system and computer-readable storage medium |
CN111147513A (en) * | 2019-12-31 | 2020-05-12 | 广州锦行网络科技有限公司 | Transverse moving attack path determination method in honey net based on attack behavior analysis |
CN113132293A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团湖南有限公司 | Attack detection method and device and public honeypot system |
CN114584349A (en) * | 2022-02-15 | 2022-06-03 | 烽台科技(北京)有限公司 | Network data protection method, device, terminal and readable storage medium |
US11456987B1 (en) | 2021-05-07 | 2022-09-27 | State Farm Mutual Automobile Insurance Company | Systems and methods for automatic internet protocol address management |
CN115208670A (en) * | 2022-07-15 | 2022-10-18 | 北京天融信网络安全技术有限公司 | Honey net construction method and device, electronic equipment and computer readable storage medium |
CN117220900A (en) * | 2023-07-14 | 2023-12-12 | 博智安全科技股份有限公司 | Method and system for automatically detecting honeypot system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040103314A1 (en) * | 2002-11-27 | 2004-05-27 | Liston Thomas F. | System and method for network intrusion prevention |
CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
CN102932498A (en) * | 2012-10-24 | 2013-02-13 | 广州杰赛科技股份有限公司 | Virtual machine internet protocol (IP) resource management method of cloud computing platform |
CN103139184A (en) * | 2011-12-02 | 2013-06-05 | 中国电信股份有限公司 | Intelligent network firewall device and network attack protection method |
CN107707576A (en) * | 2017-11-28 | 2018-02-16 | 深信服科技股份有限公司 | A kind of network defense method and system based on Honeypot Techniques |
CN108199871A (en) * | 2017-12-28 | 2018-06-22 | 广州锦行网络科技有限公司 | System and method is realized in dynamic honey net environment deployment based on virtualization technology |
CN108933714A (en) * | 2018-10-24 | 2018-12-04 | 郑州云海信息技术有限公司 | It is a kind of to detect the method, apparatus and storage medium that IP address whether there is |
-
2018
- 2018-12-13 CN CN201811525549.7A patent/CN109617878A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040103314A1 (en) * | 2002-11-27 | 2004-05-27 | Liston Thomas F. | System and method for network intrusion prevention |
CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
CN103139184A (en) * | 2011-12-02 | 2013-06-05 | 中国电信股份有限公司 | Intelligent network firewall device and network attack protection method |
CN102932498A (en) * | 2012-10-24 | 2013-02-13 | 广州杰赛科技股份有限公司 | Virtual machine internet protocol (IP) resource management method of cloud computing platform |
CN107707576A (en) * | 2017-11-28 | 2018-02-16 | 深信服科技股份有限公司 | A kind of network defense method and system based on Honeypot Techniques |
CN108199871A (en) * | 2017-12-28 | 2018-06-22 | 广州锦行网络科技有限公司 | System and method is realized in dynamic honey net environment deployment based on virtualization technology |
CN108933714A (en) * | 2018-10-24 | 2018-12-04 | 郑州云海信息技术有限公司 | It is a kind of to detect the method, apparatus and storage medium that IP address whether there is |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110071929A (en) * | 2019-04-28 | 2019-07-30 | 江苏极元信息技术有限公司 | A kind of defence method of the magnanimity bait capture attack source based on virtual platform |
CN110071929B (en) * | 2019-04-28 | 2021-03-16 | 江苏极元信息技术有限公司 | Method for defending massive bait capture attack sources based on virtualization platform |
CN110505195A (en) * | 2019-06-26 | 2019-11-26 | 中电万维信息技术有限责任公司 | The dispositions method and system of fictitious host computer |
CN110784361A (en) * | 2019-10-31 | 2020-02-11 | 国网河南省电力公司电力科学研究院 | Virtualized cloud honey network deployment method, device, system and computer-readable storage medium |
CN113132293A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团湖南有限公司 | Attack detection method and device and public honeypot system |
CN111147513A (en) * | 2019-12-31 | 2020-05-12 | 广州锦行网络科技有限公司 | Transverse moving attack path determination method in honey net based on attack behavior analysis |
US11456987B1 (en) | 2021-05-07 | 2022-09-27 | State Farm Mutual Automobile Insurance Company | Systems and methods for automatic internet protocol address management |
CN114584349A (en) * | 2022-02-15 | 2022-06-03 | 烽台科技(北京)有限公司 | Network data protection method, device, terminal and readable storage medium |
CN115208670A (en) * | 2022-07-15 | 2022-10-18 | 北京天融信网络安全技术有限公司 | Honey net construction method and device, electronic equipment and computer readable storage medium |
CN115208670B (en) * | 2022-07-15 | 2023-10-13 | 北京天融信网络安全技术有限公司 | Honey net construction method, device, electronic equipment and computer readable storage medium |
CN117220900A (en) * | 2023-07-14 | 2023-12-12 | 博智安全科技股份有限公司 | Method and system for automatically detecting honeypot system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109617878A (en) | A kind of construction method and system, computer readable storage medium of honey net | |
CN111565199B (en) | Network attack information processing method and device, electronic equipment and storage medium | |
CN110392052A (en) | A kind of block chain intelligence contract processing system and method | |
CN110224990A (en) | A kind of intruding detection system based on software definition security architecture | |
CN106170947B (en) | A kind of alarm information processing method, relevant device and system | |
CN110768987A (en) | SDN-based dynamic deployment method and system for virtual honey network | |
CN110784361A (en) | Virtualized cloud honey network deployment method, device, system and computer-readable storage medium | |
CN109544349A (en) | One kind being based on networked asset information collecting method, device, equipment and storage medium | |
Xuan et al. | Detecting application denial-of-service attacks: A group-testing-based approach | |
CN110493238A (en) | Defence method, device, honey pot system and honey jar management server based on honey jar | |
CN109257326A (en) | The method, apparatus and storage medium and electronic equipment for defending data flow to attack | |
CN102098227A (en) | Packet capture method and kernel module | |
CN109413091A (en) | A kind of network security monitoring method and apparatus based on internet-of-things terminal | |
CN107040405B (en) | Passive type various dimensions host Fingerprint Model construction method and its device under network environment | |
CN106650425B (en) | A kind of control method and device of security sandbox | |
CN109840533A (en) | A kind of applied topology figure recognition methods and device | |
CN108718297A (en) | Ddos attack detection method, device, controller and medium based on BP neural network | |
CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
CN114584359B (en) | Security trapping method, device and computer equipment | |
Khan et al. | Towards an applicability of current network forensics for cloud networks: A SWOT analysis | |
CN111953527A (en) | Network attack recovery system | |
Shin et al. | SmartX Multi-Sec: a visibility-centric multi-tiered security framework for multi-site cloud-native edge clusters | |
CN112637250A (en) | Method for realizing dynamic intelligent self-adaptive honey net | |
TaheriMonfared et al. | Multi-tenant network monitoring based on software defined networking | |
US11297081B2 (en) | Methods and systems for eliminating and reducing attack surfaces through evaluating reconfigurations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190412 |