CN109617878A - A kind of construction method and system, computer readable storage medium of honey net - Google Patents

A kind of construction method and system, computer readable storage medium of honey net Download PDF

Info

Publication number
CN109617878A
CN109617878A CN201811525549.7A CN201811525549A CN109617878A CN 109617878 A CN109617878 A CN 109617878A CN 201811525549 A CN201811525549 A CN 201811525549A CN 109617878 A CN109617878 A CN 109617878A
Authority
CN
China
Prior art keywords
honey net
honey
host computer
available set
net
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811525549.7A
Other languages
Chinese (zh)
Inventor
雷承霖
刘志新
龚亮华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feng Tai Technology (beijing) Co Ltd
Original Assignee
Feng Tai Technology (beijing) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feng Tai Technology (beijing) Co Ltd filed Critical Feng Tai Technology (beijing) Co Ltd
Priority to CN201811525549.7A priority Critical patent/CN109617878A/en
Publication of CN109617878A publication Critical patent/CN109617878A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Abstract

The present invention is suitable for network technique field, provides the construction method and system of a kind of honey net, comprising: obtain the IP available set in honey net;The IP of preset ratio is selected from the IP available set, and according to preset strategy, each IP to select generates corresponding template profile;According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;It is monitored by the fictitious host computer and captures the all-network behavioral data by the fictitious host computer.In the present invention, the establishment of honey net can rely only on a host completely, do not depend on multiple host or third party's virtual environment, extensive honey jar is simulated by fictitious host computer generation, to complete the establishment of honey net, networking cost is low.

Description

A kind of construction method and system, computer readable storage medium of honey net
Technical field
The invention belongs to the construction method and system of network technique field more particularly to a kind of honey net, computer-readable deposit Storage media.
Background technique
Honey jar attracts attack by the operation system of simulating realistic environment, and records the behavioral data of attacker, with Realize that early warning is traced to the source and attacked to the evidence collection for network security, behavior.Multiple honey jars constitute sweet net, deploy sweet net Afterwards, the real estate of user can be less susceptible to be found by attacker, to allow attacker that can not find true target, win for user Take the valuable emergency response time.
Traditional sweet net is deployed on more physical hosts, or the commercial virtualization such as be deployed in VMware, Xen, Hyper-V In environment, need to expend higher hardware cost and additional soft ware authorization expense.
Summary of the invention
In view of this, the embodiment of the invention provides the construction methods and system, computer-readable storage medium of a kind of honey net Matter, to solve the problems, such as that sweet wet end is affixed one's name at high cost in the prior art.
The first aspect of the embodiment of the present invention provides a kind of construction method of honey net, comprising:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each selected IP generates corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network behavioral data by the fictitious host computer.
The second aspect of the embodiment of the present invention provide it is a kind of honey net establishment system, including memory, processor and Store the computer program that can be run in the memory and on the processor, which is characterized in that the processor is held Row the computer program when for realizing:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each selected IP generates corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
The third aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage Media storage has computer program, and the construction method of honey net as described above is realized when the computer program is executed by processor The step of.
Existing beneficial effect is the embodiment of the present invention compared with prior art:
In the embodiment of the present invention, the establishment of honey net can rely only on a host completely, not depend on multiple host or third party Virtual environment simulates extensive honey jar by fictitious host computer generation, to complete the establishment of honey net, networking cost is low.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the implementation flow chart of the construction method of honey net provided in an embodiment of the present invention;
Fig. 2 is the specific implementation flow chart of the construction method S101 of honey net provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides honey net construction method S101 specific implementation flow chart;
Fig. 4 be another embodiment of the present invention provides honey net construction method implementation flow chart;
Fig. 5 is the configuration diagram of the establishment system of honey net provided in an embodiment of the present invention;
Fig. 6 is the schematic diagram of the establishment system of honey net provided in an embodiment of the present invention.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Fig. 1 shows the implementation process of the construction method of honey net provided in an embodiment of the present invention, and details are as follows:
S101: the IP available set in honey net is obtained.
Sweet net, the analog network being made of multiple honey jars.Honey jar is a kind of software application system, is lured for serving as invasion Bait lures hacker to come to attack.After attacker's invasion, pass through monitoring and analysis, so that it may know how to invade, at any time Solution is directed to the newest attack and loophole that organization server starts.Honey jar can also be collected by the connection between eavesdropping hacker Various tools used in hacker, and grasp their social networks.
Honey jar is a kind of software application system, for serving as invasion bait, hacker is lured to come to attack.Attacker's invasion Afterwards, pass through monitoring and analysis, so that it may know how to invade, understand newest attack for what organization server started at any time It hits and loophole.Honey jar can also collect various tools used in hacker, and grasp them by the connection between eavesdropping hacker Social networks.Sweet net is known as by the analog network that multiple honey jars form.
Each honey jar due to constituting honey net requires to possess an independent IP, in embodiments of the present invention, honey First have to detect survival host in network before net starting, the IP set A for host of having been survived, and according to no classification Inter-domain routing (Classless Inter-Domain Routing, CIDR) calculates the whole IP set B, set B in honey net Set difference operation is done with set A, to obtain the IP available set C of honey net.The specific implementation of S101 is as shown in Figure 2:
S201: the machine IP and subnet mask are obtained.
Specified network interface card information is read according to the configuration information of honey net, to get the machine IP and subnet mask.
S202: the machine IP and subnet mask that get are calculated, CIDR is obtained.
By calculating the machine IP and subnet mask, CIDR is obtained, that is, gets whole IP set B in honey net.
S203: it is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry is deposited The IP set of host living.
Request message is constructed according to address resolution protocol (Address Resolution Protocol, ARP) and CIDR, And to send the request message to each IP address, inquiry obtains Batch sending ARP broadcast data packet by local area network The IP set A of survival host.
S204: IP set and CIDR based on the survival host export the IP available set.
Set difference operation is carried out to IP set B and IP set A, finally obtains and exports IP available set C.
Further, as shown in figure 3, after S204, the method also includes:
S205: by coordinating, the IP available set is verified in calling system order.
One-time authentication is carried out to the IP set C being not used by by association journey (gevent) calling system order ping, with drop Low resultant error.
S206: IP is retained to the IP available set removal after verifying and is exported.
Finally, removal retains IP in IP available set after this authentication, finally obtained IP available set C is exported.
S102: selecting the IP of preset ratio, and according to preset strategy from the IP available set, every for what is selected One IP generates corresponding template profile.
After obtaining IP available set C, a certain proportion of IP is selected according to demand, to each IP selected, according to one Template profile is generated after fixed strategy combination.Wherein, template profile is the combination for including following multiple policy: behaviour Make system type, system fingerprint, MAC Address, production firm, data processing rule and IP etc..In embodiments of the present invention, as The strategy that template profile generates foundation is generated according to system fingerprint (i.e. the network characterization of real estate) and agent rule, and The selection percentage of IP is used to determine the open-ended quantity of honey net, to influence the workload of attacker.
S103: it according to the corresponding template profile, generates fictitious host computer and binds corresponding IP.
After the selection for completing IP, according to template profile, around user equipment namely net locating for user equipment Fictitious host computer is generated in network in bulk, each fictitious host computer is respectively allocated an IP as an independent honey jar, that is, every A IP binds an independent fictitious host computer.Thus one, a large amount of honey jar is mingled in true user network, forms honey Net makes the real estate of user be not easy to be found.
S104: being monitored by the fictitious host computer and captures all-network data packet by the fictitious host computer.
After having disposed fictitious host computer, the host process of fictitious host computer can monitor the flow that host specifies network interface card, by catching The data packet of all processes is obtained, the behavior that attacker accesses fictitious host computer IP all can be recorded and analyze.
Above S101~S104 is the establishment for completing honey net, which can rely only on a host completely, not depend on more Platform host or third party's virtual environment, extensive honey jar is simulated by fictitious host computer generation, so that the establishment of honey net is completed, Networking cost is low.
Fig. 4 shows the implementation process for the construction method netted another embodiment of the present invention provides honey, in the corresponding implementation of Fig. 1 On the basis of example, the present embodiment is after S104, further includes:
S105: the network packet is distributed into the corresponding fictitious host computer, the network data is coated with the void Quasi- host is used for according to the corresponding protocol type of the network packet, according to matched processing rule to the network packet It is handled.
By being parsed from link layer, network layer and application layer to the data packet captured, the information parsed Including MAC Address, IP, port, protocol type and behavioral data.Based on the information that parsing obtains, judge whether to belong to honey net Scope of offical duty if it is distributes to corresponding fictitious host computer processing if not then abandoning.Fictitious host computer is being assigned to need After the information to be parsed, different protocol types is handled according to matched processing rule respectively: the response of ARP and ICMP Directly by program structure, the data of transport layer and application layer can further be handled respectively data packet according to different ports.If It does not handle rule to be matched, is then handled by independent protocol module, if there is data processing rule is matched, then according to data Processing rule gives corresponding server processing after modifying data packet, reply to attacker again after the data message processing of return.
In addition, host is also responsible for interacting the request of attacker processing, and to interaction data carry out record and into The analysis of one step, to obtain the behavioural information of attacker, analyzes the behavioural information of attacker.
In embodiments of the present invention, corresponding processing result and analysis result can be saved into the database of honey net.
Fig. 5 is the system architecture schematic diagram of honey net provided in an embodiment of the present invention.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit It is fixed.
Fig. 6 is the schematic diagram of the establishment system for the honey net that one embodiment of the invention provides.As shown in fig. 6, the embodiment The establishment system 6 of honey net includes: processor 60, memory 61 and is stored in the memory 61 and can be in the processor The computer program 62 run on 60, such as the constituting procedure of honey net.When the processor 60 executes the computer program 62 Realize the step in the construction method embodiment of above-mentioned each honey net, such as step 101 shown in FIG. 1 is to 104.
Illustratively, the computer program 62 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 61, and are executed by the processor 60, to complete the present invention.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 62 in the establishment system 6 of the honey net is described, comprising:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each selected IP generates corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
Optionally, the IP available set obtained in honey net, comprising:
Obtain the machine IP and subnet mask;
The machine IP and subnet mask that get are calculated, uncategorized inter-domain routing CIDR is obtained;
It is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry obtains survival host IP set;
IP set and CIDR based on the survival host, export the IP available set.
Optionally, it is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net described, it is defeated Out after the IP available set, further includes:
By coordinating, the IP available set is verified in calling system order;
IP is retained to the IP available set removal after verifying and is exported.
Optionally, it is also used to realize when the processor executes the computer program:
The network packet is distributed into the corresponding fictitious host computer, the network data is coated with the fictitious host computer For according to the corresponding protocol type of the network packet, according to matched processing rule to the network packet at Reason.
The establishment system 6 of the honey net can be the meter such as desktop PC, notebook, palm PC and cloud server Calculate equipment.The establishment system 6 of the honey net may include, but be not limited only to, processor 60, memory 61.Those skilled in the art It is appreciated that Fig. 6 is only the example of the establishments system 6 of honey net, the restriction for the establishment system 6 netted to honey is not constituted, it can be with Including than illustrating more or fewer components, perhaps combining certain components or different components, such as the establishment of the honey net System 6 can also include input-output equipment, network access equipment, bus etc..
Alleged processor 60 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor Deng.
The memory 61 can be the internal storage unit of the establishment system 6 of the honey net, such as the establishment system of honey net The hard disk or memory of system 6.The memory 61 is also possible to the External memory equipment of the establishment system 6 of the honey net, such as institute State the plug-in type hard disk being equipped in the establishment system 6 of honey net, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the memory 61 can also both include The internal storage unit of the establishment system 6 of the honey net also includes External memory equipment.The memory 61 is described for storing Other programs and data needed for the establishment system 6 of computer program and the honey net.The memory 61 can be also used for Temporarily store the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program Code can be source code form, object identification code form, executable file or certain intermediate forms etc..Computer-readable Jie Matter may include: can carry the computer program code any entity or device, recording medium, USB flash disk, mobile hard disk, Magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice Subtract, such as does not include electric carrier signal and electricity according to legislation and patent practice, computer-readable medium in certain jurisdictions Believe signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all It is included within protection scope of the present invention.

Claims (10)

1. a kind of construction method of honey net characterized by comprising
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each IP life selected At corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
2. the construction method of honey net as described in claim 1, which is characterized in that the IP available set obtained in honey net, Include:
Obtain the machine IP and subnet mask;
The machine IP and subnet mask that get are calculated, uncategorized inter-domain routing CIDR is obtained;
It is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry obtains the IP of survival host Set;
IP set and CIDR based on the survival host, export the IP available set.
3. the construction method of honey net as claimed in claim 2, which is characterized in that described according to address resolution protocol and CIDR Construction request message is simultaneously broadcasted in the honey net, after exporting the IP available set, further includes:
By coordinating, the IP available set is verified in calling system order;
IP is retained to the IP available set removal after verifying and is exported.
4. the construction method of honey net as described in claim 1, which is characterized in that the construction method of the honey net further include:
The network packet is distributed into the corresponding fictitious host computer, the network data is coated with the fictitious host computer and is used for According to the corresponding protocol type of the network packet, the network packet is handled according to matched processing rule.
5. the construction method of honey net as claimed in claim 4, which is characterized in that the construction method of the honey net further include:
Processing result is saved to the database of the honey net.
6. a kind of establishment system of honey net, which is characterized in that including memory, processor and store in the memory simultaneously The computer program that can be run on the processor, which is characterized in that the processor is used when executing the computer program In realization:
Obtain the IP available set in honey net;
The IP of preset ratio is selected from the IP available set, and according to preset strategy, for each IP life selected At corresponding template profile;
According to the corresponding template profile, generates fictitious host computer and bind corresponding IP;
It is monitored by the fictitious host computer and captures the all-network data packet by the fictitious host computer.
7. the establishment system of honey net as claimed in claim 6, which is characterized in that the IP available set obtained in honey net, Include:
Obtain the machine IP and subnet mask;
The machine IP and subnet mask that get are calculated, uncategorized inter-domain routing CIDR is obtained;
It is broadcasted according to address resolution protocol and CIDR construction request message and in the honey net, inquiry obtains the IP of survival host Set;
IP set and CIDR based on the survival host, export the IP available set.
8. the establishment system of honey net as claimed in claim 7, which is characterized in that described according to address resolution protocol and CIDR Construction request message is simultaneously broadcasted in the honey net, after exporting the IP available set, further includes:
By coordinating, the IP available set is verified in calling system order;
IP is retained to the IP available set removal after verifying and is exported.
9. the establishment system of honey net as claimed in claim 7, which is characterized in that the processor executes the computer program When be also used to realize:
The network packet is distributed into the corresponding fictitious host computer, the network data is coated with the fictitious host computer and is used for According to the corresponding protocol type of the network packet, the network packet is handled according to matched processing rule.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists In when the computer program is executed by processor the step of any one of such as claim 1 to 5 of realization the method.
CN201811525549.7A 2018-12-13 2018-12-13 A kind of construction method and system, computer readable storage medium of honey net Pending CN109617878A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811525549.7A CN109617878A (en) 2018-12-13 2018-12-13 A kind of construction method and system, computer readable storage medium of honey net

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811525549.7A CN109617878A (en) 2018-12-13 2018-12-13 A kind of construction method and system, computer readable storage medium of honey net

Publications (1)

Publication Number Publication Date
CN109617878A true CN109617878A (en) 2019-04-12

Family

ID=66008220

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811525549.7A Pending CN109617878A (en) 2018-12-13 2018-12-13 A kind of construction method and system, computer readable storage medium of honey net

Country Status (1)

Country Link
CN (1) CN109617878A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071929A (en) * 2019-04-28 2019-07-30 江苏极元信息技术有限公司 A kind of defence method of the magnanimity bait capture attack source based on virtual platform
CN110505195A (en) * 2019-06-26 2019-11-26 中电万维信息技术有限责任公司 The dispositions method and system of fictitious host computer
CN110784361A (en) * 2019-10-31 2020-02-11 国网河南省电力公司电力科学研究院 Virtualized cloud honey network deployment method, device, system and computer-readable storage medium
CN111147513A (en) * 2019-12-31 2020-05-12 广州锦行网络科技有限公司 Transverse moving attack path determination method in honey net based on attack behavior analysis
CN113132293A (en) * 2019-12-30 2021-07-16 中国移动通信集团湖南有限公司 Attack detection method and device and public honeypot system
CN114584349A (en) * 2022-02-15 2022-06-03 烽台科技(北京)有限公司 Network data protection method, device, terminal and readable storage medium
US11456987B1 (en) 2021-05-07 2022-09-27 State Farm Mutual Automobile Insurance Company Systems and methods for automatic internet protocol address management
CN115208670A (en) * 2022-07-15 2022-10-18 北京天融信网络安全技术有限公司 Honey net construction method and device, electronic equipment and computer readable storage medium
CN117220900A (en) * 2023-07-14 2023-12-12 博智安全科技股份有限公司 Method and system for automatically detecting honeypot system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040103314A1 (en) * 2002-11-27 2004-05-27 Liston Thomas F. System and method for network intrusion prevention
CN101567887A (en) * 2008-12-25 2009-10-28 中国人民解放军总参谋部第五十四研究所 Vulnerability simulation overload honeypot method
CN102932498A (en) * 2012-10-24 2013-02-13 广州杰赛科技股份有限公司 Virtual machine internet protocol (IP) resource management method of cloud computing platform
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN107707576A (en) * 2017-11-28 2018-02-16 深信服科技股份有限公司 A kind of network defense method and system based on Honeypot Techniques
CN108199871A (en) * 2017-12-28 2018-06-22 广州锦行网络科技有限公司 System and method is realized in dynamic honey net environment deployment based on virtualization technology
CN108933714A (en) * 2018-10-24 2018-12-04 郑州云海信息技术有限公司 It is a kind of to detect the method, apparatus and storage medium that IP address whether there is

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040103314A1 (en) * 2002-11-27 2004-05-27 Liston Thomas F. System and method for network intrusion prevention
CN101567887A (en) * 2008-12-25 2009-10-28 中国人民解放军总参谋部第五十四研究所 Vulnerability simulation overload honeypot method
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN102932498A (en) * 2012-10-24 2013-02-13 广州杰赛科技股份有限公司 Virtual machine internet protocol (IP) resource management method of cloud computing platform
CN107707576A (en) * 2017-11-28 2018-02-16 深信服科技股份有限公司 A kind of network defense method and system based on Honeypot Techniques
CN108199871A (en) * 2017-12-28 2018-06-22 广州锦行网络科技有限公司 System and method is realized in dynamic honey net environment deployment based on virtualization technology
CN108933714A (en) * 2018-10-24 2018-12-04 郑州云海信息技术有限公司 It is a kind of to detect the method, apparatus and storage medium that IP address whether there is

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071929A (en) * 2019-04-28 2019-07-30 江苏极元信息技术有限公司 A kind of defence method of the magnanimity bait capture attack source based on virtual platform
CN110071929B (en) * 2019-04-28 2021-03-16 江苏极元信息技术有限公司 Method for defending massive bait capture attack sources based on virtualization platform
CN110505195A (en) * 2019-06-26 2019-11-26 中电万维信息技术有限责任公司 The dispositions method and system of fictitious host computer
CN110784361A (en) * 2019-10-31 2020-02-11 国网河南省电力公司电力科学研究院 Virtualized cloud honey network deployment method, device, system and computer-readable storage medium
CN113132293A (en) * 2019-12-30 2021-07-16 中国移动通信集团湖南有限公司 Attack detection method and device and public honeypot system
CN111147513A (en) * 2019-12-31 2020-05-12 广州锦行网络科技有限公司 Transverse moving attack path determination method in honey net based on attack behavior analysis
US11456987B1 (en) 2021-05-07 2022-09-27 State Farm Mutual Automobile Insurance Company Systems and methods for automatic internet protocol address management
CN114584349A (en) * 2022-02-15 2022-06-03 烽台科技(北京)有限公司 Network data protection method, device, terminal and readable storage medium
CN115208670A (en) * 2022-07-15 2022-10-18 北京天融信网络安全技术有限公司 Honey net construction method and device, electronic equipment and computer readable storage medium
CN115208670B (en) * 2022-07-15 2023-10-13 北京天融信网络安全技术有限公司 Honey net construction method, device, electronic equipment and computer readable storage medium
CN117220900A (en) * 2023-07-14 2023-12-12 博智安全科技股份有限公司 Method and system for automatically detecting honeypot system

Similar Documents

Publication Publication Date Title
CN109617878A (en) A kind of construction method and system, computer readable storage medium of honey net
CN111565199B (en) Network attack information processing method and device, electronic equipment and storage medium
CN110392052A (en) A kind of block chain intelligence contract processing system and method
CN110224990A (en) A kind of intruding detection system based on software definition security architecture
CN106170947B (en) A kind of alarm information processing method, relevant device and system
CN110768987A (en) SDN-based dynamic deployment method and system for virtual honey network
CN110784361A (en) Virtualized cloud honey network deployment method, device, system and computer-readable storage medium
CN109544349A (en) One kind being based on networked asset information collecting method, device, equipment and storage medium
Xuan et al. Detecting application denial-of-service attacks: A group-testing-based approach
CN110493238A (en) Defence method, device, honey pot system and honey jar management server based on honey jar
CN109257326A (en) The method, apparatus and storage medium and electronic equipment for defending data flow to attack
CN102098227A (en) Packet capture method and kernel module
CN109413091A (en) A kind of network security monitoring method and apparatus based on internet-of-things terminal
CN107040405B (en) Passive type various dimensions host Fingerprint Model construction method and its device under network environment
CN106650425B (en) A kind of control method and device of security sandbox
CN109840533A (en) A kind of applied topology figure recognition methods and device
CN108718297A (en) Ddos attack detection method, device, controller and medium based on BP neural network
CN112688932A (en) Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium
CN114584359B (en) Security trapping method, device and computer equipment
Khan et al. Towards an applicability of current network forensics for cloud networks: A SWOT analysis
CN111953527A (en) Network attack recovery system
Shin et al. SmartX Multi-Sec: a visibility-centric multi-tiered security framework for multi-site cloud-native edge clusters
CN112637250A (en) Method for realizing dynamic intelligent self-adaptive honey net
TaheriMonfared et al. Multi-tenant network monitoring based on software defined networking
US11297081B2 (en) Methods and systems for eliminating and reducing attack surfaces through evaluating reconfigurations

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190412