CN110557405B - High-interaction SSH honeypot implementation method - Google Patents
High-interaction SSH honeypot implementation method Download PDFInfo
- Publication number
- CN110557405B CN110557405B CN201910939425.1A CN201910939425A CN110557405B CN 110557405 B CN110557405 B CN 110557405B CN 201910939425 A CN201910939425 A CN 201910939425A CN 110557405 B CN110557405 B CN 110557405B
- Authority
- CN
- China
- Prior art keywords
- ssh
- data
- honeypot
- interaction
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Abstract
The invention discloses a high-interaction SSH honeypot implementation method, which comprises the following steps: connecting the SSH ports of the system, judging whether the SSH service exists or not, and entering the next step when the SSH service exists; capturing an authenticated user name/password during password identity authentication by using a login function and an authctxt structure in OpenSSH; after the password authentication is successful, modifying the relevant module codes by utilizing the characteristics of SSH service on the client data processing through a pipeline and a user processing interactive session module, thereby completing the recording of the shell password; controlling outflow flow of the honeypot system, wherein the outflow flow comprises two processes of external data packet limitation and external attack packet inhibition; and analyzing, processing and displaying the data captured by the honeypot system by using a javaweb technology. The high-interaction SSH honeypot implementation method can overcome the defects that a passive defense technology cannot be subjected to SSH attack which is changed due to continuous updating of valley bottoms, the low-interaction SSH honeypot interaction degree is low, the low-interaction SSH honeypot is not enough in decoy and easy to be broken, and the like, and improves the safety defense capability of SSH services.
Description
Technical Field
The invention particularly relates to a high-interaction SSH honeypot implementation method, and belongs to the technical field of active defense in network information security.
Background
Ssh (secure shell) is now an integral part of enterprise life, being used for telnet sessions and providing security services for other web services. With the wide use of the protocol, the malicious attack behaviors aiming at the service are more and more, and great challenges are brought to network security. Nowadays, how to deal with malicious attacks on the service, taking appropriate protective measures has become an important research topic in the security of SSH services. According to the behavior habit of an attacker invading the system through SSH service, the behavior activities of the attacker in the attacking process are monitored and captured in real time, the extracted invading behaviors are known about the attacking method used by the attacker, the attacking motivation is mastered, and scientific and effective defense measures and schemes are provided for security management personnel.
The SSH service security defense is a tool which prevents an attacker from using SSH service to attack and destroy a system through some external tools or characteristics possessed by the attacker, so that the SSH service security defense is reduced to the attacker. Security personnel usually adopt passive defense means such as firewalls, intrusion detection systems and the like to prevent SSH service attacks, and also use some security tools such as fail2ban and DenyHosts to protect SSH services. The fail2ban is to match the system log by using a related regular expression, and if unusual log information is found, for example, a great number of SSH wrong passwords are tried by the same IP in a short time, the fail2ban calls a firewall to shield the IP, and can send a mail to notify a system administrator. DenyHosts will analyze sshd log files and record IP to/etc/hosts. denty files when finding repeated attacks, thus achieving the function of automatically shielding IP. These passive defenses are functionally deficient and limited, and only known attacks can be defended, unknown attacks cannot be defended, and detailed understanding and analysis of attacks of attackers cannot be performed. The defect and the deficiency of passive defense measures are effectively overcome by the adoption of the honeypot technology, and safety researchers develop a series of low-medium interaction honeypot software simulating SSH network service according to the technology so as to adapt to the infinite SSH service attack threats such as Kojoney, Kippo, Cowrie and the like. The SSH honeypots capture information of invasion attack of attackers and realize main functions, but all the SSH honeypots simulate SSH network service, have low interaction degree and are easy to be identified and broken, and cannot capture data of the attackers, so that the honeypots have low action value.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a high-interaction SSH honeypot implementation method which can overcome the defects that a passive defense technology cannot be changed due to continuous updating of valley bottoms, and the defects that a low-interaction SSH honeypot is low in interaction degree, insufficient in decoy and easy to be broken and the like, and improve the security defense capability of SSH services.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a high-interaction SSH honeypot implementation method comprises the following steps:
step a, connecting SSH ports of a system, judging whether SSH service exists or not, and entering the next step when the SSH service exists;
step b, capturing an authenticated user name/password during password identity authentication by using a login function and an authxt structure in OpenSSH;
c, after the password authentication is successful, modifying the codes of related modules by utilizing the SSH service to process the data of the client through the pipeline and the user processing interactive session module, thereby completing the recording of the shell password;
step d, controlling the outflow flow of the honeypot system, wherein the flow comprises two processes of external data packet limitation and external attack packet inhibition;
and e, analyzing, processing and displaying the data captured by the honeypot system by using a javaweb technology.
The step b comprises the following specific steps: b1, decrypting the password information of the server; b2, storing the password in the authctxt structure; b3, recording the user name and the password in the authctxt structure body through a login function; b4, storing the user name and password information in the record file.
The step c comprises the following specific steps: c1, defining a file descriptor variable; c2, initializing the file descriptor; c3, creating a recording file for storing the real-time shell command, wherein the file is required to be concealed and safe; c4, recording the screen output data of the attacker and storing and recording the data in a file; c5, logout.
In step d, the external data packet limitation comprises the following specific steps: d1, clearing the original rule in the Iptables; d2, setting the outgoing packet limit; d3, establishing unit time, namely unit time limit; d4, setting the outgoing data packet threshold of the protocol packet; d5, allowing external connections.
In the step d, the external attack packet suppression comprises the following specific steps: d6, acquiring an outgoing data packet from the Netfilter; d7, snort _ inline specifies the location registration function in the ip _ queue module; d8, the data packet is forwarded to the function analysis process; d9, performing feature library matching; d10, processing the data packet.
The step e comprises the following specific steps: e 1: acquiring captured data from a database by using a JDBC driver package; e 2: classifying the data according to requirements and analysis; e 3: analyzing and processing attack times, displaying, and displaying graphs by using a jQuery frame in the displaying; e 4: counting various data, acquiring IP of each time interval according to the result of e3, accumulating the IP into a dictionary if the IP is not contained in the dictionary, acquiring corresponding data according to the IP, storing the data into a file and providing a download viewing link; e 5: comparing the quantity of each item of data according to the e4 result, selecting TOP data, sending the TOP data to the front end through a json format, and creating a table by the front end framework to display the data in the table; e 6: searching the IP in the database, if the IP exists, acquiring the IP, acquiring data such as geographic information positions and the like through a Baidu map API, acquiring various data according to the step e4, wherein the data comprise user names, passwords and shell commands tried by the IP, and finally displaying a series of data in a front-end page.
Step e1 includes the steps of: e11, loading JDBC driver; e12, providing JDBC connection URL; e13, creating database connection; e14, creating status; e15, executing the SQL statement.
Step e3 includes the steps of: e31, establishing a time interval; e32, acquiring data time and judging an interval; e33, accumulating the quantity and IP in the set time interval; e34, data return front end processing and display.
The invention has the beneficial effects that: according to the high-interaction SSH honeypot implementation method provided by the invention, the defects that the traditional passive defense cannot defend unknown attacks and the like are overcome by utilizing the technical characteristics of honeypot active defense; by utilizing the self-related characteristics of OpenSSH, the SSH honeypot interactivity is improved, the authenticity and the decoy are well improved, an attacker cannot easily recognize the SSH honeypot interactivity, and the honeypot value is improved; the OpenSSH is modified, so that real-time capture of the invasion information of an attacker is realized, more unknown attacks can be captured, and the data analysis value is improved; the web page is used for displaying the data analysis result, so that the data can be conveniently and visually observed, and the data analysis complexity is reduced.
Drawings
FIG. 1 is a schematic diagram of the flow of capturing SSH attacks to form an active defense system according to the present invention;
FIG. 2 is a schematic diagram of a system design model framework of the present invention;
FIG. 3 is a flow diagram of the monitor capture function of the present invention;
FIG. 4 is a schematic diagram illustrating the flow of the capture record implementation of the shell command of the present invention;
FIG. 5 is a schematic diagram of the invention capturing username/password information;
FIG. 6 is a schematic diagram of the actual operation of the shell command of the present invention;
FIG. 7 is a schematic diagram of the shell command capture data of the present invention;
FIG. 8 is a schematic diagram of the present invention controlling outbound data packets;
FIG. 9 is a diagram showing the effect of data analysis according to the present invention.
Detailed Description
The present invention is further described with reference to the accompanying drawings, and the following examples are only for clearly illustrating the technical solutions of the present invention, and should not be taken as limiting the scope of the present invention.
As shown in fig. 1 and fig. 2, the high-interaction SSH honeypot implementation method provided by the present invention: the method comprises the following steps:
the method comprises the following steps: and C, connecting the SSH ports of the system in an attempt mode, judging whether the SSH services exist or not, and entering the step II if the SSH services exist.
Step two: capturing an authenticated user name/password during password identity authentication by using a login function and an authctxt structure in OpenSSH, wherein the specific operation steps are as follows: (1) decrypting password information of the server; (2) storing the password into an authext structure; (3) recording a user name and a password in the authctxt structure body through a login function; (4) the user name and password information is stored in a log file. Capturing username/password information is shown in fig. 5.
Step three: the SSH service processes information sent by the client to the server through a pipeline and the like, and after the password authentication is successful, the SSH service modifies relevant module codes through the characteristics of the pipeline and the user processing interactive session module for processing the client data, so that the recording of the shell password is completed. The flow of acquiring records of shell commands is shown in fig. 4, the shell commands actually operate as shown in fig. 6, and the shell commands acquire data as shown in fig. 7. The channel is realized as a set of logic based on a connection layer, all communication sessions are completed by the channel, and the identifier is used for ensuring that information is accurately delivered to specific applications. As shown in fig. 3, the specific operation steps are as follows: (1) defining a file descriptor variable; (2) initializing the file descriptor; (3) creating a recording file for storing the real-time shell command, wherein the file is required to be concealed and safe; (4) recording the data output by the screen of the attacker and storing and recording the data in a file; (5) logout closes the file.
Step four: the flow of controlling the outflow of the honeypot system can be divided into two steps of limiting the outgoing data packet and inhibiting the outgoing attack packet, and the flow of controlling the outgoing data packet is shown in fig. 8.
Step 4.1: for the limitation of the outgoing data packets, the number of the outgoing data packets is controlled by utilizing the Iptables on the gateway of the honey network, and the specific operation steps are as follows: (1) clearing original rules in the Iptables; (2) setting an outgoing packet limit; (3) formulating unit time; i.e., unit time limit; (4) setting an outgoing data packet threshold value of a common protocol packet; are common protocol packets such as TCP, UDP, ICMP, and other protocol packets; (5) allowing for external connections.
Step 4.2: for the inhibition of the outgoing attack packet, the snort _ inline on the honey network gateway is used for discarding the outgoing harmful data packet, and the specific operation steps are as follows: (1) acquiring an outgoing data packet from the Netfilter; (2) a snort _ inline specifies a position registration function in an ip _ queue module; (3) the data packet is forwarded to the function analysis processing; (4) matching a feature library; (5) and processing the data packet.
Step five: and analyzing, processing and displaying the data captured by the honeypot system by using a javaweb technology. The operation process has the following steps.
Step 5.1: acquiring captured data from a database by using a JDBC driver package, and specifically comprising the following operation steps: (1) loading a JDBC driver; (2) providing a JDBC connection URL; (3) creating a database connection; (4) creating a status; (5) the SQL statement is executed.
Step 5.2: the data is sorted according to requirements and analysis.
Step 5.3: and analyzing and processing the attack times, displaying, and displaying graphs by using a jQuery framework in the display. The specific operation steps are as follows: (1) making a time interval; (2) acquiring data time and judging an interval; (3) accumulating the quantity and IP in the set time interval; (4) and returning the data to the front end for processing and displaying.
Step 5.4: and (4) counting all data, acquiring IP (Internet protocol) of each time interval according to the result of the step 5.3, accumulating the IP into a dictionary if the IP is not contained in the dictionary, acquiring corresponding data according to the IP, storing the data into a file, and providing a download viewing link.
Step 5.5: and (4) comparing the quantity of each item of data according to the result of the step 5.4, selecting TOP data, sending the TOP data to the front end through the json format, and creating a table by the front end framework to display the data in the table.
Step 5.6: and searching the IP in the database, if the IP exists, acquiring the IP, acquiring data such as geographic information positions and the like through a Baidu map API, and acquiring various data according to the step 5.4, wherein the data comprise user names, passwords, shell commands and the like tried by the IP. As shown in fig. 9, a series of data is finally displayed in the front page.
The function test experiment of the invention is to use the SSH client on one host computer in the same local area network to perform SSH remote login to the system and then check the effect condition of each function. To verify the effectiveness of the invention, a functional test will be performed using the following operations:
password authentication is constantly attempted by using another host SSH client to port connect to the system 22, after which a shell command is arbitrarily entered into the system after entering the correct password. And then sending data packets to an external network in the system, wherein the data packets comprise various common protocol packets and harmful packets, and finally obtaining the logout system.
After the operations are completed, the function completion condition is checked, and the implementation effect is shown in the figure.
To verify the advantages of the present invention, the system of the present invention was compared with several SSH honeypots:
(1) kojoney honeypots (written using python language and based on a Twisted Conch library, published in 2008);
(2) kippo honeypots (which can support complete disguise of a file system directory, as published in 2009);
(3) cowrie honeypots (Kippo modified version, adding SFTP functionality and additional shell commands, issued in 2014).
The detection performance of the honeypot system can be measured by the correct response rate of the system, the higher the correct response rate is, the higher the performance advantage is, and the detection results of the honeypot response performance are shown in table 1 by comparing the application with the prior art.
TABLE 1
As can be seen from table 1, the SSH honeypot system of the present invention has superior decoy performance to the other three honeypot systems, which indicates that the system implementation method of the present invention is effective.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.
Claims (6)
1. A high-interaction SSH honeypot implementation method is characterized by comprising the following steps: the method comprises the following steps:
step a, connecting SSH ports of a system, judging whether SSH service exists or not, and entering the next step when the SSH service exists;
b, capturing an authenticated user name/password by using a login function and an authxt structure in OpenSSH during password identity authentication, wherein the step b specifically comprises the following steps: b1, decrypting the password information of the server; b2, storing the password in the authctxt structure; b3, recording the user name and the password in the authctxt structure body through a login function; b4, storing the user name and password information in a record file;
c, after the password authentication is successful, modifying the relevant module codes by utilizing the SSH service to process the client data through the pipeline and the user processing interactive session module so as to complete the recording of the shell password, wherein the step c specifically comprises the following steps: c1, defining a file descriptor variable; c2, initializing the file descriptor; c3, creating a recording file for storing the real-time shell command, wherein the file is required to be concealed and safe; c4, recording the screen output data of the attacker and storing and recording the data in a file; c5, logout, closing the file;
step d, controlling the outflow flow of the honeypot system, wherein the flow comprises two processes of external data packet limitation and external attack packet inhibition;
and e, analyzing, processing and displaying the data captured by the honeypot system by using a javaweb technology.
2. The high-interaction SSH honeypot implementation method according to claim 1, characterized in that: in step d, the external data packet limitation comprises the following specific steps: d1, clearing the original rule in the Iptables; d2, setting the outgoing packet limit; d3, establishing unit time, namely unit time limit; d4, setting the outgoing data packet threshold of the protocol packet; d5, allowing external connections.
3. The high-interaction SSH honeypot implementation method according to claim 1, characterized in that: in the step d, the external attack packet suppression comprises the following specific steps: d6, acquiring an outgoing data packet from the Netfilter; d7, snort _ inline specifies the location registration function in the ip _ queue module; d8, the data packet is forwarded to the function analysis process; d9, performing feature library matching; d10, processing the data packet.
4. The high-interaction SSH honeypot implementation method according to claim 1, characterized in that: the step e comprises the following specific steps: e 1: acquiring captured data from a database by using a JDBC driver package; e 2: classifying the data according to requirements and analysis; e 3: analyzing and processing attack times, displaying, and displaying graphs by using a jQuery frame in the displaying; e 4: counting various data, acquiring IP of each time interval according to the result of e3, accumulating the IP into a dictionary if the IP is not contained in the dictionary, acquiring corresponding data according to the IP, storing the data into a file and providing a download viewing link; e 5: comparing the quantity of each item of data according to the e4 result, selecting TOP data, sending the TOP data to the front end through a json format, and creating a table by the front end framework to display the data in the table; e 6: searching the IP in the database, if the IP exists, acquiring the IP, acquiring data such as geographic information positions and the like through a Baidu map API, acquiring various data according to the step e4, wherein the data comprise user names, passwords and shell commands tried by the IP, and finally displaying a series of data in a front-end page.
5. The high-interaction SSH honeypot implementation method of claim 4, characterized in that: step e1 includes the steps of: e11, loading JDBC driver; e12, providing JDBC connection URL; e13, creating database connection; e14, creating status; e15, executing the SQL statement.
6. The high-interaction SSH honeypot implementation method of claim 4, characterized in that: step e3 includes the steps of: e31, establishing a time interval; e32, acquiring data time and judging an interval; e33, accumulating the quantity and IP in the set time interval; e34, data return front end processing and display.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910939425.1A CN110557405B (en) | 2019-09-30 | 2019-09-30 | High-interaction SSH honeypot implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910939425.1A CN110557405B (en) | 2019-09-30 | 2019-09-30 | High-interaction SSH honeypot implementation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110557405A CN110557405A (en) | 2019-12-10 |
| CN110557405B true CN110557405B (en) | 2021-09-17 |
Family
ID=68742066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910939425.1A Active CN110557405B (en) | 2019-09-30 | 2019-09-30 | High-interaction SSH honeypot implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110557405B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111181998B (en) * | 2020-01-09 | 2022-07-26 | 南京邮电大学 | Design method of honeypot capture system for terminal equipment of Internet of things |
| CN111797384B (en) * | 2020-05-14 | 2021-04-16 | 广州锦行网络科技有限公司 | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis |
| CN111756742B (en) * | 2020-06-24 | 2021-07-13 | 广州锦行网络科技有限公司 | Honeypot deception defense system and deception defense method thereof |
| CN112383520B (en) * | 2020-11-02 | 2022-05-20 | 杭州安恒信息安全技术有限公司 | Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment |
| CN115085966B (en) * | 2022-04-28 | 2024-04-05 | 麒麟软件有限公司 | Method for establishing remote trusted connection of peers |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101471783A (en) * | 2007-12-28 | 2009-07-01 | 航天信息股份有限公司 | Active network defense method and system |
| CN107707542A (en) * | 2017-09-28 | 2018-02-16 | 郑州云海信息技术有限公司 | A kind of method and system for preventing that ssh from cracking |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170374032A1 (en) * | 2016-06-24 | 2017-12-28 | Varmour Networks, Inc. | Autonomic Protection of Critical Network Applications Using Deception Techniques |
| CN110099044A (en) * | 2019-03-28 | 2019-08-06 | 江苏通付盾信息安全技术有限公司 | Cloud Host Security detection system and method |
-
2019
- 2019-09-30 CN CN201910939425.1A patent/CN110557405B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101471783A (en) * | 2007-12-28 | 2009-07-01 | 航天信息股份有限公司 | Active network defense method and system |
| CN107707542A (en) * | 2017-09-28 | 2018-02-16 | 郑州云海信息技术有限公司 | A kind of method and system for preventing that ssh from cracking |
Non-Patent Citations (1)
| Title |
|---|
| 蜜罐系统安全性研究;冯雨;《网络安全》;20050831;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110557405A (en) | 2019-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110557405B (en) | High-interaction SSH honeypot implementation method | |
| US20220224706A1 (en) | Artificial intelligence-based network security protection method and apparatus, and electronic device | |
| JP6894003B2 (en) | Defense against APT attacks | |
| CN112769821B (en) | Threat response method and device based on threat intelligence and ATT & CK | |
| US9954873B2 (en) | Mobile device-based intrusion prevention system | |
| CN109756512B (en) | Traffic application identification method, device, equipment and storage medium | |
| US8429746B2 (en) | Decoy network technology with automatic signature generation for intrusion detection and intrusion prevention systems | |
| CN107872456A (en) | Network intrusion prevention method, apparatus, system and computer-readable recording medium | |
| CN109462599B (en) | Honeypot management system | |
| US9479523B2 (en) | System and method for automated configuration of intrusion detection systems | |
| CN113691566B (en) | Mail server secret stealing detection method based on space mapping and network flow statistics | |
| WO2020060503A1 (en) | An email threat simulator for identifying security vulnerabilities in email protection mechanisms | |
| CN114826663B (en) | Honeypot identification method, device, equipment and storage medium | |
| Murphy et al. | An application of deception in cyberspace: Operating system obfuscation1 | |
| CN113645181A (en) | Distributed protocol attack detection method and system based on isolated forest | |
| CN115695029B (en) | Intranet attack defense system for enterprises | |
| CN113489694B (en) | Dynamic defense system for resisting large-flow attack in honey farm system | |
| CN116781331A (en) | Reverse proxy-based honeypot trapping network attack tracing method and device | |
| CN111917742B (en) | Terminal web browsing isolation protection system | |
| CN111797384B (en) | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis | |
| AU2021103735A4 (en) | A honeypot based network security system | |
| Gallopeni et al. | Botnet command-and-control traffic analysis | |
| Valizadeh et al. | On the convergence rates of learning-based signature generation schemes to contain self-propagating malware | |
| Ramakrishnan et al. | Pandora: An IOT Based Intrusion Detection Honeypot with Real-time Monitoring | |
| Ray | INCORPORATING A HONEYFARM WITH MLFFNN IDS FOR IMPROVING INTRUSION DETECTION. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |