CN110650154A - System and method for deploying virtual honeypots in multiple network segments based on real network environment - Google Patents
System and method for deploying virtual honeypots in multiple network segments based on real network environment Download PDFInfo
- Publication number
- CN110650154A CN110650154A CN201910980322.XA CN201910980322A CN110650154A CN 110650154 A CN110650154 A CN 110650154A CN 201910980322 A CN201910980322 A CN 201910980322A CN 110650154 A CN110650154 A CN 110650154A
- Authority
- CN
- China
- Prior art keywords
- network
- virtual
- honeypots
- physical
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a system for deploying virtual honeypots in a plurality of network segments based on a real network environment, which comprises a physical honeypot, a plurality of virtual network cards and a physical network card, wherein the virtual network cards are configured on the physical honeypot, IP addresses of different network segments are configured on each virtual network card, different trap service access authorities are opened to different network segments according to services really existing in each network segment identified by network scanning, all the virtual network cards are bound on one physical network card, and VLAN labels of corresponding network segments are carried in flow of each virtual network card entering and exiting the physical network card. The invention also relates to a method for deploying virtual honeypots in multiple network segments based on the real network environment. The implementation of the invention has the following beneficial effects: the honeypots and the physical network card are used for deploying a plurality of different honeypots in a plurality of network segments, so that the probability of hackers attacking the honeypots is improved, and the cost of deploying the honeypots in the plurality of network segments is reduced.
Description
Technical Field
The invention relates to the field of network security, in particular to a system and a method for deploying virtual honeypots in multiple network segments based on a real network environment.
Background
The honeypot is equivalent to a system with a plurality of trap applications or services, and can cheat hackers to attack the honeypot, so that hacking behaviors can be captured, and alarms can be given in time.
Therefore, in order to increase the probability of hacker attacking honeypots, honeypots are ideally deployed in all network segments, and meanwhile honeypots in all network segments can simulate corresponding trapping attack behaviors of trap services based on services really existing in the current network segment, so that a plurality of different honeypots need to be prepared and then are respectively accessed into networks in all network segments. Under the mode of the traditional deployment mode, the number of honeypots is increased along with the increase of the number of network segments, the cost is very high, and if all the network segments use the same honeypot and the simulated trap service is similar, the honeypot is easy to be known by hackers and cannot continuously trap the attack behavior.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a system and a method for deploying virtual honeypots in multiple network segments based on a real network environment, wherein the system and the method use one physical honeypot and one physical network card to implement deployment of multiple different virtual honeypots in multiple network segments, improve probability of hackers attacking honeypots, and reduce cost of deploying honeypots in multiple network segments, aiming at the above-mentioned defects in the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: the method comprises the steps of constructing a system for deploying virtual honeypots in a plurality of network segments based on a real network environment, wherein the system comprises a honeypot, a plurality of virtual network cards and a physical network card, the virtual network cards are configured on the honeypot, IP addresses of different network segments are configured on each virtual network card, different trap service access authorities are opened to different network segments according to services which are really existed in each network segment and are identified through network scanning, all the virtual network cards are bound on one physical network card, and VLAN labels of corresponding network segments are carried in flow of each virtual network card entering and exiting the physical network card.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, the physical network card is configured in a trunk mode.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, the network port of the switch connected with the physical network card is configured in a trunk mode.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, the switch is a service area switch.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, the service area switch is connected with the office area switch.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, the service area switch is further connected with an operation and maintenance area switch, a guest meeting area switch and/or a financial area switch.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, the trap services opened by the server zone segment where the service zone switch is located comprise TOMCAT and MYSQL.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, the trap services opened by the office segment where the office switch is located comprise SMB and FTP.
In the system for deploying virtual honeypots in multiple network segments based on a real network environment, trap services opened by the operation and maintenance zone network segment where the operation and maintenance zone switch is located comprise SMB, FTP and RDP, trap services opened by the guest meeting zone network segment where the guest meeting zone switch is located comprise SMB, and trap services opened by the financial zone network segment where the financial zone switch is located comprise SMB and RDP.
The invention also relates to a method for deploying virtual honeypots in a plurality of network segments based on a real network environment, which is applied to the system for deploying virtual honeypots in a plurality of network segments based on a real network environment and comprises the following steps:
A) respectively carrying out network scanning on a plurality of network segments by using a honeypot, and identifying trap services opened in each network segment;
B) configuring a plurality of virtual network cards by using the honeypots;
C) configuring IP addresses of different network segments for each virtual network card;
D) configuring VLAN labels of corresponding network segments for each virtual network card;
E) according to the result of network scanning, configuring an access control strategy for each virtual network card, and only allowing access to the trap service of the virtual network card opened in the honeypot;
F) configuring a physical network card of the honeypot into a trunk mode, allowing traffic carrying VLAN tags to pass through, and configuring a network port of a switch connected with the physical network card into the trunk mode;
G) configuring a unique ID number for the VLAN label of each network segment;
H) the honeypot simultaneously uses the IP addresses of a plurality of network segments to carry out communication through one physical network card, and multi-network-segment deployment of the honeypot is realized.
The system and the method for deploying the virtual honeypots in the multiple network segments based on the real network environment have the following beneficial effects: because the honeypot is provided with the honeypot, the virtual network cards and the physical network card, the virtual network cards are configured on the honeypot, each virtual network card is configured with the IP addresses of different network segments, all the virtual network cards access flow through the physical network card, and the access flow of each virtual network card carries the VLAN label of the corresponding network segment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a system for deploying virtual honeypots in multiple network segments based on a real network environment according to an embodiment of the system and method for deploying two virtual honeypots in the invention;
FIG. 2 is a logical topology diagram of deployment of two virtual honeypots in the embodiment;
FIG. 3 is a schematic structural diagram of a system for deploying a plurality of virtual honeypots in the embodiment;
FIG. 4 is a flow chart of a method in the embodiment;
fig. 5 is a deployment diagram of an alternative to multi-segment deployment of virtual honeypots.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the embodiment of the system and the method for deploying the virtual honeypots in the multiple network segments based on the real network environment, the system for deploying the virtual honeypots in the multiple network segments based on the real network environment comprises a physical honeypot, a plurality of virtual network cards and a physical network card, wherein the virtual network cards are configured on the physical honeypot, each virtual network card is configured with IP addresses of different network segments, different trap service access authorities are opened to different network segments according to services really existing in the network segments identified through network scanning, all the virtual network cards are bound on one physical network card, all the virtual network cards access flow (network flow) through one physical network card, and the flow of each virtual network card accessing the physical network card carries VLAN labels of the corresponding network segment. The physical honeypot can use the IP of different network segments by only one physical network card, and multi-network-segment deployment is realized. That is, the invention can realize that one honeypot simulates different trap services through one physical network card based on the real network environment and is deployed in different network segments.
For convenience of example, fig. 1 shows a schematic structural diagram of a system when two virtual honeypots are deployed, which shows how to deploy virtual honeypots in two network segments based on a real network environment:
firstly, respectively carrying out network scanning on two network segments by a physical honeypot, and identifying services opened by the two network segments, wherein as shown in the figure, an SMB trap service and an FTP trap service are opened by the network segment of an office area, and a TOMCAT trap service and a MYSQL trap service are opened by the network segment of a server area; secondly, virtualizing two network cards (virtual network cards) in the physical honeypot, and configuring the IP address of the office area network segment by the virtual network card 1: 1.1.1.1/24, configuring the IP address of the server zone network segment by the virtual network card 2: 2.2.2.1/24. And thirdly, according to the network scanning result, configuring an access control strategy for the virtual network card 1, only allowing access to the SMB trap service and the FTP trap service of the virtual honeypot, configuring an access control strategy for the virtual network card 2, and only allowing access to the TOMCAT trap service and the MYSQL trap service of the virtual honeypot. And fourthly, configuring a physical network card of the physical honeypot into a trunk mode, allowing the traffic carrying the VLAN tag to pass through, and configuring a network port of a switch connected with the physical network card into the trunk mode. Finally, step five, configuring the VLAN of the virtual network card 1 of the physical honeypot to be 11 (office area VLAN), that is, configuring the VLAN tag ID number of the virtual network card 1 to be 11; the VLAN of the virtual network card 2 is configured to be 22 (server area VLAN), that is, the VLAN tag ID number of the virtual network card 2 is configured to be 22.
Therefore, different trap services can be opened by one physical honeypot according to the real open services of the two network segments, and one physical network card can simultaneously use the IP addresses of the two network segments for communication through the configuration of the virtual wind card and the VLAN tag, which is equivalent to that two different virtual honeypots are respectively deployed in an office area and a server area. Its corresponding logical topology for deploying virtual honeypots in two network segments is shown in fig. 2. By the method, two different honeypot chests (such as two virtual honeypots in a dashed line frame in fig. 2) can be virtualized in the two network segment areas without accessing a real honeypot server in an office area and a server area, and the trap service opened by the two virtual honeypots is similar to the service opened by the same network segment, so that the network service in a real scene can be highly simulated, and a hacker can be deceived to attack the honeypots in a spurious and true way.
In a network environment with multiple network segments as shown in fig. 3, a physical honeypot recognizes the real existing service of each network segment through network scanning, multiple network cards (virtual network cards) are virtually simulated on one physical network card, IP addresses of different network segments are configured, different trap service access authorities are opened, and finally, the flow entering the physical network card is made to carry the VLAN tag of the corresponding network segment, so that the trap service can be normally accessed. The above N is an integer of more than 1. In fig. 3, the physical network card is configured in a trunk mode, and the network port of the switch connected to the physical network card is configured in the trunk mode.
In this embodiment, the switch is a service area switch. The service area switch is connected with an office area switch. The service area switch is also connected with an operation and maintenance area switch, a guest-meeting area switch and/or a financial area switch and the like. In practical applications, the number and types of the switches connected to the service area switch may be adjusted according to specific situations, that is, the number and types of the switches connected to the service area switch may be increased or decreased according to specific situations.
As can be seen in fig. 3, the server zone segment open trap services in which the service zone switch is located include TOMCAT and MYSQL. The trap services opened by the office network segment where the office switch is located include SMB and FTP. The trap service opened by the operation and maintenance zone network segment where the operation and maintenance zone switch is located comprises SMB, FTP and RDP, the trap service opened by the passenger zone network segment where the passenger zone switch is located comprises SMB, and the trap service opened by the financial zone network segment where the financial zone switch is located comprises SMB and RDP.
In the system for deploying the virtual honeypots in the network segments based on the real network environment, different virtual honeypots are deployed in the network segments through one physical network card, and the virtual honeypots can open different trap services to confuse hackers based on the real open network services of the network segments, so that the hackers can hardly distinguish the hackers from the hackers, the probability of attacking the honeypots by the hackers is improved, more hacker behaviors are captured, the functions of the honeypots are fully exerted, and the cost of deploying the honeypots in the network segments is reduced.
The embodiment also relates to a method for deploying honeypots in multiple network segments based on a real network environment, which is applied to the system for deploying virtual honeypots in multiple network segments based on a real network environment in the embodiment. A flowchart of the method for deploying virtual honeypots in multiple network segments based on a real network environment is shown in fig. 4. In fig. 4, the method for deploying virtual honeypots in multiple network segments based on a real network environment includes the following steps:
step S01 is to use one physical honeypot to perform network scanning on a plurality of network segments, and identify the open service of each network segment: in the step, a physical honeypot is used for respectively carrying out network scanning on a plurality of network segments, and the trap service opened in each network segment is identified. For example: the trap services for recognizing the opening of the office area network segment comprise SMB and FTP, and the trap services for recognizing the opening of the server area network segment comprise TOMCAT and MYSQL.
Step S02 configures a plurality of virtual network cards using the physical honeypot: in this step, a plurality of virtual network cards are configured in one physical honeypot, that is, a plurality of network cards are virtualized in one physical honeypot, and the network cards are virtual network cards.
Step S03 configures IP addresses of different network segments for each virtual network card: in this step, IP addresses of different network segments are configured for each virtual network card. For example: configuring an IP address of an office area network segment for one virtual network card: 1.1.1.1/24, configuring the IP address of the server zone network segment for another virtual network card: 2.2.2.1/24.
Step S04 is to configure a VLAN tag of a corresponding network segment for each virtual network card: in this step, a VLAN tag of a corresponding network segment is configured for each virtual network card.
Step S05 configures an access control policy for each virtual network card according to the result of network scanning, and only allows access to the trap service that the virtual network card opens in the corresponding virtual honeypot: in this step, according to the result of network scanning, an access control policy is configured for each virtual network card, and only access to the trap service opened by the virtual network card in the corresponding virtual honeypot is allowed. For example: and configuring an access control strategy for the virtual network card 1, only allowing access to SMB and FTP trap services of the virtual honeypots, configuring an access control strategy for the virtual network card 2, and only allowing access to TOMCAT and MYSQL trap services of the virtual honeypots.
Step S05 configures the physical network card of the physical honeypot to trunk mode, allowing traffic to pass through with VLAN tags, and configuring the network port of the switch connected to the physical network card to trunk mode: in this step, the physical network card of the physical honeypot is configured to be in a trunk mode, the traffic is allowed to pass through with the VLAN tag, and meanwhile, the network port of the switch connected with the physical network card is also configured to be in the trunk mode.
Step S06 configures a unique ID number for the VLAN tag of each network segment: in this step, a unique ID number is configured for the VLAN tag of each network segment. For example: for example: the VLAN tag ID number of one of the virtual network cards is set to 11 (office area VLAN), and the VLAN tag ID number of the other virtual network card is set to 22 (server area VLAN).
Step S07 the physical honeypot communicates with the IP addresses of multiple network segments through one physical network card, so as to implement multi-network-segment deployment of the virtual honeypot: in the step, the physical honeypot simultaneously uses the IP addresses of a plurality of network segments to carry out communication through one physical network card, so that the multi-network-segment deployment of the virtual honeypot is realized.
The physical honeypot uses the IP addresses of a plurality of network segments through one physical network card to realize multi-network-segment deployment. That is, the physical honeypots can use IP addresses of multiple network segments, which is equivalent to that corresponding virtual honeypots are respectively deployed in areas with different IP addresses, that is, that N virtual honeypots are deployed in areas with N different network segments.
In the method for deploying the honeypots in the multiple network segments based on the real network environment, the physical honeypot deploys different virtual honeypots in the multiple network segments through one physical network card, and the virtual honeypot can open different trap services to confuse hackers based on real open network services of the network segments, so that the hackers can hardly distinguish true and false, meanwhile, the probability of attacking the honeypots by the hackers is improved, more hacker behaviors are captured, the function of the honeypots is fully exerted, and the cost for deploying the honeypots in the multiple network segments is reduced.
In practical applications, in the case of low requirements, an alternative may also be adopted, and a deployment diagram of the alternative is shown in fig. 5. The alternative is specifically as follows: the scheme can realize the multi-network-segment deployment of the virtual honeypots without configuring VLAN labels in the physical honeypots. Because only one physical honeypot is used, trap services opened to different network segments are the same, or the trap services are not opened at will according to services existing in a real network environment, a hacker can easily recognize the trap services as the honeypot, and the trapping probability is reduced. Meanwhile, in most enterprises and units, there are tens of network segments or even hundreds of network segments, and this scheme requires that hundreds of physical network cards are configured in a physical honeypot, and hundreds of links are linked with an access switch, so that the management cost and the deployment cost are high.
In summary, in this embodiment, the physical honeypot identifies services that actually exist in each network segment in the network environment through network scanning, then virtually simulates a plurality of network cards (virtual network cards) on one physical network card of the physical honeypot, configures IP addresses of different network segments on different virtual network cards, then performs access control on the virtual network card of each network segment according to the services that actually exist in each network segment, opens different trap service access permissions, finally binds all the virtual network cards to one physical network card, configures the physical network card of the physical honeypot into a trunk mode, so that the flows of the virtual network card entering and exiting the physical network card all carry VLAN tags of the corresponding network segment, thereby enabling one physical network card to simultaneously use the IP addresses of the plurality of network segments for communication. By the method, on the basis of real network environment conditions, a plurality of different virtual honeypots can be deployed in a plurality of network segments by using one physical honeypot and one physical network card, so that a hacker can hardly distinguish true from false, the probability of attacking the honeypots by the hacker is improved, and the cost of deploying the honeypots in the plurality of network segments is reduced.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A system for deploying virtual honeypots in multiple network segments based on a real network environment is characterized by comprising a physical honeypot, multiple virtual network cards and a physical network card, wherein the virtual network cards are configured on the physical honeypot, IP addresses of different network segments are configured on each virtual network card, different trap service access authorities are opened to different network segments according to services of each network segment really existing and identified through network scanning, all the virtual network cards are bound on one physical network card, and VLAN labels of corresponding network segments are carried in flow of each virtual network card entering and exiting the physical network card.
2. The system for deploying virtual honeypots in multiple network segments based on real network environment of claim 1, wherein the physical network card is configured in trunk mode.
3. The system for deploying virtual honeypots in multiple network segments based on real network environment of claim 1, wherein a portal of a switch connected to the physical network card is configured in trunk mode.
4. The system for deploying virtual honeypots in multiple network segments based on a real network environment of claim 3, wherein the switch is a service area switch.
5. The system for deploying virtual honeypots in multiple network segments based on a real network environment of claim 4, wherein the service area switch is connected with an office area switch.
6. The system for deploying virtual honeypots in multiple network segments based on real network environment of claim 5, wherein the service area switch is further connected with an operation and maintenance area switch, a guest area switch and/or a financial area switch.
7. The system for deploying virtual honeypots in multiple network segments based on real network environment of claim 4, wherein the server farm segment open trap services where the service farm switch is located include TOMCAT and MYSQL.
8. The system for deploying virtual honeypots on multiple network segments based on real network environment of claim 5, wherein office segment open trap services where the office switches are located include SMB and FTP.
9. The system for deploying virtual honeypots in multiple network segments based on real network environment of claim 6, wherein the trap services opened by the operation and maintenance zone segment where the operation and maintenance zone switch is located comprise SMB, FTP and RDP, the trap services opened by the guest zone segment where the guest zone switch is located comprise SMB, and the trap services opened by the financial zone segment where the financial zone switch is located comprise SMB and RDP.
10. A method for deploying virtual honeypots in multiple network segments based on a real network environment, which is applied to the system for deploying virtual honeypots in multiple network segments based on a real network environment as claimed in claim 1, and comprises the following steps:
A) respectively carrying out network scanning on a plurality of network segments by using a physical honeypot, and identifying trap services opened in each network segment;
B) configuring a plurality of virtual network cards by using the physical honeypots;
C) configuring IP addresses of different network segments for each virtual network card;
D) configuring VLAN labels of corresponding network segments for each virtual network card;
E) according to the network scanning result, configuring an access control strategy for each virtual network card, and only allowing access to the trap service of the virtual network card opened in the corresponding virtual honeypot;
F) configuring a physical network card of the physical honeypot into a trunk mode, allowing traffic carrying VLAN tags to pass through, and configuring a network port of a switch connected with the physical network card into the trunk mode;
G) configuring a unique ID number for the VLAN label of each network segment;
H) the physical honeypots simultaneously use the IP addresses of the network segments for communication through one physical network card, and multi-network-segment deployment of the virtual honeypots is achieved.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910596034.4A CN110266718A (en) | 2019-07-03 | 2019-07-03 | The system and method in multiple network segments deployment honey jar based on VLAN tag |
| CN2019105960344 | 2019-07-03 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110650154A true CN110650154A (en) | 2020-01-03 |
Family
ID=67924215
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910596034.4A Pending CN110266718A (en) | 2019-07-03 | 2019-07-03 | The system and method in multiple network segments deployment honey jar based on VLAN tag |
| CN201910980322.XA Pending CN110650154A (en) | 2019-07-03 | 2019-10-15 | System and method for deploying virtual honeypots in multiple network segments based on real network environment |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910596034.4A Pending CN110266718A (en) | 2019-07-03 | 2019-07-03 | The system and method in multiple network segments deployment honey jar based on VLAN tag |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN110266718A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111934971A (en) * | 2020-08-12 | 2020-11-13 | 杭州默安科技有限公司 | Method and device for local network access from mapping service spanning three-layer network to multiple VLANs and multiple IPs |
| CN112134891A (en) * | 2020-09-24 | 2020-12-25 | 上海观安信息技术股份有限公司 | Configuration method, system and monitoring method for generating multiple honey pot nodes by single host based on linux system |
| CN113542262A (en) * | 2021-07-13 | 2021-10-22 | 北京华圣龙源科技有限公司 | Intelligent early warning method and device for information security threat of information system |
| CN113612783A (en) * | 2021-08-09 | 2021-11-05 | 杭州安恒信息安全技术有限公司 | Honeypot protection system |
| CN114006772A (en) * | 2021-12-30 | 2022-02-01 | 北京微步在线科技有限公司 | Method and device for resisting hacker attack, electronic equipment and storage medium |
| CN114070627A (en) * | 2021-11-17 | 2022-02-18 | 奇安信科技集团股份有限公司 | Production network security monitoring system, method, computer device and medium |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111885044A (en) * | 2020-07-20 | 2020-11-03 | 平安科技(深圳)有限公司 | Method, device, equipment and storage medium for configuring multiple network cards of cloud host |
| CN111885067A (en) * | 2020-07-28 | 2020-11-03 | 福建奇点时空数字科技有限公司 | Flow-oriented integrated honeypot threat data capturing method |
| CN114785564A (en) * | 2022-04-01 | 2022-07-22 | 江苏天翼安全技术有限公司 | Universal method for preventing board jump machine based on Ethernet bridge rule |
| CN116055445A (en) * | 2022-12-21 | 2023-05-02 | 安天科技集团股份有限公司 | Honeypot technology realization method and device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
| US8156541B1 (en) * | 2007-10-17 | 2012-04-10 | Mcafee, Inc. | System, method, and computer program product for identifying unwanted activity utilizing a honeypot device accessible via VLAN trunking |
| CN104883410A (en) * | 2015-05-21 | 2015-09-02 | 深圳颐和网络科技有限公司 | Network transmission method and network transmission device |
| CN106789865A (en) * | 2016-07-14 | 2017-05-31 | 深圳市永达电子信息股份有限公司 | A kind of network safety protection method based on GRE network integration SDN technologies and Honeypot Techniques |
-
2019
- 2019-07-03 CN CN201910596034.4A patent/CN110266718A/en active Pending
- 2019-10-15 CN CN201910980322.XA patent/CN110650154A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8156541B1 (en) * | 2007-10-17 | 2012-04-10 | Mcafee, Inc. | System, method, and computer program product for identifying unwanted activity utilizing a honeypot device accessible via VLAN trunking |
| CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
| CN104883410A (en) * | 2015-05-21 | 2015-09-02 | 深圳颐和网络科技有限公司 | Network transmission method and network transmission device |
| CN106789865A (en) * | 2016-07-14 | 2017-05-31 | 深圳市永达电子信息股份有限公司 | A kind of network safety protection method based on GRE network integration SDN technologies and Honeypot Techniques |
Non-Patent Citations (1)
| Title |
|---|
| 张骏: ""一种基于vlan技术的蜜网设计与实现"", 《湖南工程学院学报(自然科学版)》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111934971A (en) * | 2020-08-12 | 2020-11-13 | 杭州默安科技有限公司 | Method and device for local network access from mapping service spanning three-layer network to multiple VLANs and multiple IPs |
| CN112134891A (en) * | 2020-09-24 | 2020-12-25 | 上海观安信息技术股份有限公司 | Configuration method, system and monitoring method for generating multiple honey pot nodes by single host based on linux system |
| CN112134891B (en) * | 2020-09-24 | 2022-11-04 | 上海观安信息技术股份有限公司 | Configuration method, system and monitoring method for generating multiple honey can nodes by single host based on linux system |
| CN113542262A (en) * | 2021-07-13 | 2021-10-22 | 北京华圣龙源科技有限公司 | Intelligent early warning method and device for information security threat of information system |
| CN113612783A (en) * | 2021-08-09 | 2021-11-05 | 杭州安恒信息安全技术有限公司 | Honeypot protection system |
| CN114070627A (en) * | 2021-11-17 | 2022-02-18 | 奇安信科技集团股份有限公司 | Production network security monitoring system, method, computer device and medium |
| CN114070627B (en) * | 2021-11-17 | 2024-02-20 | 奇安信科技集团股份有限公司 | Production network security monitoring system, method, computer device and medium |
| CN114006772A (en) * | 2021-12-30 | 2022-02-01 | 北京微步在线科技有限公司 | Method and device for resisting hacker attack, electronic equipment and storage medium |
| CN114006772B (en) * | 2021-12-30 | 2022-04-12 | 北京微步在线科技有限公司 | Method and device for resisting hacker attack, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110266718A (en) | 2019-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110650154A (en) | System and method for deploying virtual honeypots in multiple network segments based on real network environment | |
| CN110381045B (en) | Attack operation processing method and device, storage medium and electronic device | |
| CN107370756B (en) | Honey net protection method and system | |
| Artail et al. | A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks | |
| WO2021233373A1 (en) | Network security protection method and apparatus, storage medium and electronic device | |
| WO2020149920A1 (en) | Detecting homographs of domain names | |
| CN112769821A (en) | Threat response method and device based on threat intelligence and ATT & CK | |
| CN103368941A (en) | User network access scenario-based protection method and device | |
| CN113691504B (en) | Network trapping method and system based on software defined network | |
| Kebande et al. | A generic Digital Forensic Readiness model for BYOD using honeypot technology | |
| CN112134891A (en) | Configuration method, system and monitoring method for generating multiple honey pot nodes by single host based on linux system | |
| Mishra et al. | Out-VM monitoring for malicious network packet detection in cloud | |
| CN113612783B (en) | Honeypot protection system | |
| Zakaria et al. | A review of dynamic and intelligent honeypots | |
| CN112714137A (en) | Method for deploying honey nets across vlan in large scale based on virtual switching | |
| CN111431881A (en) | Method and device for trapping nodes based on windows operating system | |
| Ko et al. | Unsupervised learning with hierarchical feature selection for DDoS mitigation within the ISP domain | |
| DE202022102631U1 (en) | Intelligent defense system against distributed Denial of Service (DDoS) attacks in Internet of Things (IoT) networks | |
| Meena et al. | HyPASS: Design of hybrid-SDN prevention of attacks of source spoofing with host discovery and address validation | |
| CN112383511B (en) | Flow forwarding method and system | |
| Brzeczko et al. | Active deception model for securing cloud infrastructure | |
| Haseeb et al. | Iot attacks: Features identification and clustering | |
| CN114172697B (en) | Method for defending IP address spoofing DDoS attack in high-speed network | |
| CN113037779B (en) | Intelligent self-learning white list method and system in active defense system | |
| Abhijith et al. | First Level Security System for Intrusion Detection and Prevention in LAN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200103 |
|
| RJ01 | Rejection of invention patent application after publication |