CN113965409A - Network trapping method and device, electronic equipment and storage medium - Google Patents
Network trapping method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113965409A CN113965409A CN202111348544.3A CN202111348544A CN113965409A CN 113965409 A CN113965409 A CN 113965409A CN 202111348544 A CN202111348544 A CN 202111348544A CN 113965409 A CN113965409 A CN 113965409A
- Authority
- CN
- China
- Prior art keywords
- trapping
- network
- scene
- target network
- template
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The embodiment of the application provides a network trapping method, a network trapping device, electronic equipment and a storage medium, and relates to the technical field of network security. The method comprises the steps of sending a detection task to a target network; receiving detection result information returned by the target network to determine safety protection level information of the target network according to the detection result information; according to the safety protection level information, a preset trapping scene template is matched to dynamically generate a trapping network, active detection and trapping are combined, trapping scenes are dynamically matched, trapping efficiency is improved, and the problem that the trapping capability is poor due to the fact that the trapping network cannot be dynamically adjusted in the existing method is solved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a network trapping method, an apparatus, an electronic device, and a storage medium.
Background
The trapping technology mainly aims at warning hackers and ghost intranet intrusion behaviors in real time by constructing traps on key service nodes to confuse attack targets, can isolate the traps to delay the attacks, and helps users to trace the source and block the attacks, so that the security of enterprise core information assets is protected.
Trapping products commonly available in the market generally adopt a static deployment mode, trapping nodes and analysis platforms are deployed in a client environment, and the mode has poor service simulation capability and relatively weak dynamic protection capability and is easily identified and bypassed by attackers.
Disclosure of Invention
An object of the embodiments of the present application is to provide a network trapping method, device, electronic device and storage medium, which combine active detection and trapping, dynamically match trapping scenarios, and improve trapping efficiency, thereby solving the problem of poor trapping capability caused by the fact that the existing method cannot dynamically adjust the trapping network.
The embodiment of the application provides a network trapping method, which comprises the following steps:
issuing a detection task to a target network;
receiving detection result information returned by the target network to determine safety protection level information of the target network according to the detection result information;
and matching a preset trapping scene template according to the safety protection grade information to dynamically generate a trapping network.
In the implementation process, active detection is carried out before trapping, and the current network safety protection capability is dynamically identified, so that trapping scenes of corresponding levels are reasonably matched, trapping efficiency is improved, and the problem that the trapping capability is poor due to the fact that the trapping network cannot be dynamically adjusted in the existing method is solved.
Further, before the step of determining the security level information of the target network according to the detection result information, the method further includes:
and (4) configuring trapping scene template parameters to generate a trapping scene template.
In the implementation process, the trapping scene templates with different grades can be set according to the trapping needs.
Further, the configuring of the parameters of the trapping scene template and the generating of the trapping scene template comprise:
receiving protective equipment parameters configured by a user, wherein the protective equipment parameters comprise the number of online equipment and a value corresponding to each piece of equipment;
receiving corresponding trapping scene grades set according to the total score of the protective equipment, wherein the trapping scene grades comprise basic simulation trapping scenes, medium simulation trapping scenes and high simulation trapping scenes;
and generating a trapping scene template of a corresponding level according to the trapping scene grade.
In the implementation process, the trapping scene templates with different grades can be selected according to the protection requirements, so that the cost is saved on the premise of meeting the protection requirements.
Further, the matching a preset trapping scene template according to the safety protection level information to dynamically generate a trapping network includes:
if the security protection level of the target network is high, matching a basic simulation trapping scene template;
if the security protection level of the target network is a middle level, matching a middle simulation trapping scene template;
and if the security protection level of the target network is low, matching a highly simulated trapping scene template.
In the implementation process, matching is carried out according to the security protection level of the target network, if the protection level is higher, the simulation trapping scene template of the lower level can be matched, and therefore matching is reasonable and cost is saved.
An embodiment of the present application further provides a network trapping device, where the device includes:
the task issuing module is used for issuing a detection task to the target network;
the receiving module is used for receiving detection result information returned by the target network so as to determine the safety protection level information of the target network according to the detection result information;
and the matching module is used for matching a preset trapping scene template according to the safety protection grade information so as to dynamically generate a trapping network.
In the implementation process, active detection is carried out before trapping, and the current network safety protection capability is dynamically identified, so that trapping scenes of corresponding levels are reasonably matched, trapping efficiency is improved, and the problem that the trapping capability is poor due to the fact that the trapping network cannot be dynamically adjusted in the existing method is solved.
Further, the apparatus further comprises:
and the template generating module is used for configuring parameters of the trapping scene template and generating the trapping scene template.
In the implementation process, the trapping scene templates with different grades can be set according to the trapping needs.
Further, the template generation module includes:
the device comprises a parameter setting module, a parameter setting module and a parameter setting module, wherein the parameter setting module is used for receiving protective equipment parameters configured by a user, and the protective equipment parameters comprise the number of online equipment and a value corresponding to each piece of equipment;
the level setting module is used for receiving corresponding trapping scene levels set according to the total score of the protective equipment, wherein the trapping scene levels comprise basic simulation trapping scenes, medium simulation trapping scenes and high simulation trapping scenes;
and the template generating module is used for generating the trapping scene templates with corresponding levels according to the trapping scene grades.
In the implementation process, the trapping scene templates with different grades can be selected according to the protection requirements, so that the cost is saved on the premise of meeting the protection requirements.
Further, the matching module comprises:
if the security protection level of the target network is high, matching a basic simulation trapping scene template;
if the security protection level of the target network is a middle level, matching a middle simulation trapping scene template;
and if the security protection level of the target network is low, matching a highly simulated trapping scene template.
In the implementation process, matching is carried out according to the security protection level of the target network, if the protection level is higher, the simulation trapping scene template of the lower level can be matched, and therefore matching is reasonable and cost is saved.
An embodiment of the present application further provides an electronic device, where the electronic device includes a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the network trapping method described in any one of the above.
An embodiment of the present application further provides a readable storage medium, where computer program instructions are stored, and when the computer program instructions are read and executed by a processor, the network trapping method described in any of the above is performed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart of a network trapping method according to an embodiment of the present application;
FIG. 2 is a flow chart of trap scene template generation provided by an embodiment of the present application;
FIG. 3 is a schematic diagram of a trapping scene template provided in an embodiment of the present application;
FIG. 4 is a schematic diagram of a detection result provided in an embodiment of the present application;
fig. 5 is a schematic diagram of a trapping network generated according to an embodiment of the present application;
FIG. 6 is a block diagram of a network trapping device according to an embodiment of the present application;
fig. 7 is a block diagram of another network trapping device according to an embodiment of the present application.
Icon:
100-a task issuing module; 200-a receiving module; 210-a template generation module; 211-parameter setting module; 212-level setting module; 213-a trap template generation module; 300-matching module.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a flowchart of a network trapping method according to an embodiment of the present application. The method can be applied to a network security monitoring platform, the network security monitoring platform can actively issue detection tasks so as to generate a matched trapping network, highly simulate the current structure information of a target network, and induce attackers to attack the trapping network, so that a real network is protected, and the problem that the trapping capability is poor due to the fact that the trapping network cannot be dynamically adjusted in the existing method is solved. The method comprises the following steps:
step S100: issuing a detection task to a target network;
the detection task aims at detecting network structure information in a target network, wherein the network structure information comprises network safety protection capability (safety protection level information) and service application conditions, such as the number of safety protection facilities, the number of services operated and the like, and a network safety monitoring platform can automatically generate a matched trapping network according to detection result information returned by detection.
Step S200: receiving detection result information returned by the target network to determine safety protection level information of the target network according to the detection result information;
before step S200, it is necessary to configure the parameters of the trapping scene template to generate the trapping scene template.
As shown in fig. 2, the process diagram for generating the trapping scene template specifically includes the following steps:
step S211: receiving protective equipment parameters configured by a user, wherein the protective equipment parameters comprise the number of online equipment and a value corresponding to each piece of equipment;
step S212: receiving corresponding trapping scene grades set according to the total score of the protective equipment, wherein the trapping scene grades comprise basic simulation trapping scenes, medium simulation trapping scenes and high simulation trapping scenes;
step S213: and generating a trapping scene template of a corresponding level according to the trapping scene grade.
As shown in fig. 3, a schematic diagram of a trapping scene template is shown, where the trapping scene template supports customization, and a user may configure parameters of the trapping scene template as needed, specifically:
the parameters of the protection device include the number of online devices and the score corresponding to each device, for example, the number of firewalls, WAFs, APTs, and IDSs that are online is 1, and the score of each device is 5, the score corresponding to the protection configuration can be calculated, and the score of each protection device can be set according to the needs and the protection intensity, which is not limited herein.
The levels corresponding to different scores can be configured, for example, the total score is set to be 100, the scores from 0 to 20 are mapped into a high-level simulation trapping scene, the scores from 21 to 60 are mapped into a medium-level simulation trapping scene, the scores from 61 to 100 are mapped into a basic simulation trapping scene, custom setting can be performed according to needs, and the scores of the protective equipment, the scores of the low-level, the medium-level and the high-level, and the mapped scenes can be set without any limitation.
Determining the safety protection level of the target network according to the detected safety protection condition and the service opening condition, if the safety protection level can be embodied by a score, such as 0-20, the safety protection level is lower, so that a preset trapping scene template is matched according to the safety protection level, and if the safety protection level of the target network is higher, a relatively low-level simulation trapping scene template is matched, so that on one hand, resources can be reasonably utilized; on the other hand, the cost is saved for the user.
Step S300: and matching a preset trapping scene template according to the safety protection grade information to dynamically generate a trapping network.
For matching of scene templates, the principle is that the method can play a trapping role and can save cost for users, specifically:
if the security protection level of the target network is high, matching a basic simulation trapping scene template;
if the security protection level of the target network is a middle level, matching a middle simulation trapping scene template;
and if the security protection level of the target network is low, matching a highly simulated trapping scene template.
The reason for the arrangement is that if the security protection level of the target network is higher and the threat to the network security is smaller, lower simulation trapping scene templates can be matched; if the security protection level of the target network is low, a simulation trapping scene template with a high level can be configured to attract an attacker to attack the simulation trapping scene template, so that the target network can be protected; therefore, the corresponding simulation trapping scene template can be configured according to different safety protection levels of the target network, so that the trapping effect can be achieved, and meanwhile, the cost can be saved for a user.
The basic simulation trapping scene template supports basic protocol type low-interaction trapping, basic protocols can include, but are not limited to ssh, FTP, mysql and the like, network protocols of a target network can be simulated simply, protocol connection is supported, and attackers are attracted to operate further.
The moderate simulation trapping scene template supports interactive trapping of a web container class, wherein the web container comprises but is not limited to tomcat, jboost, php and the like, is used for simulating a web container in a target network, supports page access and lures an attacker to further operate.
The highly simulated trapping scene template supports basic protocol and web container type highly interactive trapping, is used for highly simulating real service of a target network, supports real interaction of a page, and induces an attacker to further operate.
Fig. 4 is a schematic diagram showing the detection result. The detection result information includes information of the detection object, i.e., the target network, such as a mailbox, an OA system, an SQL database and the like, the network segment, the corresponding security protection level and the like.
The network security monitoring platform can intelligently match trapping scenes according to detection result information, and can dynamically create trapping nodes.
As shown in fig. 5, the mousetrap network (mousetrap node) is generated as a schematic diagram, comprising IP, operating system, mac address and emulated application, etc.
And scanning the target network by issuing a detection task, and intelligently judging the safety protection level of the target network according to the safety protection level in the high-level configuration. And after the safety protection level is judged, calling a preset template according to the judgment result, executing the deployment of the honeypots and generating a trapping network.
After deployment is completed, an attacker is waited for access, after the attacker enters, specified service interaction (such as 22-port and 8080-port service) is started, logs are kept in the whole interaction process, meanwhile, states of the IP, an operating system and the like of the attacker are recorded according to information of the attacker, and an alarm is generated according to rules.
The method combines an active detection technology with trapping capacity, provides the active detection capacity before trapping, dynamically identifies the current network security protection capacity and the service opening condition, intelligently matches trapping scenes, and automatically generates a corresponding trapping network. The mode of combining active detection and trapping technology can reduce the probability of recognizing an attacker trapping the network, and effectively improves the trapping efficiency.
In addition, a scoring mechanism is adopted to perform score conversion on the safety protection capability, and the trapping scene templates of corresponding levels are intelligently matched according to the detected service opening condition, so that a trapping network is dynamically created.
An embodiment of the present application further provides a network trapping device, as shown in fig. 6, which is a block diagram of a structure of the network trapping device, where the device includes:
a task issuing module 100, configured to issue a detection task to a target network;
a receiving module 200, configured to receive detection result information returned by the target network, so as to determine security level information of the target network according to the detection result information;
and the matching module 300 is configured to match a preset trapping scene template according to the safety protection level information, so as to dynamically generate a trapping network.
In addition, as shown in fig. 7, it is a block diagram of another network trapping device, and the device further includes:
and the template generating module 210 is configured to configure parameters of the trapping scene template to generate the trapping scene template.
The template generation module 210 includes:
the parameter setting module 211 is configured to receive a protective device parameter configured by a user, where the protective device parameter includes the number of online devices and a score corresponding to each device;
the level setting module 212 is configured to receive corresponding trapping scene levels set according to the total score of the protective equipment, where the trapping scene levels include a basic simulation trapping scene, a medium simulation trapping scene, and a high simulation trapping scene;
a trapping template generating module 213, configured to generate a trapping scene template of a corresponding level according to the trapping scene grade.
The matching module 300 is configured to:
if the security protection level of the target network is high, matching a basic simulation trapping scene template;
if the security protection level of the target network is a middle level, matching a middle simulation trapping scene template;
and if the security protection level of the target network is low, matching a highly simulated trapping scene template.
An embodiment of the present application further provides an electronic device, where the electronic device includes a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the network trapping method described in any one of the above.
An embodiment of the present application further provides a readable storage medium, where computer program instructions are stored, and when the computer program instructions are read and executed by a processor, the network trapping method described in any of the above is performed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A network trapping method, characterized in that the method comprises:
issuing a detection task to a target network;
receiving detection result information returned by the target network to determine safety protection level information of the target network according to the detection result information;
and matching a preset trapping scene template according to the safety protection grade information to dynamically generate a trapping network.
2. A network trapping method according to claim 1, wherein before the step of determining security level information of the target network according to the probe result information, the method further comprises:
and (4) configuring trapping scene template parameters to generate a trapping scene template.
3. The network trapping method according to claim 2, wherein the configuring of the trapping scene template parameters to generate the trapping scene template comprises:
receiving protective equipment parameters configured by a user, wherein the protective equipment parameters comprise the number of online equipment and a value corresponding to each piece of equipment;
receiving corresponding trapping scene grades set according to the total score of the protective equipment, wherein the trapping scene grades comprise basic simulation trapping scenes, medium simulation trapping scenes and high simulation trapping scenes;
and generating a trapping scene template of a corresponding level according to the trapping scene grade.
4. The network trapping method according to claim 1, wherein the matching a preset trapping scene template according to the security protection level information to dynamically generate a trapping network comprises:
if the security protection level of the target network is high, matching a basic simulation trapping scene template;
if the security protection level of the target network is a middle level, matching a middle simulation trapping scene template;
and if the security protection level of the target network is low, matching a highly simulated trapping scene template.
5. A network trapping apparatus, characterized in that said apparatus comprises:
the task issuing module is used for issuing a detection task to the target network;
the receiving module is used for receiving detection result information returned by the target network so as to determine the safety protection level information of the target network according to the detection result information;
and the matching module is used for matching a preset trapping scene template according to the safety protection grade information so as to dynamically generate a trapping network.
6. A network trapping apparatus according to claim 5, further comprising:
and the template generating module is used for configuring parameters of the trapping scene template and generating the trapping scene template.
7. The web trapping apparatus according to claim 6, wherein the template generating module comprises:
the device comprises a parameter setting module, a parameter setting module and a parameter setting module, wherein the parameter setting module is used for receiving protective equipment parameters configured by a user, and the protective equipment parameters comprise the number of online equipment and a value corresponding to each piece of equipment;
the level setting module is used for receiving corresponding trapping scene levels set according to the total score of the protective equipment, wherein the trapping scene levels comprise basic simulation trapping scenes, medium simulation trapping scenes and high simulation trapping scenes;
and the template generating module is used for generating the trapping scene templates with corresponding levels according to the trapping scene grades.
8. The network trapping apparatus of claim 5, wherein the matching module is configured to:
if the security protection level of the target network is high, matching a basic simulation trapping scene template;
if the security protection level of the target network is a middle level, matching a middle simulation trapping scene template;
and if the security protection level of the target network is low, matching a highly simulated trapping scene template.
9. An electronic device, characterized in that the electronic device comprises a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to perform the network trapping method according to any one of claims 1 to 4.
10. A readable storage medium having stored therein computer program instructions which, when read and executed by a processor, perform the network trapping method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348544.3A CN113965409A (en) | 2021-11-15 | 2021-11-15 | Network trapping method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348544.3A CN113965409A (en) | 2021-11-15 | 2021-11-15 | Network trapping method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113965409A true CN113965409A (en) | 2022-01-21 |
Family
ID=79470709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111348544.3A Pending CN113965409A (en) | 2021-11-15 | 2021-11-15 | Network trapping method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113965409A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124585A (en) * | 2022-01-28 | 2022-03-01 | 奇安信科技集团股份有限公司 | Security defense method, device, electronic equipment and medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581104A (en) * | 2012-07-18 | 2014-02-12 | 江苏中科慧创信息安全技术有限公司 | Active trapping method based on behavior capturing |
| CN104506507A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) |
| US20170134423A1 (en) * | 2015-07-21 | 2017-05-11 | Cymmetria, Inc. | Decoy and deceptive data object technology |
| CN107509200A (en) * | 2017-09-30 | 2017-12-22 | 北京奇虎科技有限公司 | Equipment localization method and device based on wireless network invasion |
| CN108737421A (en) * | 2018-05-23 | 2018-11-02 | 深信服科技股份有限公司 | Method, system, device and the storage medium of potential threat in a kind of discovery network |
| CN109088901A (en) * | 2018-10-31 | 2018-12-25 | 杭州默安科技有限公司 | Deception defence method and system based on SDN building dynamic network |
| CN110011982A (en) * | 2019-03-19 | 2019-07-12 | 西安交通大学 | A kind of attack intelligence deception system and method based on virtualization |
| CN110768987A (en) * | 2019-10-28 | 2020-02-07 | 电子科技大学 | SDN-based dynamic deployment method and system for virtual honey network |
| CN110830457A (en) * | 2019-10-25 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Attack sensing method, device, equipment and medium based on honeypot induction |
| CN111343174A (en) * | 2020-02-22 | 2020-06-26 | 上海观安信息技术股份有限公司 | Intelligent learning type self-response industrial internet honeypot induction method and system |
| CN111541701A (en) * | 2020-04-24 | 2020-08-14 | 上海沪景信息科技有限公司 | Attack trapping method, device, equipment and computer readable storage medium |
| CN112118258A (en) * | 2020-09-17 | 2020-12-22 | 四川长虹电器股份有限公司 | System and method for acquiring attacker information in honeypot scene |
| CN112367307A (en) * | 2020-10-27 | 2021-02-12 | 中国电子科技集团公司第二十八研究所 | Intrusion detection method and system based on container-grade honey pot group |
| CN112417444A (en) * | 2020-12-03 | 2021-02-26 | 南京邮电大学 | Attack trapping system based on firmware simulation |
| CN112491892A (en) * | 2020-11-27 | 2021-03-12 | 杭州安恒信息安全技术有限公司 | Network attack inducing method, device, equipment and medium |
| CN112788043A (en) * | 2021-01-18 | 2021-05-11 | 广州锦行网络科技有限公司 | Honeypot system service self-adaption method and self-adaption service honeypot system |
| CN112995187A (en) * | 2021-03-09 | 2021-06-18 | 中国人民解放军空军工程大学 | Network cooperative defense system and method based on community structure |
| CN113422779A (en) * | 2021-07-02 | 2021-09-21 | 南京联成科技发展股份有限公司 | Active security defense system based on centralized management and control |
-
2021
- 2021-11-15 CN CN202111348544.3A patent/CN113965409A/en active Pending
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581104A (en) * | 2012-07-18 | 2014-02-12 | 江苏中科慧创信息安全技术有限公司 | Active trapping method based on behavior capturing |
| CN104506507A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) |
| US20170134423A1 (en) * | 2015-07-21 | 2017-05-11 | Cymmetria, Inc. | Decoy and deceptive data object technology |
| CN107509200A (en) * | 2017-09-30 | 2017-12-22 | 北京奇虎科技有限公司 | Equipment localization method and device based on wireless network invasion |
| CN108737421A (en) * | 2018-05-23 | 2018-11-02 | 深信服科技股份有限公司 | Method, system, device and the storage medium of potential threat in a kind of discovery network |
| CN109088901A (en) * | 2018-10-31 | 2018-12-25 | 杭州默安科技有限公司 | Deception defence method and system based on SDN building dynamic network |
| CN110011982A (en) * | 2019-03-19 | 2019-07-12 | 西安交通大学 | A kind of attack intelligence deception system and method based on virtualization |
| CN110830457A (en) * | 2019-10-25 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Attack sensing method, device, equipment and medium based on honeypot induction |
| CN110768987A (en) * | 2019-10-28 | 2020-02-07 | 电子科技大学 | SDN-based dynamic deployment method and system for virtual honey network |
| CN111343174A (en) * | 2020-02-22 | 2020-06-26 | 上海观安信息技术股份有限公司 | Intelligent learning type self-response industrial internet honeypot induction method and system |
| CN111541701A (en) * | 2020-04-24 | 2020-08-14 | 上海沪景信息科技有限公司 | Attack trapping method, device, equipment and computer readable storage medium |
| CN112118258A (en) * | 2020-09-17 | 2020-12-22 | 四川长虹电器股份有限公司 | System and method for acquiring attacker information in honeypot scene |
| CN112367307A (en) * | 2020-10-27 | 2021-02-12 | 中国电子科技集团公司第二十八研究所 | Intrusion detection method and system based on container-grade honey pot group |
| CN112491892A (en) * | 2020-11-27 | 2021-03-12 | 杭州安恒信息安全技术有限公司 | Network attack inducing method, device, equipment and medium |
| CN112417444A (en) * | 2020-12-03 | 2021-02-26 | 南京邮电大学 | Attack trapping system based on firmware simulation |
| CN112788043A (en) * | 2021-01-18 | 2021-05-11 | 广州锦行网络科技有限公司 | Honeypot system service self-adaption method and self-adaption service honeypot system |
| CN112995187A (en) * | 2021-03-09 | 2021-06-18 | 中国人民解放军空军工程大学 | Network cooperative defense system and method based on community structure |
| CN113422779A (en) * | 2021-07-02 | 2021-09-21 | 南京联成科技发展股份有限公司 | Active security defense system based on centralized management and control |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124585A (en) * | 2022-01-28 | 2022-03-01 | 奇安信科技集团股份有限公司 | Security defense method, device, electronic equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gupta et al. | A novel approach for phishing URLs detection using lexical based machine learning in a real-time environment | |
| Jain et al. | A survey of phishing attack techniques, defence mechanisms and open research challenges | |
| US11709944B2 (en) | Intelligent adversary simulator | |
| Balepin et al. | Using specification-based intrusion detection for automated response | |
| US20140157415A1 (en) | Information security analysis using game theory and simulation | |
| CN113098835A (en) | Honeypot implementation method based on block chain, honeypot client and honeypot system | |
| CN110348210A (en) | Safety protecting method and device | |
| Djanali et al. | SQL injection detection and prevention system with raspberry Pi honeypot cluster for trapping attacker | |
| CN113992435A (en) | Attack detection tracing method, device and system | |
| CN112532636A (en) | Malicious domain name detection method and device based on T-Pot honeypot and backbone network flow | |
| CN114915493A (en) | Trapping deployment method based on power monitoring system network attack | |
| Sree et al. | Artificial intelligence based predictive threat hunting in the field of cyber security | |
| Zamiri-Gourabi et al. | Gas what? i can see your gaspots. studying the fingerprintability of ics honeypots in the wild | |
| CN114117414A (en) | Security protection system, method, device and storage medium for mobile application | |
| CN113965409A (en) | Network trapping method and device, electronic equipment and storage medium | |
| Iqbal et al. | When ChatGPT goes rogue: exploring the potential cybersecurity threats of AI-powered conversational chatbots | |
| CN117544335A (en) | Bait activation method, device, equipment and storage medium | |
| Apoorva et al. | Analysis of uniform resource locator using boosting algorithms for forensic purpose | |
| CN115688100A (en) | Method, device, equipment and medium for placing bait file | |
| CN110224975A (en) | The determination method and device of APT information, storage medium, electronic device | |
| Cucu et al. | Current technologies and trends in cybersecurity and the impact of artificial intelligence | |
| Belous et al. | Viruses, Hardware and Software Trojans: Attacks and Countermeasures | |
| Yang et al. | Research on detection and prevention of mobile device botnet in cloud service systems | |
| CN114143105B (en) | Source tracing method and device for network air threat behavior bodies, electronic equipment and storage medium | |
| Akinwale et al. | Detection and Binary Classification of Spear-Phishing Emails in Organizations Using a Hybrid Machine Learning Approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |