CN115632885A - Honeypot manufacturing method and device, electronic equipment and readable storage medium - Google Patents

Honeypot manufacturing method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN115632885A
CN115632885A CN202211645282.1A CN202211645282A CN115632885A CN 115632885 A CN115632885 A CN 115632885A CN 202211645282 A CN202211645282 A CN 202211645282A CN 115632885 A CN115632885 A CN 115632885A
Authority
CN
China
Prior art keywords
honeypot
response data
access request
configuration information
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211645282.1A
Other languages
Chinese (zh)
Other versions
CN115632885B (en
Inventor
陈章
任政
童兆丰
薛锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ThreatBook Technology Co Ltd
Original Assignee
Beijing ThreatBook Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ThreatBook Technology Co Ltd filed Critical Beijing ThreatBook Technology Co Ltd
Priority to CN202211645282.1A priority Critical patent/CN115632885B/en
Publication of CN115632885A publication Critical patent/CN115632885A/en
Application granted granted Critical
Publication of CN115632885B publication Critical patent/CN115632885B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Abstract

The application relates to the technical field of network security, and provides a honeypot manufacturing method and device, electronic equipment and a readable storage medium. The method comprises the following steps: acquiring response data corresponding to the access request from the target website; recording and storing the access request, the response data and configuration information generated by responding to the access request to acquire a honeypot file; and generating a target honeypot according to the honeypot file. The honeypot manufacturing method provided by the embodiment of the application can improve the generation efficiency of honeypots.

Description

Honeypot manufacturing method and device, electronic equipment and readable storage medium
Technical Field
The application relates to the technical field of network security, in particular to a honeypot manufacturing method and device, electronic equipment and a readable storage medium.
Background
Honeypots are a type of bait system that entices hackers to attack by forging services in a way that simulates a leaky service, web server, etc. Once the attack is generated, the honeypot can record the attack and alarm to analyze the attack behavior of the hacker. In the related technology, for the fabrication of honeypots, a crawler script is usually written to crawl a website, then a url address registered by a website login item is modified to point to the back end of the honeypot, the back end of the honeypot modifies a part of a page according to the configuration of the honeypot, and an attack behavior is attacked and reported when a hacker visits the honeypot. However, the manufacturing method of the honeypot needs to spend a lot of time on modifying the front-end code, and websites built for different source codes need different code writing methods, so that the manufacturing process of the honeypot is complicated, and the generation efficiency of the honeypot is affected.
Disclosure of Invention
The present application is directed to solving at least one of the technical problems occurring in the related art. Therefore, the honey pot manufacturing method is provided, and the generating efficiency of the honey pot can be improved.
The application also provides a honeypot making device.
The application also provides an electronic device.
The present application also provides a computer-readable storage medium.
According to the honey pot manufacturing method of the embodiment of the first aspect of the application, the honey pot manufacturing method comprises the following steps:
acquiring response data corresponding to the access request from the target website;
recording and storing the access request, the response data and the configuration information generated by responding to the access request to acquire a honeypot file;
and generating a target honeypot according to the honeypot file.
According to the honeypot manufacturing method provided by the embodiment of the application, the response data corresponding to the access request is obtained from the target website, the access request, the response data and the configuration information generated by responding to the access request are recorded and stored, the honeypot file is obtained, and the target honeypot is generated according to the honeypot file, so that the honeypot is manufactured in a mode of recording the interaction process with the target website, the processes of crawling, code modification, configuration modification and the like of the to-be-simulated website do not need to be executed, the time consumption of honeypot manufacturing is reduced, and the generation efficiency of the low-interaction honeypot is improved.
According to an embodiment of the present application, acquiring response data corresponding to an access request from a target website includes:
responding to the access request, and generating the configuration information;
and acquiring the response data from the target website according to the configuration information.
According to one embodiment of the application, generating a target honeypot according to the honeypot file comprises the following steps:
determining that a playback request matched with the access request is received, and acquiring the configuration information from the honeypot file so as to load the response data according to the configuration information;
and determining that the response data is loaded normally, and generating a target honeypot according to the honeypot file.
According to an embodiment of the application, loading the response data according to the configuration information includes:
acquiring the response data according to the configuration information;
and after the original domain name of the response data is modified, loading the response data.
According to an embodiment of the present application, further comprising:
determining that the response data is abnormally loaded, and deleting the dynamic parameters in the configuration information;
updating the honeypot file according to the configuration information, the access request and the response data after the dynamic parameters are deleted;
wherein the dynamic parameter includes at least one of a timestamp, a website protocol of the target website, and a host of the target website.
According to an embodiment of the present application, further comprising:
determining that no access request corresponding to the playback request exists, marking the playback request as the access request, and executing the following steps:
acquiring the response data corresponding to the access request from the target website;
recording and storing the access request, the response data and the configuration information of the response data to acquire a honeypot file;
and generating a target honeypot according to the honeypot file.
According to an embodiment of the application, the configuration information comprises a URL address of the response data.
According to the honey pot making device of the second aspect embodiment of the application, the honey pot making device comprises:
the data acquisition module is used for acquiring response data corresponding to the access request from the target website;
the data storage module is used for recording and storing the access request, the response data and the configuration information generated by responding to the access request to acquire a honeypot file;
and the honeypot generation module is used for generating a target honeypot according to the honeypot file.
The electronic device according to the third aspect of the present application includes a processor and a memory storing a computer program, and the processor implements the honeypot making method according to any one of the above embodiments when executing the computer program.
The computer-readable storage medium according to the fourth aspect of the present application has a computer program stored thereon, and the computer program is used for implementing the honeypot making method according to any one of the above embodiments when being executed by a processor.
The computer program product according to an embodiment of the fifth aspect of the application comprises: the computer program, when executed by a processor, implements a method of honeypot fabrication as described in any of the embodiments above.
One or more technical solutions in the embodiments of the present application have at least one of the following technical effects:
the honeypot file is obtained by obtaining the response data corresponding to the access request from the target website and recording and storing the access request, the response data and the configuration information generated by responding to the access request, so that the target honeypot is generated according to the honeypot file, the honeypot is manufactured by recording the interaction process with the target website, the processes of crawling, code modification, configuration modification and the like of the to-be-simulated website do not need to be executed, the time consumption of honeypot manufacturing is reduced, and the generation efficiency of the low-interaction honeypot is improved.
Furthermore, when the target honeypot is generated, the configuration information is obtained from the honeypot file to load the response data according to the playback request matched with the access request, so that the recorded honeypot file is played back, and when the response data is determined to be loaded normally, the target honeypot is generated according to the honeypot file, so that the response data in the generated target honeypot can be loaded normally in the using process of the honeypot, and the trapping effect of the generated target honeypot is improved.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a honeypot manufacturing method provided in an embodiment of the present application;
FIG. 2 is a schematic view of an interaction flow of recording honeypots in the embodiment of the present application;
FIG. 3 is a flow diagram further detailing the generation of a target honeypot in the honeypot fabrication method of FIG. 1;
FIG. 4 is an interaction flow diagram of a recorded playback;
FIG. 5 is a schematic structural diagram of a honeypot manufacturing apparatus provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
To make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The honey pot manufacturing method, the honey pot manufacturing apparatus, the electronic device and the readable storage medium provided by the embodiments of the present application will be described and explained in detail through several specific embodiments.
In one embodiment, a honeypot manufacturing method is provided, and the method is applied to terminal equipment and used for manufacturing honeypots. The terminal device can be a desktop terminal, a portable terminal or a server, the portable terminal can be a notebook computer and the like, the server can be an independent server or a server cluster formed by a plurality of servers, and the terminal device can also be a cloud server for providing basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud functions, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, big data and artificial intelligent sampling point devices and the like.
As shown in fig. 1, the method for manufacturing a honeypot provided in this embodiment includes:
step 101, acquiring response data corresponding to an access request from a target website;
102, recording and storing the access request, the response data and the configuration information of the response data to acquire a honeypot file;
and 103, generating a target honeypot according to the honeypot file.
The honeypot file is obtained by obtaining the response data corresponding to the access request from the target website and recording and storing the access request, the response data and the configuration information generated by responding to the access request, so that the target honeypot is generated according to the honeypot file, the honeypot is manufactured by recording the interaction process with the target website, the processes of crawling, code modification, configuration modification and the like of the to-be-simulated website do not need to be executed, the time consumption of honeypot manufacturing is reduced, and the generation efficiency of the low-interaction honeypot is improved.
In an embodiment, the target website refers to a preset website that needs to be subjected to honeypot production, for example, gitlab. The method comprises the steps that a recording port needing to be monitored is pre-designated by terminal equipment, when an access request sent by a browser installed on the terminal equipment is obtained through the port, a URL address corresponding to the access request is forwarded to a target website, the target website responds to the access request, and a page corresponding to the URL address is obtained from the target website and serves as response data corresponding to the access request.
Specifically, the obtaining of the response data corresponding to the access request from the target website includes:
responding to the access request, and generating the configuration information;
and acquiring the response data from the target website according to the configuration information.
In an embodiment, when an access request sent by a browser installed in a terminal device is acquired through the port, the terminal device responds to the access request, generates configuration information including a URL address corresponding to the access request, and then forwards the configuration information to a target website, so as to acquire a page responding to the access request from the target website as response data corresponding to the access request.
For example, as shown in fig. 2, the terminal device sets a target website to gitlab. After acquiring the access request localhost through the port: 8000/login, generating the access request localhost: and (3) the URL address gitlab.cn/logic corresponding to 8000/logic, namely the URL address of login item login of the target website gitlab.cn, sending configuration information including the URL address to the target website, and feeding back login pages of gitlab.cn obtained from the target website as response data to the browser.
After the response data corresponding to any one access request is obtained, the access request, the response data corresponding to the access request and the configuration information of the response data can be recorded and stored, and the honeypot file can be obtained. The configuration information includes, in addition to the URL address corresponding to the access request, that is, the URL address of the response data, dynamic parameters generated when the access request is responded to, where the dynamic parameters include a timestamp of the access request, a website protocol and a host of the target website, and the like. And because the honeypot file comprises the configuration information generated by responding to the access request, the honeypot file obtained after recording can be directly used without starting configuration.
After the honeypot file is obtained, the generated honeypot file can be packaged into a compressed package, and then the compressed package is uploaded to a honeypot platform according to a format required by the honeypot platform, so that the compressed package can be converted into a low-interaction target honeypot on the honeypot platform for direct use.
In order to improve the trapping effect of the generated target honeypots when generating the target honeypots, in one embodiment, as shown in fig. 3, the generating the target honeypots according to the honeypot files includes:
step 201, determining that a playback request matched with the access request is received, acquiring the configuration information from the honeypot file, and loading the response data according to the configuration information;
step 202, determining that the response data is loaded normally, and generating a target honeypot according to the honeypot file.
In an embodiment, after acquiring the honeypot file, the recording playback stage is entered, and at this time, the terminal device may receive a playback request sent by the browser through the monitoring playback port, and match configuration information generated in response to the playback request with configuration information corresponding to the access request in the honeypot file. If the configuration information in the honeypot file is matched with the configuration information corresponding to the playback request, it means that the playback request matched with the access request is determined to be received, and at this time, response data can be obtained from the honeypot file according to the configuration information in the honeypot file and fed back to the browser for loading.
For example, as shown in fig. 4, it is assumed that the playback port monitored by the terminal device is port 10000, and the access request in the honeypot file is localhost:8000/login, configuration information includes login address gitlab.cn/login of target website, response data is login page gitlab.cn. At this time, when a playback request localhost is received from the browser through the port 10000: 10000/login, the playback request localhost is: 10000/login, configuration information generated correspondingly, and access request localhost: and matching configuration information corresponding to 8000/login. If the playback request localhost: 10000/logic correspondingly generated configuration information comprises a login address gitlab. Cn/logic, then a playback request localhost:10000/login corresponding configuration information, and access request localhost:8000/login are matched, at this time, it can be determined that the playback request is matched with the access request. After the playback request is matched with the access request, the login page of the gitlab.cn can be obtained from the honeypot file as response data according to the login address gitlab.cn/login, and the response data are fed back to the browser.
And after the response data are fed back to the browser, loading the response data. In order to improve the reliability of the manufactured honeypots when the response data is loaded, in an embodiment, loading the response data according to the configuration information includes:
acquiring the response data according to the configuration information;
and after the original domain name of the response data is modified, loading the response data.
In an embodiment, when the response data is loaded, the response data can be acquired from the honeypot file according to the configuration information corresponding to the access request. After the response data is obtained, the original domain name of the response data, namely the URL address of the response data, is searched in the configuration information corresponding to the access request. And then, after the original domain name of the response data is hidden by modifying the searched original domain name, if the searched original domain name is replaced by null, loading the response data in the browser. In this way, the response data does not expose its original domain name when loaded, thereby improving the credibility of the fabricated honeypots.
After the response data are loaded through the browser, if the response data can be normally displayed in the browser, the response data are normally loaded. And judging whether the response data can be normally displayed in the browser or not, wherein the judgment of whether the response data can be normally displayed or not can be judged by carrying out image detection on the loaded response data.
Illustratively, the response data is a certain page of the target website, and if it is detected through image detection that the display result of the loaded page in the browser is consistent with the display result during recording, or the format of the page is correct and the content of the page can be completely loaded, it indicates that the response data is normally loaded. After the response data are determined to be normal, the honeypot file with the response data loaded normally can be packed into a compressed packet, and then the compressed packet is uploaded to the honeypot platform according to the format required by the honeypot platform, so that the target honeypot is completely manufactured.
When the target honeypots are generated, the configuration information is obtained from the honeypot files to load the response data according to the playback requests matched with the access requests, so that the recorded honeypot files are played back, and when the response data are determined to be loaded normally, the target honeypots are generated according to the honeypot files, so that the response data in the generated target honeypots can be loaded normally in the using process of the honeypots, and the trapping effect of the generated target honeypots is improved.
In one embodiment, the method further comprises:
determining that the response data is abnormally loaded, and deleting the dynamic parameters in the configuration information;
updating the honeypot file according to the configuration information, the access request and the response data after the dynamic parameters are deleted;
wherein the dynamic parameter includes at least one of a timestamp, a website protocol of the target website, and a host of the target website.
In an embodiment, after the response data is loaded through the browser, if the response data cannot be normally displayed in the browser, for example, a picture loading failure, a page format error, and the like in the response data, it is determined that the response data is abnormally loaded. And by comparing the configuration information of the matched playback request with the configuration information of the access request, the two requests are found to have different dynamic parameters, for example, the timestamp of the access request is different from the timestamp of the playback request, and it can be determined that the response data loading exception is caused by the influence of the dynamic parameters. Therefore, when the loading of the response data is abnormal, the dynamic parameters of the access request, such as the timestamp of the access request, can be deleted from the configuration information of the access request. And then, according to the configuration information of the access request after the dynamic parameters are deleted, response data are obtained to be loaded, so that the loaded response data are not influenced by the dynamic parameters, and the response data can be normally loaded.
After the dynamic parameters of the configuration information are deleted, if the response data can be loaded normally, the original configuration information in the honeypot file can be replaced by the configuration information with the deleted dynamic parameters to update the honeypot file, so that the target honeypot can be generated according to the updated honeypot file during the subsequent honeypot generation.
In an embodiment, if the configuration information in the honeypot file does not match the configuration information corresponding to the playback request, it indicates that there is no access request corresponding to the playback request, at this time, the playback request may be marked as an access request, and the process returns to the honeypot recording stage, and the steps 101 to 103 are executed again to generate a new honeypot according to the playback request.
The following describes a honeypot manufacturing apparatus provided in the present application, and the honeypot manufacturing apparatus described below and the honeypot manufacturing method described above may be referred to in correspondence with each other.
In one embodiment, as shown in fig. 5, there is provided a honeypot fabrication apparatus including:
a data obtaining module 210, configured to obtain response data corresponding to the access request from the target website;
the data storage module 220 is configured to record and store the access request, the response data, and configuration information generated in response to the access request, and acquire a honeypot file;
and a honeypot generation module 230, configured to generate a target honeypot according to the honeypot file.
Response data corresponding to the access request are obtained from the target website, the access request, the response data and configuration information generated by responding to the access request are recorded and stored to obtain the honeypot file, and the target honeypot is generated according to the honeypot file, so that the honeypot is manufactured in a mode of recording an interaction process with the target website, processes of crawling, code modification, configuration modification and the like of the to-be-simulated website do not need to be executed, time consumption of honeypot manufacturing is reduced, and generation efficiency of the low-interaction honeypot is improved.
In an embodiment, the data obtaining module 210 is specifically configured to:
responding to the access request, and generating the configuration information;
and acquiring the response data from the target website according to the configuration information.
In an embodiment, the honeypot generation module 230 is specifically configured to:
determining that a playback request matched with the access request is received, and acquiring the configuration information from the honeypot file so as to load the response data according to the configuration information;
and determining that the response data is loaded normally, and generating a target honeypot according to the honeypot file.
In an embodiment, the honeypot generation module 230 is specifically configured to:
acquiring the response data according to the configuration information;
and after the original domain name of the response data is modified, loading the response data.
In an embodiment, the honeypot generation module 230 is specifically configured to:
determining that the response data is abnormally loaded, and deleting the dynamic parameters in the configuration information;
updating the honeypot file according to the configuration information, the access request and the response data after the dynamic parameters are deleted;
wherein the dynamic parameter includes at least one of a timestamp, a website protocol of the target website, and a host of the target website.
In an embodiment, the honeypot generation module 230 is further configured to:
determining that no access request corresponding to the playback request exists, and marking the playback request as the access request to execute the following steps:
acquiring the response data corresponding to the access request from the target website;
recording and storing the access request, the response data and the configuration information of the response data to acquire a honeypot file;
and generating a target honeypot according to the honeypot file.
In an embodiment, the configuration information comprises a URL address of the response data.
Fig. 6 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 6: a processor (processor) 810, a Communication Interface 820, a memory 830 and a Communication bus 840, wherein the processor 810, the Communication Interface 820 and the memory 830 communicate with each other via the Communication bus 840. The processor 810 may invoke the computer program in the memory 830 to perform a honeypot fabrication method, including, for example:
acquiring response data corresponding to the access request from the target website;
recording and storing the access request, the response data and configuration information generated by responding to the access request to acquire a honeypot file;
and generating a target honeypot according to the honeypot file.
In addition, the logic instructions in the memory 830 can be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
In another aspect, an embodiment of the present application further provides a storage medium, where the storage medium includes a computer program, where the computer program may be stored on a non-transitory computer-readable storage medium, and when the computer program is executed by a processor, the computer is capable of executing the honeypot making method provided in the foregoing embodiments, for example, including:
acquiring response data corresponding to the access request from the target website;
recording and storing the access request, the response data and the configuration information generated by responding to the access request to acquire a honeypot file;
and generating a target honeypot according to the honeypot file.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A honeypot manufacturing method is characterized by comprising the following steps:
acquiring response data corresponding to the access request from the target website;
recording and storing the access request, the response data and configuration information generated by responding to the access request to acquire a honeypot file;
and generating a target honeypot according to the honeypot file.
2. The honey pot making method according to claim 1, wherein the step of obtaining response data corresponding to the access request from the target website comprises:
responding to the access request, and generating the configuration information;
and acquiring the response data from the target website according to the configuration information.
3. The honeypot production method of claim 1 or 2, wherein generating a target honeypot according to the honeypot file comprises:
determining that a playback request matched with the access request is received, and acquiring the configuration information from the honeypot file so as to load the response data according to the configuration information;
and determining that the response data is loaded normally, and generating a target honeypot according to the honeypot file.
4. The honeypot fabrication method of claim 3, wherein loading the response data according to the configuration information comprises:
acquiring the response data according to the configuration information;
and after the original domain name of the response data is modified, loading the response data.
5. The honeypot fabrication method of claim 4, further comprising:
determining that the response data is abnormally loaded, and deleting the dynamic parameters in the configuration information;
updating the honeypot file according to the configuration information, the access request and the response data after the dynamic parameters are deleted;
wherein the dynamic parameter includes at least one of a timestamp, a website protocol of the target website, and a host of the target website.
6. The honeypot fabrication method of claim 3, further comprising:
determining that no access request corresponding to the playback request exists, marking the playback request as the access request, and executing the following steps:
acquiring the response data corresponding to the access request from the target website;
recording and storing the access request, the response data and the configuration information of the response data to acquire a honeypot file;
and generating a target honeypot according to the honeypot file.
7. A honeypot production method as claimed in claim 1 wherein the configuration information comprises a URL address of the response data.
8. A honeypot manufacturing device is characterized by comprising:
the data acquisition module is used for acquiring response data corresponding to the access request from the target website;
the data storage module is used for recording and storing the access request, the response data and the configuration information generated by responding to the access request to acquire the honeypot file;
and the honeypot generation module is used for generating a target honeypot according to the honeypot file.
9. An electronic device comprising a processor and a memory storing a computer program, characterized in that the processor, when executing the computer program, implements the honeypot fabrication method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the honeypot fabrication method of any one of claims 1 to 7.
CN202211645282.1A 2022-12-21 2022-12-21 Honeypot manufacturing method, honeypot manufacturing device, electronic equipment and readable storage medium Active CN115632885B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211645282.1A CN115632885B (en) 2022-12-21 2022-12-21 Honeypot manufacturing method, honeypot manufacturing device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211645282.1A CN115632885B (en) 2022-12-21 2022-12-21 Honeypot manufacturing method, honeypot manufacturing device, electronic equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN115632885A true CN115632885A (en) 2023-01-20
CN115632885B CN115632885B (en) 2023-04-21

Family

ID=84911099

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211645282.1A Active CN115632885B (en) 2022-12-21 2022-12-21 Honeypot manufacturing method, honeypot manufacturing device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN115632885B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10110629B1 (en) * 2016-03-24 2018-10-23 Amazon Technologies, Inc. Managed honeypot intrusion detection system
CN110035079A (en) * 2019-04-10 2019-07-19 阿里巴巴集团控股有限公司 A kind of honey jar generation method, device and equipment
CN112383520A (en) * 2020-11-02 2021-02-19 杭州安恒信息安全技术有限公司 Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment
CN112688932A (en) * 2020-12-21 2021-04-20 杭州迪普科技股份有限公司 Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium
CN113098835A (en) * 2020-01-08 2021-07-09 北京奇虎科技有限公司 Honeypot implementation method based on block chain, honeypot client and honeypot system
CN114024728A (en) * 2021-10-28 2022-02-08 杭州默安科技有限公司 Honeypot building method and application method
CN114157498A (en) * 2021-12-07 2022-03-08 上海交通大学 WEB high-interaction honeypot system based on artificial intelligence and attack prevention method
CN114928484A (en) * 2022-05-16 2022-08-19 上海斗象信息科技有限公司 Honeypot generation method and device, electronic equipment and storage medium
CN115499192A (en) * 2022-09-14 2022-12-20 杭州安恒信息技术股份有限公司 Web honeypot simulation method and device, computer equipment and readable storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10110629B1 (en) * 2016-03-24 2018-10-23 Amazon Technologies, Inc. Managed honeypot intrusion detection system
CN110035079A (en) * 2019-04-10 2019-07-19 阿里巴巴集团控股有限公司 A kind of honey jar generation method, device and equipment
CN113098835A (en) * 2020-01-08 2021-07-09 北京奇虎科技有限公司 Honeypot implementation method based on block chain, honeypot client and honeypot system
CN112383520A (en) * 2020-11-02 2021-02-19 杭州安恒信息安全技术有限公司 Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment
CN112688932A (en) * 2020-12-21 2021-04-20 杭州迪普科技股份有限公司 Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium
CN114024728A (en) * 2021-10-28 2022-02-08 杭州默安科技有限公司 Honeypot building method and application method
CN114157498A (en) * 2021-12-07 2022-03-08 上海交通大学 WEB high-interaction honeypot system based on artificial intelligence and attack prevention method
CN114928484A (en) * 2022-05-16 2022-08-19 上海斗象信息科技有限公司 Honeypot generation method and device, electronic equipment and storage medium
CN115499192A (en) * 2022-09-14 2022-12-20 杭州安恒信息技术股份有限公司 Web honeypot simulation method and device, computer equipment and readable storage medium

Also Published As

Publication number Publication date
CN115632885B (en) 2023-04-21

Similar Documents

Publication Publication Date Title
US11683330B2 (en) Network anomaly data detection method and device as well as computer equipment and storage medium
CN106302337B (en) Vulnerability detection method and device
US8949990B1 (en) Script-based XSS vulnerability detection
CN108667770B (en) Website vulnerability testing method, server and system
US10324896B2 (en) Method and apparatus for acquiring resource
CN111885007B (en) Information tracing method, device, system and storage medium
WO2019076014A1 (en) Webpage generation method and apparatus, terminal device and medium
US11637863B2 (en) Detection of user interface imitation
CN108156121B (en) Traffic hijacking monitoring method and device and traffic hijacking alarm method and device
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
CN105635064B (en) CSRF attack detection method and device
CN111404937B (en) Method and device for detecting server vulnerability
CN111371757B (en) Malicious communication detection method and device, computer equipment and storage medium
CN106878345A (en) A kind of method and device for distorting protection
US20210192563A1 (en) Webpage advertisement anti-blocking method, content delivery network, and client terminal
CN114244808B (en) Offline illegal external connection method and device based on passive inspection of non-client mode
CN114024728B (en) Honeypot building method and application method
CN114465741B (en) Abnormality detection method, abnormality detection device, computer equipment and storage medium
CN111181914B (en) Method, device and system for monitoring internal data security of local area network and server
CN115632885B (en) Honeypot manufacturing method, honeypot manufacturing device, electronic equipment and readable storage medium
CN114629875A (en) Active detection domain name brand protection method and device
WO2020206662A1 (en) Browser anti-hijacking method and device, electronic equipment and storage medium
CN112202763A (en) IDS strategy generation method, device, equipment and medium
JP2017168146A (en) Connection destination information determination device, connection destination information determination method, and program
CN111614652A (en) Crawler identification interception method, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant