CN115664786A - Automobile defense method, defense system, honeypot system and storage medium - Google Patents
Automobile defense method, defense system, honeypot system and storage medium Download PDFInfo
- Publication number
- CN115664786A CN115664786A CN202211299293.9A CN202211299293A CN115664786A CN 115664786 A CN115664786 A CN 115664786A CN 202211299293 A CN202211299293 A CN 202211299293A CN 115664786 A CN115664786 A CN 115664786A
- Authority
- CN
- China
- Prior art keywords
- attack
- vehicle
- information
- honeypot
- defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000007123 defense Effects 0.000 title claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 41
- 238000012544 monitoring process Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 230000001960 triggered effect Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 abstract description 19
- 238000004891 communication Methods 0.000 description 7
- 230000001360 synchronised effect Effects 0.000 description 5
- 235000012907 honey Nutrition 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000006855 networking Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000012466 permeate Substances 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method provided by the invention comprises the steps that an automobile defense method, a defense system, a honeypot system and a storage medium are provided, the honeypot system captures access flow entering a vehicle-mounted controller and collects flow information of the access flow; comparing the flow information with attack information in a preset attack database; if the comparison is successful, sending the attack information to a preset strategy database for comparison, otherwise, triggering manual processing; and comparing the attack information with a protection strategy in a preset strategy database, if the comparison is successful, issuing the corresponding protection strategy to the vehicle-mounted controller, otherwise, triggering manual processing. The invention can realize the detection of the automobile network security attack and the automatic updating of the protection strategy, and can also combine the existing intrusion detection and protection system to improve the network security of the intelligent networked automobile.
Description
Technical Field
The invention relates to the technical field of automobiles, in particular to an automobile defense method, a defense system, a honeypot system and a storage medium.
Background
Along with the rapid development of the intelligent networking automobile, the intelligentization and networking degree of the automobile is higher and higher, and the automobile becomes the genuine intelligent terminal equipment in the world of everything interconnection. Internet security threats such as network attack, trojan horse virus and personal privacy disclosure gradually permeate the field of automobiles, the intelligent networking automobile network security problem is increasingly prominent, and attack events are gradually increased year by year. These attacks may have serious consequences, which may result in theft of the vehicle and data leakage, in severe cases the driver may lose the control right of the vehicle, endanger the life safety of the driver, passengers and pedestrians, and even affect social safety and national safety.
In order to alleviate the security risk, it is necessary to detect the attack to the car in time and respond quickly, and the technology and products that are more mature at present have intrusion detection and protection systems. The intrusion detection and protection system mainly has the problems that 1, the automobile can be detected only after being attacked, and the unknown attacking behavior lacks effective detection capability; 2. since fully automated responsive prevention may bring uncertain risks to the vehicle, manual processing is usually required to assist in responsive prevention after intrusion is detected, and a large amount of human resources are required to be invested.
Disclosure of Invention
In view of the above, the present invention provides an automobile defense method, a defense system, a honeypot system and a storage medium, which can implement detection of automobile network security attacks and automatic updating of protection strategies, and can also improve network security of an intelligent networked automobile by using an existing intrusion detection and protection system in combination.
The invention provides an automobile defense method, which is applied to an intelligent networking automobile and comprises the following steps:
s100: capturing access flow entering the vehicle-mounted controller through the honeypot system, and collecting flow information of the access flow.
S200: comparing the flow information with attack information in a preset attack database; if the comparison is successful, the step S300 is entered, otherwise, manual processing is triggered.
S300: comparing the attack information with a protection strategy in a preset strategy database, if the attack information is successfully compared with the protection strategy, issuing the corresponding protection strategy to the vehicle-mounted controller, and protecting the vehicle-mounted controller according to the protection strategy; otherwise, manual processing is triggered.
In the technical scheme, the honey pot system can be used for luring an attacker to attack the host, the network service or the information serving as bait so as to capture and analyze the attack behavior, the honey pot system is arranged to monitor the access flow entering or flowing out of the vehicle-mounted controller in real time, and if the access flow outside the honey pot system is detected, the access flow is captured, so that the access flow can be effectively detected, and the honey pot system deployment of the intelligent internet automobile is realized; by arranging the attack event processing module and the protection strategy management module, the detection of the automobile network security attack and the automatic updating of the protection strategy can be realized, and the existing intrusion detection and protection system can also be used in combination to improve the network security of the intelligent networked automobile.
Further, the step S100 specifically includes:
s101: the honeypot system monitors access flow entering or flowing out of the vehicle-mounted controller in real time; and if the access flow outside the honeypot system is detected, capturing the access flow, and entering S102, otherwise, continuing monitoring.
S102: collecting traffic information of the access traffic; the traffic information at least includes: the IP address, port and the tool carried of the access traffic.
In the technical scheme, the honeypot system does not execute an actual service function, except that the access flow is sent to the service system, other network communication flows do not exist, and therefore the attack can be captured by monitoring communication data. When other incoming or outgoing communication data than the attack information transmission is found, it can be determined as an attack.
Further, the attack database at least comprises: probing and scanning, monitoring, denial of service, and any one or more of attack information of malicious programs.
Further, the policy database includes at least: any one or more of a probing and scanning policy, a listening policy, a denial of service policy, and a malicious program policy.
In the technical scheme, the attack event processing module and the protection strategy management module are arranged, so that the method is suitable for the characteristics of the automobile industry, can realize the detection of automobile network security attack and automatically update the protection strategy, and can also be combined with the existing intrusion detection and protection system to improve the network security of the intelligent internet automobile; compared with the existing processing mode, the network security of the automobile is improved, the processing efficiency is improved, and the personnel cost is reduced.
As another preferred aspect, the present invention also provides a defense system for a vehicle, the defense system including at least:
the system comprises a honeypot system and a service system which are arranged in a vehicle-mounted controller, and an attack event processing module and a protection strategy management module which are arranged in a server.
The honeypot system is used for capturing access flow entering the vehicle-mounted controller, collecting flow information of the access flow and sending the flow information to the service system.
And the service system is used for sending the flow information to an attack event processing module.
The attack event processing module is used for comparing the flow information with attack information in a preset attack database; and if the comparison is successful, sending the attack information to a protection strategy management module, otherwise, triggering manual processing.
And the protection strategy management module is used for comparing the attack information with a protection strategy in a preset strategy database, if the comparison is successful, the preset protection strategy is issued to the vehicle-mounted controller, and otherwise, manual processing is triggered.
Further, the architecture of the honeypot system and the business system includes: the system comprises an operating system, a driving layer, a hardware abstraction layer, a framework layer and an application layer; the honeypot system further comprises honeypot software arranged on the application layer of the honeypot system in an embedded mode.
Further, the operating system includes at least: process management, storage management, device management, file management, and user interface.
Further, the framework layer is connected with the application layer through an application program interface.
As another preferred mode, the invention further provides a honeypot system, which is arranged in any one vehicle-mounted controller, and the honeypot system is used for capturing access flow entering the vehicle-mounted controller, and the access flow adopts the vehicle defense method through a defense system so as to realize defense on the vehicle.
As another preference, the present invention also provides a storage medium located in any control unit, the storage medium comprising a computer program executable by a processor, the computer program being configured to perform the method for defending a vehicle as described above.
Compared with the prior art, the invention has the beneficial effects that:
the honeypot system is arranged to monitor access flow entering or flowing out of the vehicle-mounted controller in real time, if the access flow outside the honeypot system is detected, the access flow is captured, the access flow can be effectively detected, and honeypot system deployment of the intelligent networked automobile is realized; by arranging the attack event processing module and the protection strategy management module, the method is suitable for the characteristics of the automobile industry, can realize the detection of automobile network security attack and automatically update the protection strategy, and can also combine the existing intrusion detection and protection system to improve the network security of the intelligent networked automobile; compared with the existing processing mode, the network security of the automobile is improved, the processing efficiency is improved, and the personnel cost is reduced.
Drawings
FIG. 1 is a flow chart of a method for defending a vehicle according to the present invention.
FIG. 2 is a process diagram of the modules of the present invention.
FIG. 3 is a schematic diagram of the defense system of the present invention.
Fig. 4 is a schematic diagram of a service system of the present invention.
Detailed Description
To facilitate an understanding of the invention, the invention will now be described more fully hereinafter with reference to the accompanying drawings. Preferred embodiments of the present invention are shown in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.
Referring to fig. 1 to 2, the present invention provides a method for defending a vehicle, which is applied to an intelligent networked vehicle, the method including:
s100: capturing access flow entering the vehicle-mounted controller through the honeypot system, and collecting flow information of the access flow.
S200: comparing the flow information with attack information in a preset attack database; if the comparison is successful, the step S300 is entered, otherwise, manual processing is triggered.
S300: comparing the attack information with a protection strategy in a preset strategy database, if the comparison is successful, issuing a corresponding protection strategy to the vehicle-mounted controller, and protecting the vehicle-mounted controller according to the protection strategy; otherwise, manual processing is triggered.
In the scheme, the honeypot system monitors access flow entering or flowing out of the vehicle-mounted controller in real time, and captures the access flow if access flow outside the honeypot system is detected, so that the access flow can be effectively detected, and the honeypot system deployment of the intelligent internet automobile is realized; by arranging the attack event processing module and the protection strategy management module, the detection of the automobile network security attack and the automatic updating of the protection strategy can be realized, and the existing intrusion detection and protection system can also be used in combination to improve the network security of the intelligent networked automobile.
The honeypot system and the service system are deployed in any vehicle-mounted controller, an attack event processing module and a protection policy management module are constructed in a cloud server, and referring to fig. 2, the honeypot system is used for capturing access flow entering the vehicle-mounted controller, collecting flow information of the access flow and sending the flow information to the service system; the service system is used for sending the flow information to the attack event processing module; and the attack event processing module is used for analyzing the attack event, protecting the strategy management module and updating the protection strategy.
In this embodiment, the step S100 specifically includes:
s101: the honeypot system monitors access flow entering or flowing out of the vehicle-mounted controller in real time; and if the access flow outside the honeypot system is detected, capturing the access flow, and entering S102, otherwise, continuing monitoring.
S102: collecting traffic information of the access traffic; the traffic information at least includes: the IP address, port and tool carried of the access traffic.
In the specific implementation process, the honeypot system does not execute the actual service function, except that the access flow is sent to the service system, other network communication flows do not exist, and therefore the attack can be captured by monitoring communication data. When other incoming or outgoing communication data than the attack information transmission is found, it can be determined as an attack.
In this embodiment, the attack database at least includes: probing and scanning, monitoring, denial of service, and any one or more of attack information of malicious programs.
In this embodiment, the policy database at least includes: any one or more of a probing and scanning policy, a listening policy, a denial of service policy, and a malicious program policy.
Taking the denial of service policy as an example, the following is a common protection policy for denial of service attacks:
ICMP (Internet Control Message Protocol) flood attack: intercepting all ICMP data packets; the ICMP protocol is not typically required in an onboard controller.
UDP (User Datagram Protocol) flood attack: a threshold is set for packets of UDP traffic (e.g., only 150 UDP packets per minute are allowed to pass), and UDP packets are intercepted after the threshold is exceeded.
SYN (synchronous) flood attacks: a threshold is set for SYN type packets (e.g., only 30 SYN packets are allowed to pass through per minute), and SYN packets are intercepted after the threshold is exceeded.
Death Ping (Ping of death) attack: IP (Internet Protocol) packets larger than 65535 bytes are intercepted.
Smurf attack: intercepting an ICMP response request data packet of which the destination address of the output data packet is the broadcast address of the local network.
Tear drop (Teardrop) attack: and intercepting the ill-conditioned fragmented data packet of the UDP.
IP fragmentation Attack (Fragmented IP attach): packets of fragmented traffic are rejected.
Malformed IP packet Attack (Malformed IP attach): and intercepting the data packet with the IP option field length exceeding 38 bytes.
Scanning attack: a threshold for packets that can be passed per minute is set (e.g., only 50 packets per minute for TCP (Transmission Control Protocol) and 150 packets per minute for UDP). And intercepting a data packet of the IP address when the same IP address performs port polling on the vehicle-mounted controller and exceeds the set threshold value, so as to prevent the IP address from continuously accessing the vehicle-mounted controller.
In the specific implementation process, the attack event processing module and the protection strategy management module are arranged, so that the method is suitable for the characteristics of the automobile industry, can realize the detection of automobile network security attack and the automatic updating of the protection strategy, and can also be combined with the existing intrusion detection and protection system to improve the network security of the intelligent networked automobile; compared with the existing processing mode, the network security of the automobile is improved, the processing efficiency is improved, and the personnel cost is reduced.
Referring to fig. 3, as another preferred embodiment, the present invention further provides a defense system for a vehicle, the defense system at least includes:
the system comprises a honeypot system and a service system which are arranged in a vehicle-mounted controller, and an attack event processing module and a protection strategy management module which are arranged in a server.
The honeypot system is used for capturing access flow entering the vehicle-mounted controller, collecting flow information of the access flow and sending the flow information to the service system.
And the service system is used for sending the flow information to an attack event processing module.
The attack event processing module is used for comparing the flow information with attack information in a preset attack database; and if the comparison is successful, sending the attack information to a protection strategy management module, otherwise, triggering manual processing.
And the protection strategy management module is used for comparing the attack information with a protection strategy in a preset strategy database, if the comparison is successful, the preset protection strategy is issued to the vehicle-mounted controller, and otherwise, manual processing is triggered.
Referring to fig. 4, in the present embodiment, the architecture of the honeypot system and the business system includes: the system comprises an operating system, a driving layer, a hardware abstraction layer, a framework layer and an application layer; the honeypot system also comprises honeypot software which is embedded and arranged at an application layer of the honeypot system.
In this embodiment, the operating system at least includes: process management, storage management, device management, file management, and user interface.
In this embodiment, the framework layer and the application layer are connected through an application program interface.
The operating system controls and manages system software and hardware resources, and carries out scheduling work on various resource plates of the computer system, wherein the scheduling work comprises functions of process management, storage management, equipment management, file management, user interface and the like; the driver layer is a program allowing the interaction between the upper layer software and the hardware, and provides an interface for the communication between the hardware and the hardware or between the hardware and the software, so that the software and the hardware form a connection mechanism, and the data exchange on the hardware equipment becomes possible; the hardware abstraction layer abstracts the hardware, hides the hardware interface details of a specific platform, provides a virtual hardware platform for the system, enables the system to have hardware independence and can be transplanted on various platforms; the framework layer provides an API (application program interface) framework used by an application program and provides various interface APIs (including various components and services) for the application layer; the application layer includes various application programs, and implements various user functions.
It should be understood that, at present, complex vehicle-mounted controllers include a vehicle-mounted information interaction system, a vehicle-mounted infotainment system, an automatic driving controller and the like, and these vehicle-mounted controllers generally adopt a virtualization technology, and a plurality of virtual machines exist in the system to process different services; deploying a virtual machine which is the same as the service system and is used as a honeypot system; the controller may be deployed in a single controller or in multiple controllers within a vehicle.
The honeypot system independently uses one virtual machine, the virtual machine of the honeypot system and the service system use the same architecture, one system in the service system can be copied, and then honeypot software is deployed on an application layer in the system; the honeypot system does not affect the service function, and sends the relevant information to the service system after detecting the attack.
The invention further provides a honeypot system which is arranged in any vehicle-mounted controller and is used for capturing access flow entering the vehicle-mounted controller, wherein the access flow adopts the vehicle defense method through a defense system so as to realize defense on the vehicle.
As another preference, the present invention also provides a storage medium located in any control unit, the storage medium comprising a computer program executable by a processor, the computer program being configured to perform the method for defending a vehicle as described above.
Compared with the prior art, the invention has the beneficial effects that:
the honeypot system is arranged to monitor access flow entering or flowing out of the vehicle-mounted controller in real time, if the access flow outside the honeypot system is detected, the access flow is captured, the access flow can be effectively detected, and honeypot system deployment of the intelligent networked automobile is realized; by arranging the attack event processing module and the protection strategy management module, the method is suitable for the characteristics of the automobile industry, can realize the detection of automobile network security attack and automatically update the protection strategy, and can also combine the existing intrusion detection and protection system to improve the network security of the intelligent networked automobile; compared with the existing processing mode, the network security of the automobile is improved, the processing efficiency is improved, and the personnel cost is reduced.
Although the illustrative embodiments have been described herein with reference to the accompanying drawings, it is to be understood that the foregoing illustrative embodiments are merely exemplary and are not intended to limit the scope of the invention thereto. Various changes and modifications may be effected therein by one of ordinary skill in the pertinent art without departing from the scope or spirit of the present invention. All such changes and modifications are intended to be included within the scope of the present invention as set forth in the appended claims.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The various system and method embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some of the modules according to embodiments of the present invention. The present invention can also be embodied as system programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of functions is merely a logical division, and other divisions may be realized in practice, for example, multiple tools or components may be combined or integrated into another system, or some features may be omitted, or not executed.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
While the invention has been described in conjunction with the specific embodiments set forth above, it is evident that many alternatives, modifications, and variations will be apparent to those skilled in the art in light of the foregoing description. Accordingly, it is intended to embrace all such alternatives, modifications, and variations that fall within the spirit and broad scope of the appended claims.
Claims (10)
1. A method for defending a vehicle is applied to an intelligent networked vehicle, and comprises the following steps:
s100: capturing access flow entering a vehicle-mounted controller through a honeypot system, and collecting flow information of the access flow;
s200: comparing the flow information with attack information in a preset attack database; if the comparison is successful, S300 is entered, otherwise, manual processing is triggered;
s300: comparing the attack information with a protection strategy in a preset strategy database, if the attack information is successfully compared with the protection strategy, issuing the corresponding protection strategy to the vehicle-mounted controller, and protecting the vehicle-mounted controller according to the protection strategy; otherwise, triggering manual processing.
2. The automobile defense method according to claim 1, wherein the step S100 specifically includes:
s101: the honeypot system monitors access flow entering or flowing out of the vehicle-mounted controller in real time; if the access flow outside the honeypot system is detected, capturing the access flow, and entering S102, otherwise, continuously monitoring;
s102: collecting traffic information of the access traffic; the traffic information at least comprises: the IP address, port and tool carried of the access traffic.
3. The method of claim 2, wherein the attack database comprises at least: probing and scanning, monitoring, denial of service, and malicious programs.
4. The method of claim 3, wherein the policy database comprises at least: any one or more of a probing and scanning policy, a listening policy, a denial of service policy, and a malicious program policy.
5. A defence system using the method of any one of claims 1 to 4, characterised in that it comprises at least:
the system comprises a honeypot system and a service system which are arranged in a vehicle-mounted controller, and an attack event processing module and a protection strategy management module which are arranged in a server;
the honeypot system is used for capturing access flow entering the vehicle-mounted controller, collecting flow information of the access flow and sending the flow information to the service system;
the service system is used for sending the flow information to an attack event processing module;
the attack event processing module is used for comparing the flow information with attack information in a preset attack database; if the comparison is successful, sending the attack information to a protection strategy management module, otherwise, triggering manual processing;
the protection strategy management module is used for comparing the attack information with protection strategies in a preset strategy database, if the comparison is successful, the preset protection strategies are issued to the vehicle-mounted controller, and otherwise, manual processing is triggered.
6. The defence system of claim 5 wherein the architecture of the honeypot system and the business system each includes: the system comprises an operating system, a driving layer, a hardware abstraction layer, a framework layer and an application layer; the honeypot system also comprises honeypot software which is embedded and arranged at an application layer of the honeypot system.
7. The defense system of claim 6, wherein the operating system comprises at least: process management, storage management, device management, file management, and user interface.
8. The defense system of claim 7, wherein the framework layer and the application layer are connected through an application program interface.
9. A honeypot system provided in any on-board controller, wherein the honeypot system is used for capturing access traffic entering the on-board controller, and the access traffic is subjected to the defense method of any one of claims 1-4 through a defense system so as to realize defense for the automobile.
10. A storage medium at any control unit, characterized in that the storage medium comprises a computer program executable by a processor for performing the method of car defense according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211299293.9A CN115664786A (en) | 2022-10-24 | 2022-10-24 | Automobile defense method, defense system, honeypot system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211299293.9A CN115664786A (en) | 2022-10-24 | 2022-10-24 | Automobile defense method, defense system, honeypot system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115664786A true CN115664786A (en) | 2023-01-31 |
Family
ID=84989035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211299293.9A Pending CN115664786A (en) | 2022-10-24 | 2022-10-24 | Automobile defense method, defense system, honeypot system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115664786A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20110068308A (en) * | 2009-12-16 | 2011-06-22 | 한전케이디엔주식회사 | System and method for network attack detection and analysis |
| EP3057283A1 (en) * | 2015-02-16 | 2016-08-17 | Alcatel Lucent | A method for mitigating a security breach, a system, a virtual honeypot and a computer program product |
| US9602536B1 (en) * | 2014-12-04 | 2017-03-21 | Amazon Technologies, Inc. | Virtualized network honeypots |
| CN109995716A (en) * | 2017-12-29 | 2019-07-09 | 北京安天网络安全技术有限公司 | Behavior exciting method and device based on high interaction honey pot system |
| CN112910907A (en) * | 2021-02-07 | 2021-06-04 | 深信服科技股份有限公司 | Defense method, device, client, server, storage medium and system |
| CN114143099A (en) * | 2021-12-03 | 2022-03-04 | 中国电信集团系统集成有限责任公司 | Network security policy self-checking attack and defense test method and device |
| CN114944961A (en) * | 2022-07-01 | 2022-08-26 | 广东瑞普科技股份有限公司 | Network security protection method, device and system and electronic equipment |
-
2022
- 2022-10-24 CN CN202211299293.9A patent/CN115664786A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20110068308A (en) * | 2009-12-16 | 2011-06-22 | 한전케이디엔주식회사 | System and method for network attack detection and analysis |
| US9602536B1 (en) * | 2014-12-04 | 2017-03-21 | Amazon Technologies, Inc. | Virtualized network honeypots |
| EP3057283A1 (en) * | 2015-02-16 | 2016-08-17 | Alcatel Lucent | A method for mitigating a security breach, a system, a virtual honeypot and a computer program product |
| CN109995716A (en) * | 2017-12-29 | 2019-07-09 | 北京安天网络安全技术有限公司 | Behavior exciting method and device based on high interaction honey pot system |
| CN112910907A (en) * | 2021-02-07 | 2021-06-04 | 深信服科技股份有限公司 | Defense method, device, client, server, storage medium and system |
| CN114143099A (en) * | 2021-12-03 | 2022-03-04 | 中国电信集团系统集成有限责任公司 | Network security policy self-checking attack and defense test method and device |
| CN114944961A (en) * | 2022-07-01 | 2022-08-26 | 广东瑞普科技股份有限公司 | Network security protection method, device and system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110445770B (en) | Network attack source positioning and protecting method, electronic equipment and computer storage medium | |
| CN108063765B (en) | SDN system suitable for solving network security | |
| CN110495138B (en) | Industrial control system and monitoring method for network security thereof | |
| KR100609170B1 (en) | system of network security and working method thereof | |
| JP4196989B2 (en) | Method and system for preventing virus infection | |
| KR100908404B1 (en) | System and method for protecting from distributed denial of service | |
| CN108289088A (en) | Abnormal traffic detection system and method based on business model | |
| US20070011741A1 (en) | System and method for detecting abnormal traffic based on early notification | |
| JP2003527793A (en) | Method for automatic intrusion detection and deflection in a network | |
| EP1911241B1 (en) | Method for defending against denial of service attacks in ip networks by target victim self-identification and control | |
| CN110572412A (en) | Firewall based on intrusion detection system feedback in cloud environment and implementation method thereof | |
| CN101136922A (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
| CN101064597B (en) | Network security device and method for processing packet data using the same | |
| CN111641591B (en) | Cloud service security defense method, device, equipment and medium | |
| CN111970300A (en) | Network intrusion prevention system based on behavior inspection | |
| EP1804446B1 (en) | Denial-of-service attack protecting system, method, and program | |
| CN113691550A (en) | Behavior prediction system of network attack knowledge graph | |
| US20200213355A1 (en) | Security Network Interface Controller (SNIC) Preprocessor with Cyber Data Threat Detection and Response Capability that Provides Security Protection for a Network Device with Memory or Client Device with Memory or Telecommunication Device with Memory | |
| KR20110028106A (en) | Apparatus for controlling distribute denial of service attack traffic based on source ip history and method thereof | |
| CN106209867B (en) | Advanced threat defense method and system | |
| KR100733830B1 (en) | DDoS Detection and Packet Filtering Scheme | |
| CN112671781A (en) | RASP-based firewall system | |
| CN115664786A (en) | Automobile defense method, defense system, honeypot system and storage medium | |
| WO2021181391A1 (en) | System and method for finding, tracking, and capturing a cyber-attacker | |
| CN113518067A (en) | Security analysis method based on original message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |