TW201717088A - 動態蜜罐系統 - Google Patents

動態蜜罐系統 Download PDF

Info

Publication number
TW201717088A
TW201717088A TW105132994A TW105132994A TW201717088A TW 201717088 A TW201717088 A TW 201717088A TW 105132994 A TW105132994 A TW 105132994A TW 105132994 A TW105132994 A TW 105132994A TW 201717088 A TW201717088 A TW 201717088A
Authority
TW
Taiwan
Prior art keywords
processor
computing device
application
target application
malicious
Prior art date
Application number
TW105132994A
Other languages
English (en)
Chinese (zh)
Inventor
席也阿里 阿哈馬札迪
那依姆 伊斯萊
祕海 克里斯多朵瑞庫
拉嘉爾許 庫伯塔
紹米特拉莫漢 達斯
Original Assignee
高通公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 高通公司 filed Critical 高通公司
Publication of TW201717088A publication Critical patent/TW201717088A/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
TW105132994A 2015-11-09 2016-10-13 動態蜜罐系統 TW201717088A (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14/935,522 US20170134405A1 (en) 2015-11-09 2015-11-09 Dynamic Honeypot System

Publications (1)

Publication Number Publication Date
TW201717088A true TW201717088A (zh) 2017-05-16

Family

ID=57218995

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105132994A TW201717088A (zh) 2015-11-09 2016-10-13 動態蜜罐系統

Country Status (8)

Country Link
US (1) US20170134405A1 (enExample)
EP (1) EP3375159B1 (enExample)
JP (1) JP2018536932A (enExample)
KR (1) KR20180080227A (enExample)
CN (1) CN108353078A (enExample)
BR (1) BR112018009375A8 (enExample)
TW (1) TW201717088A (enExample)
WO (1) WO2017083043A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI740507B (zh) * 2019-09-27 2021-09-21 大陸商支付寶(杭州)信息技術有限公司 用戶購票行為檢測方法以及裝置

Families Citing this family (76)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9710648B2 (en) 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US9602536B1 (en) 2014-12-04 2017-03-21 Amazon Technologies, Inc. Virtualized network honeypots
US10178195B2 (en) * 2015-12-04 2019-01-08 Cloudflare, Inc. Origin server protection notification
US10135867B2 (en) * 2015-12-08 2018-11-20 Bank Of America Corporation Dynamically updated computing environments for detecting and capturing unauthorized computer activities
US20170228540A1 (en) * 2016-02-09 2017-08-10 Appdome Ltd. Method and a system for detecting malicious code activity by generating software traps per application
GB201603118D0 (en) * 2016-02-23 2016-04-06 Eitc Holdings Ltd Reactive and pre-emptive security system based on choice theory
US10419472B2 (en) * 2016-03-18 2019-09-17 AO Kaspersky Lab System and method for repairing vulnerabilities of devices connected to a data network
US10528734B2 (en) * 2016-03-25 2020-01-07 The Mitre Corporation System and method for vetting mobile phone software applications
US10326796B1 (en) * 2016-04-26 2019-06-18 Acalvio Technologies, Inc. Dynamic security mechanisms for mixed networks
WO2017189765A1 (en) 2016-04-26 2017-11-02 Acalvio Technologies, Inc. Tunneling for network deceptions
US10581914B2 (en) * 2016-06-03 2020-03-03 Ciena Corporation Method and system of mitigating network attacks
JP6738013B2 (ja) * 2016-06-23 2020-08-12 富士通株式会社 攻撃内容分析プログラム、攻撃内容分析方法及び攻撃内容分析装置
US10715533B2 (en) * 2016-07-26 2020-07-14 Microsoft Technology Licensing, Llc. Remediation for ransomware attacks on cloud drive folders
EP3291501A1 (en) * 2016-08-31 2018-03-07 Siemens Aktiengesellschaft System and method for using a virtual honeypot in an industrial automation system and cloud connector
US10447734B2 (en) 2016-11-11 2019-10-15 Rapid7, Inc. Monitoring scan attempts in a network
US10298605B2 (en) * 2016-11-16 2019-05-21 Red Hat, Inc. Multi-tenant cloud security threat detection
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US10599842B2 (en) * 2016-12-19 2020-03-24 Attivo Networks Inc. Deceiving attackers in endpoint systems
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US10223536B2 (en) * 2016-12-29 2019-03-05 Paypal, Inc. Device monitoring policy
US10924502B2 (en) * 2016-12-29 2021-02-16 Noblis, Inc. Network security using inflated files for anomaly detection
US10628585B2 (en) 2017-01-23 2020-04-21 Microsoft Technology Licensing, Llc Ransomware resilient databases
CN109033885B (zh) * 2017-06-09 2022-11-18 腾讯科技(深圳)有限公司 一种数据响应方法、终端设备以及服务器
WO2019032728A1 (en) 2017-08-08 2019-02-14 Sentinel Labs, Inc. METHODS, SYSTEMS AND DEVICES FOR DYNAMICALLY MODELING AND REGROUPING END POINTS FOR ONBOARD NETWORKING
US20190108355A1 (en) * 2017-10-09 2019-04-11 Digital Guardian, Inc. Systems and methods for identifying potential misuse or exfiltration of data
US10867039B2 (en) * 2017-10-19 2020-12-15 AO Kaspersky Lab System and method of detecting a malicious file
US10915629B2 (en) * 2017-11-02 2021-02-09 Paypal, Inc. Systems and methods for detecting data exfiltration
US10771482B1 (en) * 2017-11-14 2020-09-08 Ca, Inc. Systems and methods for detecting geolocation-aware malware
US10826939B2 (en) * 2018-01-19 2020-11-03 Rapid7, Inc. Blended honeypot
US11368474B2 (en) 2018-01-23 2022-06-21 Rapid7, Inc. Detecting anomalous internet behavior
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
US12455778B2 (en) 2018-07-06 2025-10-28 Capital One Services, Llc Systems and methods for data stream simulation
US10404747B1 (en) * 2018-07-24 2019-09-03 Illusive Networks Ltd. Detecting malicious activity by using endemic network hosts as decoys
US11209795B2 (en) 2019-02-28 2021-12-28 Nanotronics Imaging, Inc. Assembly error correction for assembly lines
US12289321B2 (en) * 2019-03-04 2025-04-29 Microsoft Technology Licensing, Llc Automated generation and deployment of honey tokens in provisioned resources on a remote computer resource platform
EP3918500B1 (en) * 2019-03-05 2024-04-24 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications
US11057428B1 (en) * 2019-03-28 2021-07-06 Rapid7, Inc. Honeytoken tracker
JP7278423B2 (ja) 2019-05-20 2023-05-19 センチネル ラブス イスラエル リミテッド 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法
US10708770B1 (en) * 2019-06-06 2020-07-07 NortonLifeLock Inc. Systems and methods for protecting users
US11156991B2 (en) 2019-06-24 2021-10-26 Nanotronics Imaging, Inc. Predictive process control for a manufacturing process
CN110677408B (zh) * 2019-07-09 2021-07-09 腾讯科技(深圳)有限公司 攻击信息的处理方法和装置、存储介质及电子装置
US11063965B1 (en) 2019-12-19 2021-07-13 Nanotronics Imaging, Inc. Dynamic monitoring and securing of factory processes, equipment and automated systems
US11100221B2 (en) 2019-10-08 2021-08-24 Nanotronics Imaging, Inc. Dynamic monitoring and securing of factory processes, equipment and automated systems
CN114585981B (zh) 2019-11-06 2025-02-25 纳米电子成像有限公司 用于制造过程的系统、方法和介质
US12153408B2 (en) 2019-11-06 2024-11-26 Nanotronics Imaging, Inc. Systems, methods, and media for manufacturing processes
CN111308958B (zh) * 2019-11-14 2021-04-20 广州安加互联科技有限公司 一种基于蜜罐技术的cnc设备仿真方法、系统和工控蜜罐
KR102866210B1 (ko) 2019-11-20 2025-09-29 나노트로닉스 이미징, 인코포레이티드 정교한 공격으로부터 산업 생산의 보호
CN113132293B (zh) * 2019-12-30 2022-10-04 中国移动通信集团湖南有限公司 攻击检测方法、设备及公共蜜罐系统
US11086988B1 (en) 2020-02-28 2021-08-10 Nanotronics Imaging, Inc. Method, systems and apparatus for intelligently emulating factory control systems and simulating response data
WO2021173961A1 (en) * 2020-02-28 2021-09-02 Nanotronics Imaging, Inc. Method, systems and apparatus for intelligently emulating factory control systems and simulating response data
CN111431891A (zh) * 2020-03-20 2020-07-17 广州锦行网络科技有限公司 一种蜜罐部署方法
CN111541670A (zh) * 2020-04-17 2020-08-14 广州锦行网络科技有限公司 一种新型动态蜜罐系统
US11030261B1 (en) * 2020-08-06 2021-06-08 Coupang Corp. Computerized systems and methods for managing and monitoring services and modules on an online platform
CN112039861B (zh) * 2020-08-20 2023-04-18 咪咕文化科技有限公司 风险识别方法、装置、电子设备和计算机可读存储介质
US11824894B2 (en) * 2020-11-25 2023-11-21 International Business Machines Corporation Defense of targeted database attacks through dynamic honeypot database response generation
US11720709B1 (en) 2020-12-04 2023-08-08 Wells Fargo Bank, N.A. Systems and methods for ad hoc synthetic persona creation
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
CN112788023B (zh) * 2020-12-30 2023-02-24 成都知道创宇信息技术有限公司 基于安全网络的蜜罐管理方法及相关装置
US11386197B1 (en) 2021-01-11 2022-07-12 Bank Of America Corporation System and method for securing a network against malicious communications through peer-based cooperation
US11641366B2 (en) 2021-01-11 2023-05-02 Bank Of America Corporation Centralized tool for identifying and blocking malicious communications transmitted within a network
US12289343B2 (en) 2021-02-18 2025-04-29 Ciena Corporation Detecting malicious threats in a 5G network slice
US11777988B1 (en) * 2021-03-09 2023-10-03 Rapid7, Inc. Probabilistically identifying anomalous honeypot activity
CN112800417B (zh) * 2021-04-15 2021-07-06 远江盛邦(北京)网络安全科技股份有限公司 基于服务状态机的反馈式蜜罐系统的识别方法及系统
WO2022246134A1 (en) * 2021-05-20 2022-11-24 Stairwell, Inc. Real time threat knowledge graph
US11947694B2 (en) 2021-06-29 2024-04-02 International Business Machines Corporation Dynamic virtual honeypot utilizing honey tokens and data masking
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
CN113609483B (zh) * 2021-07-16 2024-05-03 山东云海国创云计算装备产业创新中心有限公司 一种服务器病毒处理的方法、装置、设备及可读介质
US12401601B2 (en) 2021-12-13 2025-08-26 International Business Machines Corporation Recertification of access control information based on context information estimated from network traffic
CN114168947B (zh) * 2021-12-14 2022-10-25 Tcl通讯科技(成都)有限公司 一种攻击检测方法、装置、电子设备及存储介质
IT202100033158A1 (it) * 2021-12-30 2023-06-30 Thegg Domotica S R L Dispositivo honeypot tailor-made e relativo metodo di realizzazione nel rispetto normativo di applicazione
US12452273B2 (en) 2022-03-30 2025-10-21 SentinelOne, Inc Systems, methods, and devices for preventing credential passing attacks
US20230421562A1 (en) * 2022-05-19 2023-12-28 Capital One Services, Llc Method and system for protection of cloud-based infrastructure
US12468810B2 (en) 2023-01-13 2025-11-11 SentinelOne, Inc. Classifying cybersecurity threats using machine learning on non-euclidean data
KR102657010B1 (ko) * 2023-12-04 2024-04-12 주식회사 심시스글로벌 샌드박스 기반의 가상 망 분리 방법 및 시스템
CN119996025B (zh) * 2025-02-28 2025-10-17 广州大学 一种基于gpt的高交互蜜点设计方法及系统

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050166072A1 (en) * 2002-12-31 2005-07-28 Converse Vikki K. Method and system for wireless morphing honeypot
CA2604544A1 (en) * 2005-04-18 2006-10-26 The Trustees Of Columbia University In The City Of New York Systems and methods for detecting and inhibiting attacks using honeypots
US9171157B2 (en) * 2006-03-28 2015-10-27 Blue Coat Systems, Inc. Method and system for tracking access to application data and preventing data exploitation by malicious programs
CN101567887B (zh) * 2008-12-25 2012-05-23 中国人民解放军总参谋部第五十四研究所 一种漏洞拟真超载蜜罐方法
US8479286B2 (en) * 2009-12-15 2013-07-02 Mcafee, Inc. Systems and methods for behavioral sandboxing
CN102088379B (zh) * 2011-01-24 2013-03-13 国家计算机网络与信息安全管理中心 基于沙箱技术的客户端蜜罐网页恶意代码检测方法与装置
ES2755780T3 (es) * 2011-09-16 2020-04-23 Veracode Inc Análisis estático y de comportamiento automatizado mediante la utilización de un espacio aislado instrumentado y clasificación de aprendizaje automático para seguridad móvil
US8739281B2 (en) * 2011-12-06 2014-05-27 At&T Intellectual Property I, L.P. Multilayered deception for intrusion detection and prevention
CN103051615B (zh) * 2012-12-14 2015-07-29 陈晶 一种蜜场系统中抗大流量攻击的动态防御系统
CN103268448B (zh) * 2013-05-24 2016-04-20 北京网秦天下科技有限公司 动态检测移动应用的安全性的方法和系统
US9652362B2 (en) * 2013-12-06 2017-05-16 Qualcomm Incorporated Methods and systems of using application-specific and application-type-specific models for the efficient classification of mobile device behaviors

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI740507B (zh) * 2019-09-27 2021-09-21 大陸商支付寶(杭州)信息技術有限公司 用戶購票行為檢測方法以及裝置

Also Published As

Publication number Publication date
EP3375159B1 (en) 2020-03-18
US20170134405A1 (en) 2017-05-11
JP2018536932A (ja) 2018-12-13
BR112018009375A8 (pt) 2019-02-26
CN108353078A (zh) 2018-07-31
KR20180080227A (ko) 2018-07-11
EP3375159A1 (en) 2018-09-19
WO2017083043A1 (en) 2017-05-18
BR112018009375A2 (pt) 2018-11-13

Similar Documents

Publication Publication Date Title
TW201717088A (zh) 動態蜜罐系統
US12120519B2 (en) Determining a security state based on communication with an authenticity server
KR102498168B1 (ko) 적응형 기계 학습 피처들을 가진 사이버 보안 시스템
US10924517B2 (en) Processing network traffic based on assessed security weaknesses
US9940454B2 (en) Determining source of side-loaded software using signature of authorship
US10528739B2 (en) Boot security
US20130254880A1 (en) System and method for crowdsourcing of mobile application reputations
US20130097659A1 (en) System and method for whitelisting applications in a mobile network environment
US20130097660A1 (en) System and method for whitelisting applications in a mobile network environment
GB2553427A (en) Identifying and remediating phishing security weaknesses
CA2852572A1 (en) Context-aware risk measurement mobile device management system
US9693233B2 (en) Intelligent agent for privacy and security application
US10609030B1 (en) Systems and methods for identifying untrusted devices in peer-to-peer communication
US12495051B2 (en) Service level verification in distributed system