TWI836279B - Network data packet processing device and network data packet processing method - Google Patents
Network data packet processing device and network data packet processing method Download PDFInfo
- Publication number
- TWI836279B TWI836279B TW110137498A TW110137498A TWI836279B TW I836279 B TWI836279 B TW I836279B TW 110137498 A TW110137498 A TW 110137498A TW 110137498 A TW110137498 A TW 110137498A TW I836279 B TWI836279 B TW I836279B
- Authority
- TW
- Taiwan
- Prior art keywords
- honeypot
- analysis unit
- addresses
- address
- data packet
- Prior art date
Links
- 238000012545 processing Methods 0.000 title claims abstract description 71
- 238000003672 processing method Methods 0.000 title claims description 9
- 238000004458 analytical method Methods 0.000 claims abstract description 92
- 230000004044 response Effects 0.000 claims abstract description 54
- 238000005516 engineering process Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
本揭示內容關於一種網路封包處理裝置及方法,特別是透過網路卡接收資料封包,並產生回應訊息之技術。This disclosure relates to a network packet processing device and method, particularly a technology for receiving data packets through a network card and generating response messages.
隨著科技的發展,網路通訊技術被廣泛應用於人們的生活中,且人們對於網路通訊的需求亦日益增加。相對的,網路通訊的安全性也日益重要。如何有效防禦網路攻擊,乃成為現今網際網路技術的重要課題。With the development of science and technology, network communication technology is widely used in people's lives, and people's demand for network communication is also increasing. In contrast, the security of network communications is becoming increasingly important. How to effectively defend against network attacks has become an important issue in today's Internet technology.
本揭示內容係關於一種網路封包處理裝置,包含處理單元、作業系統及分析單元。處理單元電性連接於網路介面卡。作業系統用以配合處理單元,將控制網路介面卡處於混雜模式,以自網際網路中接收資料封包。分析單元用以由網路介面卡取得資料封包,且用以解析資料封包內的目的位址。分析單元還包含複數個蜜罐單元,且儲存有對應的複數個蜜罐位址。在分析單元判斷資料封包之目的位址對應於該些蜜罐位址的其中之一時,分析單元用以選擇性地以該些蜜罐位址的其中之一或預設位址發送回應訊息。The present disclosure relates to a network packet processing device, including a processing unit, an operating system and an analysis unit. The processing unit is electrically connected to a network interface card. The operating system is used to cooperate with the processing unit to control the network interface card to be in promiscuous mode to receive data packets from the Internet. The analysis unit is used to obtain data packets from the network interface card and to parse the destination address in the data packet. The analysis unit also includes a plurality of honeypot units and stores a plurality of corresponding honeypot addresses. When the analysis unit determines that the destination address of the data packet corresponds to one of the honeypot addresses, the analysis unit is used to selectively send a response message with one of the honeypot addresses or a default address.
本揭示內容還關於一種網路封包處理方法,包含下列步驟:透過處理單元及作業系統,將網路介面卡設定於混雜模式,以自網際網路中接收資料封包;透過分析單元,解析資料封包的目的位址,其中分析單元包含複數個蜜罐單元,且儲存有對應於該些蜜罐單元的複數個蜜罐位址;在資料封包的目的位址對應於該些蜜罐位址的其中之一時,將資料封包傳送給對應於該些蜜罐位址的其中之一的蜜罐單元;以及選擇性地以該些蜜罐位址的其中之一或預設位址發送一回應訊息。This disclosure also relates to a network packet processing method, which includes the following steps: setting the network interface card in a promiscuous mode through a processing unit and an operating system to receive data packets from the Internet; and analyzing the data packets through an analysis unit The destination address of the data packet contains a plurality of honeypot units, and a plurality of honeypot addresses corresponding to the honeypot units are stored; the destination address of the data packet corresponds to one of the honeypot addresses. At one time, the data packet is sent to the honeypot unit corresponding to one of the honeypot addresses; and a response message is selectively sent to one of the honeypot addresses or a default address.
本揭示內容還關於一種網路封包處理裝置,包含處理單元、作業系統及分析單元。處理單元電性連接於網路介面卡。作業系統用以配合處理單元,控制網路介面卡處於混雜模式,以自網際網路中接收資料封包。分析單元用以接收資料封包。分析單元還包含複數個蜜罐單元,且用以儲存有對應於該些蜜罐單元的複數個蜜罐位址,在分析單元判斷資料封包對應於該些蜜罐位址的其中之一時,分析單元根據該些蜜罐位址的其中之一的回應設定條件,判斷是否以預設位址發送回應訊息。The present disclosure also relates to a network packet processing device, including a processing unit, an operating system and an analysis unit. The processing unit is electrically connected to the network interface card. The operating system cooperates with the processing unit to control the network interface card in promiscuous mode to receive data packets from the Internet. The analysis unit is used to receive data packets. The analysis unit also includes a plurality of honeypot units and is used to store a plurality of honeypot addresses corresponding to the honeypot units. When the analysis unit determines that the data packet corresponds to one of the honeypot addresses, the analysis unit The unit determines whether to send the response message at the default address based on the response setting condition of one of the honeypot addresses.
由於網路封包處理裝置係透過處理單元運行作業系統驅動網路介面卡,進而接收資料封包給分析單元,因此,分析單元無須針對每個蜜罐單元安裝對應的作業系統,以有效改善網路封包處理裝置的建構成本。Since the network packet processing device drives the network interface card through the processing unit running the operating system, and then receives data packets to the analysis unit, the analysis unit does not need to install a corresponding operating system for each honeypot unit, which effectively improves the construction cost of the network packet processing device.
以下將以圖式揭露本發明之複數個實施方式,為明確說明起見,許多實務上的細節將在以下敘述中一併說明。然而,應瞭解到,這些實務上的細節不應用以限制本發明。也就是說,在本發明部分實施方式中,這些實務上的細節是非必要的。此外,為簡化圖式起見,一些習知慣用的結構與元件在圖式中將以簡單示意的方式繪示之。A plurality of embodiments of the present invention will be disclosed in the drawings below. For clarity of explanation, many practical details will be explained in the following description. However, it will be understood that these practical details should not limit the invention. That is to say, in some embodiments of the present invention, these practical details are not necessary. In addition, for the sake of simplifying the drawings, some commonly used structures and components will be illustrated in a simple schematic manner in the drawings.
於本文中,當一元件被稱為「連接」或「耦接」時,可指「電性連接」或「電性耦接」。「連接」或「耦接」亦可用以表示二或多個元件間相互搭配操作或互動。此外,雖然本文中使用「第一」、「第二」、…等用語描述不同元件,該用語僅是用以區別以相同技術用語描述的元件或操作。除非上下文清楚指明,否則該用語並非特別指稱或暗示次序或順位,亦非用以限定本發明。In this document, when an element is referred to as "connected" or "coupled," it may mean "electrically connected" or "electrically coupled." "Connection" or "coupling" can also be used to indicate the coordinated operation or interaction between two or more components. In addition, although terms such as "first", "second", ... are used to describe different elements herein, the terms are only used to distinguish elements or operations described with the same technical terms. Unless the context clearly indicates otherwise, such terms do not specifically refer to or imply a sequence or order, nor are they intended to limit the invention.
第1圖所示為根據本揭示內容之部份實施例的網路封包處理裝置100之示意圖。網路封包處理裝置100包含處理單元110、網路介面卡120、作業系統130及分析單元140。處理單元110電性連接於網路介面卡120,用以配合作業系統130,控制網路介面卡120以接收網際網路傳來的資料,或者將資料透過網路介面卡120傳送至網際網路。FIG. 1 is a schematic diagram of a network
處理單元110用以執行各種運算,且可以被實施為微控制單元(microcontroller)、微處理器(microprocessor)、數位訊號處理器(digital signal processor)、特殊應用積體電路(application specific integrated circuit,ASIC)、中央處理器(central processing unit, CPU)、系統單晶片(System on Chip, SoC)或特定功能的處理晶片或控制器。The
在部份實施例中,作業系統130係安裝於網路封包處理裝置100中之資料儲存單元(圖中未示)。資料儲存單元電性連接於處理單元110,可以被實作為唯讀記憶體、快閃記憶體、硬碟、隨身碟、可由網路存取之資料庫或熟悉此技藝者可輕易思及具有相同功能之儲存媒體。In some embodiments, the
處理單元110用以執行作業系統130,以管理網路封包處理裝置100中的硬體(處理器、記憶體、網路卡等)、決定系統資源供需、控制輸入與輸出裝置等基本事務。同時,作業系統130也可提供一個讓使用者與網路封包處理裝置100互動的操作介面。在一實施例中,作業系統130之架構可包含硬體抽象層、系統服務層、子系統層等。其中系統服務層提供所有統一規格的函式呼叫庫,子系統層則位於系統服務層之上,屬於使用者模式,可以避免使用者程式執行非法行動。The
在一實施例中,分析單元140可為一種預先建構之資料庫的分析程式。在其他實施例中,分析單元140可為設置於網路封包處理裝置100之韌體、運算晶片或電路。分析單元140可儲存於網路封包處理裝置100中之資料儲存單元,亦可為安裝於作業系統130中之應用程式,或屬於作業系統之一部分。在其他部份實施例中,作業系統130包含系統服務層,分析單元140設置/安裝於系統服務層之上層。In one embodiment, the
如第1圖所示,分析單元140包含分析模組141及複數個蜜罐單元H1~Hn,且其內儲存有回應表T(如:儲存於記憶體)。在一實施例中,分析模組141為分析單元140中一種預先建構之運作程式,用以對接收到的資料進行分析,例如:分析一個封包或訊框的內部數據與組成。回應表T內儲存有對應於該些蜜罐單元H1~Hn的多個蜜罐位址,該蜜罐單元H1~Hn亦可由獨立的應用程式來實現,並獨立地連接於分析單元140。換言之,以應用程式來實現之蜜罐單元可由其他硬體設備驅動,而不限於網路封包處理裝置100中之分析單元140。蜜罐位址可至少包含網際協定位址(IP位址)、媒體存取控制位址(MAC位址)、完整網域名稱(Fully Qualified Domain Name,FQDN)或傳輸埠代碼等各類參數的至少一者。在部份實施例中,回應表T可包含第一蜜罐位址T1、第二蜜罐位址T2,第一蜜罐位址T1可為IP位址、第二蜜罐位址T2則可為MAC位址。As shown in FIG. 1 , the
本揭示內容之網路封包處理裝置100係用以建構「誘捕系統」。蜜罐(Honeypot)是一種特別被設計有安全漏洞,但被嚴密監控的網路主機,用以吸引入侵者(攻擊者、駭客)攻擊。蜜罐會在入侵者攻擊的過程中,記錄攻擊行爲和數據,並對入侵者進行追蹤與取證。由於本領域人士能理解蜜罐的建構方式與運作原理,故在此不另贅述。The network
蜜罐可為實體裝置,亦可為一種由軟體產生之虛擬裝置。在部份技術中,無論是實體裝置或虛擬裝置皆需要獨立安裝一個作業系統,以能使入侵者認為蜜罐為真實的攻擊目標(如:終端裝置、通訊裝置、機械手臂等)。A honeypot can be a physical device or a virtual device generated by software. In some technologies, whether it is a physical device or a virtual device, an operating system needs to be installed independently to make the intruder think that the honeypot is a real attack target (such as terminal devices, communication devices, robotic arms, etc.).
在本實施例中,蜜罐單元H1~Hn同樣具有用以紀錄、追蹤攻擊者的邏輯模組與功能模組,但並不需要安裝獨立的作業系統。處理單元110會統一透過作業系統130與網路介面卡120,為蜜罐單元H1~Hn發送及接收資料封包,因此分析單元140無須針對每一個蜜罐單元H1~Hn設置完整的作業系統。In this embodiment, the honeypot units H1-Hn also have logic modules and functional modules for recording and tracking attackers, but do not need to install independent operating systems. The
在網路封包處理裝置100透過網路介面卡120及作業系統130接收到網際網路傳來的資料封包時,處理單元110將資料封包傳給分析單元140。分析單元140由網路介面卡120取得資料封包,並透過分析模組141,判斷資料封包是否對應於回應表T中的任一個蜜罐位址。具體而言,分析模組141先解析出資料封包內的一個目的位址,再判斷該目的位址是否與任一個蜜罐位址相對應。在一實施例中,目的位址係指OSI (open system interconnection,開放式系統連結)七層架構中第2層(資料鏈結層)及第3層(網路層)的來源位址,例如前述之IP位址與MAC位址。When the network
在分析模組141判斷資料封包之目的位址對應於其中一個蜜罐位址時,若分析模組141進一步判斷需要回應此資料封包,則分析模組141將選擇性地根據此蜜罐位址,或者一個預設位址來產生回應訊息。分析模組141將透過處理單元110及網路介面卡120,以該蜜罐位址或預設位置發送回應訊息。據此,由於網路封包處理裝置100係透過處理單元110運行作業系統驅動網路介面卡,進而接收資料封包給分析模組141,因此,分析模組141無須針對每個蜜罐單元H1~Hn安裝對應的作業系統,以有效改善網路封包處理裝置100的建構成本。When the analysis module 141 determines that the destination address of the data packet corresponds to one of the honeypot addresses, if the analysis module 141 further determines that a response to the data packet is required, the analysis module 141 will selectively generate a response message based on the honeypot address or a preset address. The analysis module 141 will send the response message to the honeypot address or the preset location through the
第2圖所示為根據本揭示內容之部份實施例之網路封包處理方法的流程圖。在步驟S201中,處理單元110透過作業系統130控制網路介面卡120,以將網路介面卡120設定為混雜模式(Promiscuous mode)。在網路介面卡120處於混雜模式時,網路介面卡120會接收所有傳輸至網路封包處理裝置100的資料封包,即便資料封包的目的位址並非網路封包處理裝置100。FIG. 2 is a flow chart of a network packet processing method according to some embodiments of the present disclosure. In step S201, the
在步驟S202中,處理單元110透過網路介面卡120,將接收到的資料封包傳給分析單元140。分析單元140判斷資料封包是否對應於多個蜜罐位址的任一個、或者是否對應於多個蜜罐單元的任一個。In step S202, the
若資料封包並未對應於任一個蜜罐位址,在步驟S203中,分析單元140之分析模組141會判斷是否需要回覆。若分析模組141判斷需要回覆,則分析模組141將產生錯誤訊息,處理單元110會將錯誤訊息回傳至網際網路。If the data packet does not correspond to any honeypot address, in step S203, the analysis module 141 of the
在部份實施例中,在資料封包並未對應於任一個蜜罐位址、或者資料封包的格式有錯誤時,分析單元140可使用一組虛擬位址來發送錯誤訊息。此一方式可透過作業系統中的實體驅動程式來回應,以確保資源利用效率。In some embodiments, when a data packet does not correspond to any honeypot address or the format of the data packet is incorrect, the
在步驟S204中,若資料封包確實對應到其中一個蜜罐位址,則分析模組141將資料封包傳送至對應於該蜜罐位址的蜜罐單元。舉例而言,若資料封包內的目標位址為「Add1a」,對應於回應表T中蜜罐單元H1的第一蜜罐位址T1,則分析模組141將資料封包傳送至蜜罐單元H1。在步驟S205中,接收到資料封包之蜜罐單元H1會根據資料封包的類型及/或內容,產生對應的回應訊息,並將回應訊息回傳給分析模組141。In step S204, if the data packet does correspond to one of the honeypot addresses, the analysis module 141 transmits the data packet to the honeypot unit corresponding to the honeypot address. For example, if the target address in the data packet is "Add1a", which corresponds to the first honeypot address T1 of the honeypot unit H1 in the response table T, the analysis module 141 transmits the data packet to the honeypot unit H1. In step S205, the honeypot unit H1 that receives the data packet will generate a corresponding response message according to the type and/or content of the data packet, and return the response message to the analysis module 141.
在步驟S206中,分析模組141判斷是否根據預設位址來發送回應訊息,或者判斷蜜罐單元H1是否有指定回應訊息時所使用之位址。「預設位址」係用以模擬防火牆,在網路封包處理裝置100以預設位址回傳回應訊息的情況下,入侵者接收到回應訊息時,將會認為蜜罐單元處於一個防火牆後,因此訊息是以防火牆的位址來回應。In step S206, the analysis module 141 determines whether to send the response message according to the preset address, or determines whether the honeypot unit H1 has specified an address to be used when responding to the message. The "default address" is used to simulate a firewall. When the network
若分析模組141判斷要以預設位址來發送回應訊息,或者蜜罐單元並未指定回應訊息要使用之位址,在步驟S207中,分析模組會透過處理單元110、作業系統130及網路介面卡120,以預設位址發送回應訊息。If the analysis module 141 determines that the response message should be sent at the default address, or the honeypot unit does not specify the address to be used for the response message, in step S207, the analysis module will send the response message at the default address through the
若分析模組141判斷不需根據預設位址來發送回應訊息,或者蜜罐單元已指定要以特定位址(即,對應之蜜罐位址)傳送回應訊息,則在步驟S208中,分析模組會透過處理單元110、作業系統130及網路介面卡120,以回應表中對應的蜜罐位址發送回應訊息。換言之,分析模組141選擇性地以蜜罐位址或預設位址發送回應訊息。If the analysis module 141 determines that it is not necessary to send a response message according to the default address, or the honeypot unit has specified that a response message should be sent at a specific address (i.e., the corresponding honeypot address), then in step S208, the analysis module sends a response message at the corresponding honeypot address in the response table through the
在一實施例中,回應表T內還可儲存多筆回應設定條件,每一個回應設定條件係分別對應至一個蜜罐單元H1~Hn。每一個回應設定條件設定了對應之蜜罐單元H1~Hn接收到資料封包時,所應回覆的方式。換言之,分析模組141可根據回應表T內之回應設定條件,確認前述步驟S206的判斷結果。回應設定條件係根據每個蜜罐單元H1~Hn所模擬的裝置類型而產生,例如:若蜜罐單元H1~Hn係模擬一個生產線上的機器手臂,且機器手臂的管理網路通常有防火牆保護,則該蜜罐單元H1~Hn的回應設定條件將會為「當蜜罐單元H1~Hn模擬防火牆後的機器手臂時,以預設位址回應」,以確保回應訊息能使入侵者誤以為成功攻擊了一個防火牆後的裝置。In one embodiment, multiple response setting conditions can be stored in the response table T, and each response setting condition corresponds to one honeypot unit H1-Hn respectively. Each response setting condition sets the way the corresponding honeypot unit H1~Hn should respond when receiving a data packet. In other words, the analysis module 141 can confirm the judgment result of the aforementioned step S206 based on the response setting conditions in the response table T. The response setting conditions are generated based on the device type simulated by each honeypot unit H1~Hn. For example: if the honeypot unit H1~Hn simulates a robot arm on a production line, and the management network of the robot arm is usually protected by a firewall , then the response setting conditions of the honeypot units H1~Hn will be "When the honeypot units H1~Hn simulate the robot arm behind the firewall, respond with the default address" to ensure that the response message can mislead the intruder. Successfully compromised a device behind a firewall.
在一實施例中,本揭示內容之網路封包處理裝置100係將分析單元140安裝於作業系統,且以軟體模擬方式設置蜜罐單元。據此,在虛擬的蜜罐單元需回應訊息時,可統一透過實體的驅動程式,由作業系統130進行回應,具有較佳的資源利用率。In one embodiment, the network
前述各實施例中的各項元件、方法步驟或技術特徵,係可相互結合,而不以本揭示內容中的文字描述順序或圖式呈現順序為限。The components, method steps or technical features in the foregoing embodiments can be combined with each other and are not limited to the order of text description or the order of presentation of the figures in this disclosure.
雖然本揭示內容已以實施方式揭露如上,然其並非用以限定本揭示內容,任何熟習此技藝者,在不脫離本揭示內容之精神和範圍內,當可作各種更動與潤飾,因此本揭示內容之保護範圍當視後附之申請專利範圍所界定者為準。Although the content of this disclosure has been disclosed in the above embodiments, it is not intended to limit the content of this disclosure. Anyone familiar with this art can make various changes and modifications without departing from the spirit and scope of this disclosure. Therefore, this disclosure The scope of protection of the content shall be determined by the scope of the patent application attached.
100:網路封包處理裝置 110:處理單元 120:網路介面卡 130:作業系統 140:分析單元 141:分析模組 T:回應表 T1:第一蜜罐位址 T2:第二蜜罐位址 H1-Hn:蜜罐單元 S201-S208:步驟 100: Network packet processing device 110: Processing unit 120: Network interface card 130: Operating system 140: Analysis unit 141: Analysis module T: Response table T1: First honeypot address T2: Second honeypot address H1-Hn: Honeypot unit S201-S208: Steps
第1圖為根據本揭示內容之部份實施例之網路封包處理裝置的示意圖。 第2圖為根據本揭示內容之部份實施例之網路封包處理方法的流程圖。 Figure 1 is a schematic diagram of a network packet processing device according to some embodiments of the present disclosure. Figure 2 is a flow chart of a network packet processing method according to some embodiments of the present disclosure.
國內寄存資訊(請依寄存機構、日期、號碼順序註記) 無 國外寄存資訊(請依寄存國家、機構、日期、號碼順序註記) 無 Domestic storage information (please note in the order of storage institution, date, and number) None Foreign storage information (please note in the order of storage country, institution, date, and number) None
S201-S208:步驟 S201-S208: Steps
Claims (17)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202163222439P | 2021-07-16 | 2021-07-16 | |
US63/222,439 | 2021-07-16 |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202306353A TW202306353A (en) | 2023-02-01 |
TWI836279B true TWI836279B (en) | 2024-03-21 |
Family
ID=85121055
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110137498A TWI836279B (en) | 2021-07-16 | 2021-10-08 | Network data packet processing device and network data packet processing method |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN115701029A (en) |
TW (1) | TWI836279B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170180315A1 (en) * | 2014-05-19 | 2017-06-22 | Fortinet, Inc. | Network interface card rate limiting |
CN106961442A (en) * | 2017-04-20 | 2017-07-18 | 中国电子技术标准化研究院 | A kind of network method for entrapping based on honey jar |
CN107404465A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Network data analysis method and server |
CN109347881A (en) * | 2018-11-30 | 2019-02-15 | 东软集团股份有限公司 | Network protection method, apparatus, equipment and storage medium based on network cheating |
CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
CN111556061A (en) * | 2020-04-29 | 2020-08-18 | 上海沪景信息科技有限公司 | Network disguising method, device, equipment and computer readable storage medium |
-
2021
- 2021-10-08 TW TW110137498A patent/TWI836279B/en active
- 2021-10-08 CN CN202111169663.2A patent/CN115701029A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170180315A1 (en) * | 2014-05-19 | 2017-06-22 | Fortinet, Inc. | Network interface card rate limiting |
CN107404465A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Network data analysis method and server |
CN106961442A (en) * | 2017-04-20 | 2017-07-18 | 中国电子技术标准化研究院 | A kind of network method for entrapping based on honey jar |
CN109347881A (en) * | 2018-11-30 | 2019-02-15 | 东软集团股份有限公司 | Network protection method, apparatus, equipment and storage medium based on network cheating |
CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
CN111556061A (en) * | 2020-04-29 | 2020-08-18 | 上海沪景信息科技有限公司 | Network disguising method, device, equipment and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
TW202306353A (en) | 2023-02-01 |
CN115701029A (en) | 2023-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10691839B2 (en) | Method, apparatus, and system for manageability and secure routing and endpoint access | |
US11048569B1 (en) | Adaptive timeout mechanism | |
US8886927B2 (en) | Method, apparatus and system for preventing DDoS attacks in cloud system | |
US8606407B2 (en) | Energy management application server and processes | |
US9560062B2 (en) | System and method for tamper resistant reliable logging of network traffic | |
Dover | A denial of service attack against the Open Floodlight SDN controller | |
US10440054B2 (en) | Customized information networks for deception and attack mitigation | |
CN104967609A (en) | Intranet development server access method, intranet development server access device and intranet development server access system | |
US20180302418A1 (en) | Method and system for detection and interference of network reconnaissance | |
US9473451B2 (en) | Methods, systems, and computer readable media for providing mapping information associated with port control protocol (PCP) in a test environment | |
TWI836279B (en) | Network data packet processing device and network data packet processing method | |
US10944719B2 (en) | Restrict communications to device based on internet access | |
KR20230156262A (en) | System and method for machine learning based malware detection | |
CN108429727B (en) | Method for secure exchange of discovery link information | |
KR101188308B1 (en) | Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor | |
CN111866005A (en) | ARP spoofing attack defense method, system and device based on block chain | |
Qian | The automatic prevention and control research of ARP deception and implementation | |
TWI852130B (en) | Automatic proxy system and automatic proxy method | |
US20230269236A1 (en) | Automatic proxy system, automatic proxy method and non-transitory computer readable medium | |
US10574596B2 (en) | Software defined networking FCoE initialization protocol snooping bridge system | |
Henderson | Designing a Sustainable and Secure Network Security Architecture for the Internet of Things | |
Hudak | Automatic Honeypot Generation and Network Deception | |
KR20100015846A (en) | Method and system for communication between nodes | |
JP2010004158A (en) | Setting method of network relay device, network relay device, and network system |