Multi-layer honey network data transmission method and system

Abstract

The invention relates to multilayer honey-net data transmission method and system, and the gateway of honey-net receives the data flow of external network; the gateway of honey-net detects the network intrusion for the received data flow; the normal data flow can pass, which is sent to the target host computer; and the informal data flow is divide into high, middle and low according to dangerous level; and the data flow with high level is sent to physical honey-tank system, the data flow with middle level is sent to virtual machine honey-tank system, and the data floe with low level is sent to virtual honey-tank system. The invention can utilize the advantages of low interactive honey-tank system and high interactive honey-tank system, save system source, and improve the covering area of honey-tank system and the ability of obtaining the movable information of network attack and capturing the malice code; it can defeat the anti-honey tank technique. And it can be used in security field of computer network.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and in particular relates to a data transmission method utilizing a multi-level honeynet and a multi-level honeynet data transmission system. Background technique [0002] With the development of Internet technology, network scanning, the spread of worms and virus codes, and malicious attacks by hackers are dangers that every host on the network may face at any time. Among them, most of the network attack activities are automatically completed by attack tools or malicious code spreading around. In addition, attack scripts and tools have become easy to obtain and use, that is to say, random attacks without high interaction requirements. The proportions of network scanning, system attack activities with high interaction requirements, and attack activities that identify honeypot system threats in all attack activities decrease rapidly in turn. [0003] The proposal of honeypot and...

AI Technical Summary

Problems solved by technology

[0013] Such a technical solution has the following two problems: first, the resource utilization rate of the honeypot system is low, and the highly interactive physical honeypot system and virtual machine honeypot system resources are often wasted on simple scanning and simple worm attacks; second, after discovering a honeypot system host, the attacker can easily identify whether the attack on the real target system is successful and take evasive measures

At present, attackers mainly identify the honeypot system from two aspects: the network and the system. The most important method is to check the hardware and system information of the attacked host to determine whether it is a virtual host. If it is a virtual host, it is a honeypot risk. After discovering these traces, the attacker is likely to give up the attack or eliminate the attack traces, and may even set the network address of the attacked host into the attack blacklist, so that the honeypot system cannot capture the attack information. Tank identification technology: Thorsten Hol, Frederic Raynal, "Detecting Honeypots and other suspicious environments", Proceedings of the2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY

Images