Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability simulation overload honeypot method

A vulnerability honeypot and vulnerability simulation technology, which is applied in the field of network information security, can solve problems such as excessive resource requirements, low interaction capabilities, and attackers' detection, and achieve the effects of reducing costs, large simulation scale, and reducing the number

Inactive Publication Date: 2009-10-28
中国人民解放军总参谋部第五十四研究所 +2
View PDF0 Cites 58 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] To sum up, the main disadvantage of the existing vulnerability simulation technology in honeynets is the low interaction ability, and its simulated vulnerabilities can only deceive simple scanning and detection, and are easily seen by attackers
Moreover, the existing vulnerability simulation technology cannot provide attackers with the opportunity to exploit the vulnerability, and cannot capture further intrusion behaviors
At present, the high-interaction honeynet mainly uses real hosts to form a network, and installs corresponding detection tools on the real hosts, which can obtain relatively complete intrusion information, but the resource requirements are too high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability simulation overload honeypot method
  • Vulnerability simulation overload honeypot method
  • Vulnerability simulation overload honeypot method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The implementation of the present invention will be illustrated by an application example below. In this application example, the network topology of this system is composed of virtual honeypot, vulnerability simulation, and physical honeypot. There is a host connected to the network, on which multiple virtual hosts are virtualized as needed, and the system and service conditions of each virtual host are configured, and vulnerability information is configured for the virtual host. The vulnerability simulation module provides the function of vulnerability simulation for the virtual host, and realizes the interaction function with the attacker. The blue dotted line in the figure indicates the virtual network connection status. From the perspective of an attacker, multiple virtual hosts are connected to the network and have corresponding vulnerabilities, which are no different from real hosts. However, when communicating with the virtual host, it is actually interacting w...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses a vulnerability simulation overload honeypot method which comprises a host computer, a port scanning deception simulating module, a vulnerability scanning deception simulating module, a vulnerability scanning deception simulating module, a vulnerability attach deception simulating module, a data auditing module and a vulnerability utilizing module. When the attach sequence arrives at the simulated honeypot, a simulated honeypot system is used for processing according to the situation. When an attacker executes vulnerability scanning to the virtual host computer, the simulated honeypot responds and processes according to the vulnerability configuration information. Afterwards, these vulnerabilities are used for further attacking. Hereon, the simulated honeypot system transmits the vulnerability attack data flow to a vulnerability honeypot system. The vulnerability utilization attach of the attacker is processed and responded by a vulnerability attack simulating module. Finally, when the attacker successfully obtains the control power through the vulnerability attack, the attack data hereon is transmitted to a physical honeypot module. All attack processes and related data are recorded by a data auditing module for analyzing comprehensively. The method reduces the number of hardware devices in the honeynet and reduces the cost.

Description

Technical field [0001] The invention relates to a method for overloading a honeypot with simulated loopholes, and belongs to the technical field of network information security. Background technique [0002] The application of honeypot and honeynet technology is to effectively obtain network intrusion information, understand the process and purpose of network intrusion for better protection. Honeynets can be divided into high-interaction honeynets and low-interaction honeynets according to their interaction capabilities. At present, the high-interaction honeynet mainly uses real hosts to form a network, and installs corresponding detection tools on the real hosts, which can obtain relatively complete intrusion information, but the resource requirements are too high. The low-interaction honeynet is mainly a virtual honeynet. A honeynet is virtualized by software on a host, and system information is configured for each virtual host. Its resource requirements are low, but it h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
Inventor 郑康锋杨义先郭世泽朱峻茂武斌王秀娟赵建鹏
Owner 中国人民解放军总参谋部第五十四研究所
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com