Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

High-interaction honeypot based network security system and implementation method thereof

A honeypot and network technology, applied in the field of network security systems based on high-interaction honeypots, can solve the problems of inability to analyze attack events, discover unknown attacks, and fail to discover unknown events, etc., to achieve the effect of improving application value

Inactive Publication Date: 2012-10-17
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF4 Cites 109 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, high-interaction honeypot solutions generally run in a virtual machine environment. Through certain system monitoring methods, specific types of attack logs on honeypots are collected. This single log acquisition method cannot form the ability to analyze attack events at all. It is impossible to detect unknown events
[0005] Specifically, in the prior art, the main shortcomings of the honeypot application are as follows: 1. The victim host is simulated based on the low-interaction honeypot, so only attack logs for known vulnerabilities can be captured
2. Even if a high-interaction honeypot is used, the attack log capture and correlation analysis capabilities are insufficient, and the automatic correlation and restoration of attack scenarios cannot be realized, and it is difficult to find unknown attacks from numerous event logs
3. Only passively capture the traces left by the attacker on the honeypot, and cannot actively analyze and extract malicious resources controlled by the attacker and distributed on the Internet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • High-interaction honeypot based network security system and implementation method thereof
  • High-interaction honeypot based network security system and implementation method thereof
  • High-interaction honeypot based network security system and implementation method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] In order to solve the above-mentioned technical problems in the prior art, the present invention provides a network security system and implementation method based on high-interaction honeypots, which can automatically discover unknown attack events and restore attack scenarios from many high-interaction honeypot logs, It also supports active detection of malicious download resources on the Internet controlled by attackers. The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0024] System embodiment

[0025] According to an embodiment of the present invention, a network security system based on a high-interaction honeypot is provided, figure 1 is a schematic structural diagram of a network security system based on a high-interaction honeypot ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a high-interaction honeypot based network security system and an implementation method thereof. The system comprises a honeypot monitoring module, a website correlation analysis module, a summarizing analysis / display module, wherein the honeypot monitoring module is used for carrying out classified acquisition on the attack incidents network behavior logs and host behavior logs; the website correlation analysis module is used for carrying out summarization and automatic correlation analysis on the attack incidents network behavior logs and the host behavior logs, and filtering invalid network alarms, capturing known attack incidents, automatically finding out unknown attack incidents, and extracting concealed Internet malicious resource information according to the automatic correlation analysis results; and the summarizing analysis / display module is used for summarizing and accounting known attack incidents and / or unknown attack incidents captured on all honeypot websites, displaying and reducing selected attack incidents for users, and carrying out automatic detection on concealed Internet malicious resources according to the concealed Internet malicious resource information.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a high-interaction honeypot-based network security system and an implementation method. Background technique [0002] In the prior art, the honeypot technology is a network trapping technology, which is widely used in the field of network security, especially the capture of malicious codes and the tracking and analysis of network attack events. [0003] From the degree of interaction of honeypot data, honeypot technology can be divided into two categories: low-interaction honeypot and high-interaction honeypot. Low-interaction honeypots use simulation technology, there is no real operating system and services, and the degree of interaction is low, and they can only simulate the response behavior of operating systems and applications based on known vulnerabilities; high-interaction honeypots run on real operating systems, deploy Real applications can construct a real service en...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/26H04L29/08
Inventor 徐娜周勇林陈景妹陈云飞王营康刘阳
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com