Intranet sensitive information disclosure evidence collection system and method based on honeynet technology

Abstract

The invention relates to the technical field of computer network safety, in particular to an intranet sensitive information disclosure evidence collection system and an intranet sensitive information disclosure evidence collection method based on a honeynet technology. The evidence collection system comprises a honeynet, an intranet and a user terminal which is connected into the intranet, wherein the honeynet comprises a honey bait sever, a honey wall and an evidence collection server; the honey bait server is connected into the intranet by the honey wall; the evidence collection server is connected with the honey wall; the honey bait server is used for presetting a honey bait; the honey wall is used or filtering and capturing an interaction data packet of the user terminal which accesses the honey bait through the intranet and transmitting the interaction data packet to the evidence collection server; the evidence collection server is used for collecting evidences for sensitive information disclosure behaviors in the intranet according to the received interaction data. The intranet sensitive information disclosure evidence collection system and the intranet sensitive information disclosure evidence collection method based on the honeynet technology have the advantages of increasing the effectiveness of evidence collection for the intranet sensitive information disclosure and satisfying the actual requirements on the intranet network safety.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular, to a system and method for leaking and obtaining evidence of sensitive information on an intranet based on honeynet technology. Background technique [0002] With the development of Internet technology, network scanning, the spread of worms and virus codes, and malicious attacks by hackers have become dangers that every host on the network may encounter at any time. There are currently a relative number of ways to deal with the above-mentioned dangers. As for the enterprise intranet, behaviors such as malicious attacks on intranet terminals and leakage of sensitive information on the intranet also pose a huge threat to the enterprise intranet. [0003] At present, the method of obtaining evidence for sensitive information leakage behavior in the enterprise intranet is mainly based on the audit behavior of log data. By analyzing the security logs recorded in secur...

AI Technical Summary

Problems solved by technology

[0004] However, since the log data is recorded on different devices, the above method cannot completely record the behavior process of sensitive information leakage during the forensics process, and the log data is huge, which cannot guarantee the accuracy and scientificity of the forensics results; further, based on the log data Collecting evidence on sensitive information leakag

Images