Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Defense honeypot-based security threat active sensing method

A honeypot, active technology, applied in computer security devices, instruments, computing, etc., to achieve high efficiency

Active Publication Date: 2018-08-24
江苏中天互联科技有限公司
View PDF8 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the application of firewall and intrusion detection technology is still very common, facing the increasing diversification of attack methods and the continuous improvement of network security requirements, the detection of intrusions that have occurred (passive detection) can no longer meet the requirements of computer security. More emphasis is on active defense and early defense

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Defense honeypot-based security threat active sensing method
  • Defense honeypot-based security threat active sensing method
  • Defense honeypot-based security threat active sensing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be further described in detail below in conjunction with the accompanying drawings and examples. The following examples are explanations of the present invention and the present invention is not limited to the following examples.

[0034] like figure 1 As shown, a kind of security threat active perception method based on defense honeypot of the present invention, concrete steps are as follows:

[0035] Step 1, function injection address selection, select NOP, HLT and other instructions of the untrusted process to fill the memory area. In the Windows system, since the program uses NOP and HLT instructions to fill the code segment of the program to ensure instruction alignment, in order not to destroy the function code of the untrusted process itself, the area filled with NOP and HLT instructions is selected as the injectable address area ms.

[0036] Step 2: Inject and execute the system function to be detected into the untrusted process. Sys...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a defense honeypot-based security threat active sensing method. Based on understanding of a Hook technology, whether a defense honeypot intercepts and captures a test functionor not is judged by analyzing an execution Trace of a system function; firstly the to-be-detected system function is injected into an untrusted process and is executed to obtain an instruction execution record (Trace) of the function; further according to a characteristic that the defense honeypot intercepts and captures the Trace of the system function, an address space finite state automata is designed, and the obtained Trace is analyzed in the automata to judge the system function intercepted and captured by the defense honeypot; and finally, a test function set is traversed to identify threat sensation of the target defense honeypot. The threat sensation of the target defense honeypot can be identified; and compared with an existing threat sensation identification method, the method has the same defense honeypot-based threat sensation identification capability, and is more automatic and more efficient.

Description

technical field [0001] The invention relates to a security threat active sensing method, in particular to a security threat active sensing method based on defense honeypot. Background technique [0002] With the rapid development of computer technology, active defense technology has gradually replaced passive defense technology and has become the main research direction of computer security today. Although the application of firewall and intrusion detection technology is still very common, facing the increasing diversification of attack methods and the continuous improvement of network security requirements, the detection of intrusions that have occurred (passive detection) can no longer meet the requirements of computer security. More emphasis is on active defense and early defense. [0003] Therefore, active defense technology will attract more and more people's attention. Active defense technology tries to contain and divert attack behavior, conduct technical analysis an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55H04L29/06
CPCG06F21/552H04L63/1491
Inventor 李千目孙哲侯君孙康尤丽荣
Owner 江苏中天互联科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com