Method for capturing network worm based on honeypot technology

A honeypot technology and worm technology, applied in the field of catching network viruses, can solve problems such as network congestion

Inactive Publication Date: 2018-09-11
SHENYANG INSTITUTE OF CHEMICAL TECHNOLOGY
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Even if the detection packets sent by the scanning program are small, the accumulation of small numb

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for capturing network worm based on honeypot technology
  • Method for capturing network worm based on honeypot technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be described in detail below in conjunction with examples.

[0023] 1. Feature extraction method

[0024] The worm execution body first detects the host with the vulnerable service in the network. If a host that meets the requirements is detected, the virus body program will be transmitted to the host with the vulnerable service through the network, and the virus body program will be started and some settings will be made. Protective measures, such as setting it to run automatically at startup. After the virus body program runs, it will continue to detect vulnerabilities and replicate itself, and perform work with a certain purpose. The characteristics of the worm program can be extracted through the infected file, and the specific process is as follows:

[0025] (1) Start the service program with a certain vulnerability, and check the service port of the vulnerability to confirm that the service program with a certain vulnerability is runni...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for capturing a network worm based on honeypot technology relates to a method for capturing a network virus. The method comprises the following steps of: a, extracting the worm feature: starting the service program with a vulnerability, and viewing the vulnerability service port; using netcat to listen to the port, creating an open socket and capturing all the activities sent to the socket for listening; capturing the worm; writing Snort intrusion rules according to the virus characteristics fragment; performing intrusion detection, creating port listeners, then running the Snort in intrusion detection mode; observing capture situation of the snort and viewing the snort alarm log; using the honeypot to interact with the network worm: requesting to download the worm virion by the honeypot; and creating a 4567/tcp listener by the honeypot host. The invention self-makes a honeypot to capture the network worm virus, and solves the great harm that the computer worm virus brings tothe network world.

Description

technical field [0001] The invention relates to a method for catching network viruses, in particular to a method for catching network worms based on honeypot technology. Background technique [0002] Since Mohs released the first worm virus in 1998, computer worms have brought huge disasters to the network world with their rapid and diverse transmission methods. In particular, the rapid development of the network has made the harm caused by worms more and more serious, resulting in a network world that has become discolored. [0003] Unlike ordinary viruses, a virus is a piece of executable code that has a unique ability to replicate. It can attach itself to various types of files and activate it under certain conditions. This feature is very similar to a biological virus. The macro virus is a new form of virus, it is parasitic in some data files for use in different operating systems, and has the ability to spread across platforms. Worms are completely different. They spr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1491
Inventor 王军张佳伟芦贺康成明
Owner SHENYANG INSTITUTE OF CHEMICAL TECHNOLOGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap