A method and system for improving the accuracy of alarm output of a honeypot system
A precision and honeypot technology, applied in the field of network technology and security, can solve the problems of low precision, failure to rule out false alarms, high false alarm rate of security equipment, etc., to improve accuracy, improve rapid processing capabilities, and avoid manpower The effect of wasting resources
Active Publication Date: 2022-08-02
SHANGHAI COMMITTEE CHINA TELECOM GRP LABOR UNION +1
View PDF7 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] There are many types of honeypot technologies in the prior art, but generally most of them are implemented by means of passive listening and temptation attacks. Due to the poor ability to discover security events in the cloud resource system environment and the high false alarm rate of commonly used security devices, honeypots The system also outputs a large number of irrelevant business behaviors and normal business behaviors as alarms. The honeypot system based on characteristics and intelligent analysis cannot rule out false alarms triggered by a large number of normal business accesses, which leads to low accuracy of alarm output by the honeypot system. A high degree of manual intervention is required, and it is impossible to quickly match information and deal with it after a security incident occurs
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0039] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present invention.
[0040] It should be noted that the embodiments of the present invention and the features of the embodiments may be combined with each other under the condition of no conflict.
[0041] The present invention will be further described below with reference to the accompanying drawings and specific embodiments, but it is not intended to limit the present invention.
[0042] A method for improving the accuracy of alarm output of a honeypot system, ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
A method and system for improving the accuracy of alarm output of a honeypot system belong to the field of network technology and security technology. The method includes: extracting a first security alarm event recorded in a security event log, and adding the first security alarm event according to the security event log. Feature tags, extract the second security alarm event in the attack log data, match the first security alarm event with the second security alarm event, add detailed business description and comprehensive basic information, and output as a honeypot system alarm; the system includes : a first extraction module, a marking module, a second extraction module, a matching module, a collection module, and an output module; the beneficial effects are: breaking the information islands between various network security devices, realizing information linkage, and improving the accuracy of the honeypot system alarm output , to avoid unnecessary waste of human resources in the response and disposal of network security incidents, and improve the ability to quickly handle security incidents.
Description
technical field [0001] The invention relates to the field of network technology and security technology, and in particular, to a method and system for improving the accuracy of alarm output of a honeypot system. Background technique [0002] Honeypot systems are systems that are purposefully deployed for detection, attack, and misappropriation by malware in order to discover, identify, and characterize such software; with the development of Internet technology, network scanning, worm and virus codes are Propagation and malicious attacks by hackers make every host on the network at risk at any time, and the honeypot and honeypot system are proposed to take the initiative to study this security threat. These attacks are monitored, detected, and analyzed. [0003] There are many types of honeypot technologies in the prior art, but in general most of them are implemented by passive interception and temptation attacks. Due to the poor ability to detect security events in the clo...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1491H04L63/1425H04L63/1416
Inventor 张旗斌金鑫陈浩波孙献平吴儒俊徐彬彬周璐姚亮范峥
Owner SHANGHAI COMMITTEE CHINA TELECOM GRP LABOR UNION