Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Honeypot attacker tracing method based on TCP/UDP transparent proxys

A transparent proxy and attacker technology, applied in the direction of electrical components, transmission systems, etc., can solve the problem of incomplete application log attacker information, and achieve the effect of reducing the difficulty of development

Inactive Publication Date: 2020-10-27
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF7 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the way to trace the source of the attacker's behavior on the market is mainly through targeted log collection of service components involved in specific honeypots, such as tomcat, nginx, mysql, etc., to distinguish the source of the user. Information can only be realized by modifying the source code and other means that are difficult to develop
The substantive reason for this problem is that when the attack traffic reaches the application layer, due to the different parsing methods of each application service and the different levels of log audit details provided by the service, the application log will have incomplete attacker information.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Honeypot attacker tracing method based on TCP/UDP transparent proxys

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0021] like figure 1 As shown, a method for tracing the source of a honeypot attacker based on TCP / UDP transparent proxy, including the following steps:

[0022] (1) Business party traps node traffic forwarding:

[0023] The SOCKET+EPOLL architecture is used to implement the node forwarding program. Because the node is designed and deployed in the business network, the network routing cannot be configured, so the common proxy method is used, but the user information and node information need to be forwarded to the transparent proxy node through the proxy protocol. . The principle of ordinary proxy is that after receiving the SOCKET connection, it accepts the data and establishes a corresponding forwarding connection to the back-end transparent proxy server to forward the data. The essential principle of the proxy protocol is to send a fixed format carrying request information after the connection is established and before the data is forwarded, including a specific data pack...

Embodiment 2

[0037] A method for tracing the source of a honeypot attacker based on a TCP / UDP transparent proxy. The hardware structure of this embodiment mainly includes a honeypot trap node, a transparent proxy node, a honeypot service, and a cloud analysis system. Among them, honeypot trapping nodes and transparent proxy nodes are the most basic modules to realize traceability. Specifically include the following steps:

[0038] (1) Business side trapping node configuration pull:

[0039] Implemented in python, by establishing a socket and sending a request to pull the application string, it regularly initiates a configuration pull request to the back-end transparent proxy server, and after receiving the response, decrypts the response to obtain the node configuration.

[0040] (2) The business party traps the virtual IP of the node:

[0041] According to the pulled configuration, use the IPDB class in the python third-party library pyroute2 to virtualize the node IP in the configurati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a honeypot attacker tracing method based on TCP / UDP transparent proxys. The honeypot attacker tracing method comprises the following steps that a service party trap node forwards traffic; the service party trap node dynamically realizes virtual IP simulation; a trap node port achieves scanning and monitoring; the transparent proxy node forwards TCP / UPD traffic; corresponding node positioning is realized through traffic under a multi-forwarding-node scene. According to the method, head information of a transport layer protocol is read at a transparent proxy, attack traffic tracing is achieved, attack traffic is transparently forwarded to a real honeypot service through a real IP of an attacker, and correct request analysis and response of an application layer are achieved; the proxy layer is realized based on TCP / UDP, so that honeypots of all TCP / UDP protocol types are supported.

Description

technical field [0001] The invention relates to the field of network information security and software technology, in particular to a method for tracing the origin of honeypot attackers realized based on TCP / UDP transparent proxy. Background technique [0002] As a security product tool that actively induces hackers, honeypots are playing an increasingly important role in the security product market, and the traceability of attack behaviors against honeypots is the top priority in the development of honeypot products. At present, the way to trace the source of the attacker's behavior on the market is mainly through targeted log collection of service components involved in specific honeypots, such as tomcat, nginx, mysql, etc., to distinguish the source of the user. Information can only be realized by modifying the source code and other means that are difficult to develop. The substantive reason for this problem is that when the attack traffic reaches the application layer, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1491H04L2463/146
Inventor 夏康丽
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com