Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Configuration method for generating multiple honeypot nodes by single host based on linux system, system and monitoring method

A configuration method and single-host technology, applied in transmission systems, platform integrity maintenance, electrical components, etc., can solve the problem of low camouflage, and achieve the effect of improving camouflage and saving resources

Active Publication Date: 2020-12-25
SHANGHAI GUAN AN INFORMATION TECH
View PDF7 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is how to have a Mac address different from the physical network card where the host is located, improve the camouflage and be low, a configuration method for generating multiple honeypot nodes based on a single host of a linux system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Configuration method for generating multiple honeypot nodes by single host based on linux system, system and monitoring method
  • Configuration method for generating multiple honeypot nodes by single host based on linux system, system and monitoring method
  • Configuration method for generating multiple honeypot nodes by single host based on linux system, system and monitoring method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] like figure 1 As shown, a single host based on linux system generates a configuration method for multiple honeypot nodes, including the following steps:

[0035] S01. Using Linux container virtualization technology, deploy multiple physical honeypots with interactive functions in the current host, each physical honeypot has an independent IP and Mac address;

[0036] S02. According to the IP information of the host where the entity honeypot is located, configure multiple virtual sensing nodes with different IP addresses on the same network segment and port opening and association policies, and configure open ports and association policies for each sensing node at the same time. The port of the sensor node is associated with the corresponding entity honeypot service; The virtual sensor node configuration list information includes: IP address, Mac address, gateway, subnet mask; The configuration information of the port opening and association strategy includes virtual Th...

Embodiment 2

[0040] like figure 2 As shown, corresponding to Embodiment 1, this embodiment provides a honeypot system based on a linux system, which is characterized in that it includes

[0041] The honeypot response module uses Linux container virtualization technology to deploy multiple physical honeypots with interactive functions in the current host;

[0042]The honeypot management control module, according to the IP information of the host where the entity honeypot is located, configures multiple virtual sensing nodes with different IP addresses on the same network segment and port opening and association policies, and at the same time links the port of each virtual sensing node to the corresponding entity The honeypot is associated; the virtual sensing node configuration list information includes: IP address, Mac address, gateway, subnet mask. The configuration information of the port opening and association strategy includes the IP address and port of the virtual sensor node, and ...

Embodiment 3

[0052] like image 3 As shown, corresponding to Embodiment 1 and Embodiment 2, this embodiment provides a monitoring method for a honeypot system based on a linux system, comprising the following steps:

[0053] S1. When an attacker accesses a virtual sensor node, the physical network card where the current host is located receives the network packet; the physical network card judges the Mac address in the request traffic packet, and if it matches a virtual network card of the current host, the traffic packet is sent to the corresponding virtual network card;

[0054] S2. The honeypot sensing module tries to monitor each virtual network card. After monitoring the traffic of the virtual network card, read the port opening and association policies of the virtual sensing node and the entity honeypot in the cache, find the address of the corresponding entity honeypot in the honeypot response module, and then forward the request traffic to the honeypot In the corresponding entity...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a configuration method for generating a plurality of honeypot nodes by a single host based on a linux system, a system and a detection method. The configuration method comprisesthe following steps: deploying a plurality of entity honeypots in a current host by using a Linux container virtualization technology, each entity honeypot having an independent IP and an Mac address; configuring a plurality of virtual induction nodes with different IP addresses in the same network segment and port opening and association strategies according to IP information of the host where the entity honeypot is located, and associating the port of each virtual induction node with the corresponding entity honeypot; configuring a virtual network card for each virtual sensing node by adopting a network virtualization technology of a linux system; and monitoring a corresponding virtual sensing node port on each virtual network card according to the port opening and association strategy.The method has the advantages that a plurality of entity honeypots with independent IP and Mac addresses can be generated in one host, a large number of honeypot nodes with high camouflage performance are created with extremely small resources, resources are effectively saved, and the camouflage performance of the honeypots is improved.

Description

technical field [0001] The invention relates to the technical field of network data security defense, in particular to a configuration method, a system and a monitoring method for generating multiple honeypot nodes based on a single host of a Linux system. Background technique [0002] Honeypot technology is essentially a technology to deceive the attacker. By arranging some hosts, network services or information as bait, the attacker is induced to attack them, so that the attack behavior can be captured and analyzed, and the attack behavior can be understood. The tools and methods used by the party, and the attack intention and motivation can be speculated, so that the defense party can clearly understand the security threats they face, and enhance the security protection capabilities of the actual system through technical and management means. A honeypot is like an intelligence collection system, which is deliberately targeted by people to lure hackers to attack, so as to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/53
CPCH04L63/1483G06F21/53
Inventor 王文君赵杰达盼飞郑力达李明蕊
Owner SHANGHAI GUAN AN INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com