Supercharge Your Innovation With Domain-Expert AI Agents!

Honeypot system attack playback method and device, storage medium and equipment

A playback device and honeypot technology, applied in the transmission system, electrical components, etc., can solve the problem that the recording method is easy to be exposed

Active Publication Date: 2021-02-19
杭州安恒信息安全技术有限公司
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present invention provides a honeypot system attack playback method, device, storage medium and equipment to at least solve the problem in the related art that the way of recording the attacker's attack behavior in the honeypot is easily exposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Honeypot system attack playback method and device, storage medium and equipment
  • Honeypot system attack playback method and device, storage medium and equipment
  • Honeypot system attack playback method and device, storage medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] Example 1: Please refer to figure 2 , which shows the honeypot system attack playback method in the first embodiment of the present invention, which can be applied to the honeypot system attack playback device. The honeypot system attack playback method can be implemented by software and / or hardware. The method specifically includes steps S201 to step S203.

[0046] Step S201, when the attacker logs into the honeypot system through the ssh service, the process data generated by the attack operation performed by the attacker during the login period is recorded through the sshd program, and the process data includes command text data and attack time data.

[0047] During specific implementation, the process data generated by the attack operations performed by the attacker during login can be recorded through the echo record subroutine. Among them, the process data is the echo content returned by the bash module to the attacker, including command text data and attack tim...

Embodiment 2

[0055] Example 2: Please refer to image 3 , which shows the honeypot system attack playback method in the second embodiment of the present invention, which can be applied to the honeypot system attack playback device. The honeypot system attack playback method can be implemented by software and / or hardware. The method specifically includes steps S301 to step S303.

[0056] Step S301, when the attacker logs into the honeypot system through the ssh service, the process data generated by the attack operation performed by the attacker during the login period is recorded through the sshd program, and the process data includes command text data and attack time data.

[0057] Step S302, when the ssh service returns the process data to the attacker for echo, write the command text data into the xx.script file, and write the attack time data into the xx.timing file.

[0058] Wherein, the xx.script file and the xx.timing file are pre-files with fixed formats. That is to say, in this ...

Embodiment 3

[0080] Embodiment 3: Another aspect of the present invention also provides a honeypot system attack playback device, please refer to Figure 4 , shows the honeypot system attack playback device in the third embodiment of the present invention, which can be applied to the honeypot system attack playback device, specifically, it can be the processor of the honeypot system attack playback device, and the honeypot system attack playback device includes :

[0081] The data recording module 41 is used for when the assailant logs in the honeypot system by the ssh service, records the process data generated by the attack operation performed by the assailant during the login period through the sshd program, and the process data includes command text data and attack time data;

[0082] Data writing module 42, for writing command text data and attack time data in the middle of the default file;

[0083] The file return module 43 is configured to return the preset file to the user, so th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a honeypot system attack playback method and device, a storage medium and equipment, and the method comprises the steps: recording process data generated by an attack operation executed by an attacker in a login period through an sshd program when the attacker logs in a honeypot system through an ssh service, wherein the process data comprises command text data and attacktime data; writing the command text data and the attack time data into a preset file; and returning the preset file to the user, so that the user can play back the attack process of the attacker basedon the preset file. Other programs do not need to be additionally entered, no abnormal information prompt exists, an attacker cannot perceive and cannot be exposed at all, in addition, the attack process of the attacker can be completely reproduced by selecting the recorded data, and enough information is provided for later traceability analysis.

Description

technical field [0001] The present application relates to the technical field of honeypot system attack playback, and in particular to a honeypot system attack playback method, device, storage medium and equipment. Background technique [0002] In the current cloud environment and data center environment, the Linux operating system is favored by many enterprises due to its open source, free, stable, high-performance and other characteristics, so the Linux operating system occupies the vast majority of servers. Among them, ssh (Secure Shell, secure shell protocol) is the login authentication program of the Linux operating system, which makes ssh the main way for attackers to gain control of the host. [0003] Since ssh has become the main way for attackers to blast the linux operating system, when the honeypot of the linux operating system is breached, it is difficult for the attacker's behavior in the honeypot to be fully recorded, and only when it touches other probe progra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1491
Inventor 褚维明
Owner 杭州安恒信息安全技术有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com