Unlock instant, AI-driven research and patent intelligence for your innovation.

Source tracing method and device based on honeypot technology and honeypot equipment

A technology of honeypot technology and traceability information, which is applied in the fields of traceability methods, devices, and honeypot equipment based on honeypot technology, and can solve the problems of malicious attacks and passive defense.

Active Publication Date: 2021-03-12
CHINA UNITED NETWORK COMM GRP CO LTD
View PDF12 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The technical problem to be solved by the present invention is to provide a traceability method, device and honeypot equipment based on honeypot technology to solve the problem that the existing honeypot technology can only perceive malicious attacks. In addition to recording attack behavior logs, the problem can only be passively defended

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source tracing method and device based on honeypot technology and honeypot equipment
  • Source tracing method and device based on honeypot technology and honeypot equipment
  • Source tracing method and device based on honeypot technology and honeypot equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] This embodiment provides a traceability method based on honeypot technology, such as figure 1 As shown, the method includes:

[0053] Step S102: Obtain relevant information about suspected malicious attack behavior.

[0054] In this embodiment, the information related to the suspected malicious attack behavior includes the IP address, port, event, number of visits, attacker host information, etc. of the malicious host.

[0055] Optionally, before the step of obtaining relevant information about suspected malicious attack behaviors, the method may further include:

[0056] When a suspected malicious attack is detected, the relevant information of the suspected malicious attack is saved to the attacked information database, and the relevant information of the suspected malicious attack includes the IP address, port and event of the malicious host;

[0057] Obtain information about suspected malicious attacks, which may include:

[0058] Obtain information about suspect...

Embodiment 2

[0081] Such as figure 2 As shown, this embodiment provides a traceability device based on honeypot technology, which is used to execute the above-mentioned traceability method based on honeypot technology, including an event trigger 30 and an active traceability module 31, wherein the event trigger 30 includes:

[0082] An acquisition unit 301, configured to acquire information related to suspected malicious attacks;

[0083] The judging unit 302 is connected to the obtaining unit 301, and is used to judge whether there is a malicious host that continues to issue malicious attack behaviors according to the relevant information of the suspected malicious attack behavior;

[0084] The sending unit 303 is connected to the judging unit 302, and is used to send an active traceability request when the judging unit 302 judges that there is a malicious host that continues to issue malicious attacks;

[0085] Active traceability module 31 includes:

[0086] The active detection unit...

Embodiment 3

[0110] This embodiment provides a honeypot device, including the traceability device based on the honeypot technology described in Embodiment 2.

[0111] In this embodiment, the honeypot device may be a host or a server, including the traceability device based on the honeypot technology described in Embodiment 2.

[0112] The traceability device and honeypot equipment based on honeypot technology provided in Embodiment 2 to Embodiment 3 judge whether there is a malicious host that continues to issue malicious attacks according to the relevant information of the suspected malicious attack behavior, and if there is a malicious host that continues to issue malicious attacks When the behavior of a malicious host, actively detect the malicious host, obtain the detection result, and upload a remote execution script to the malicious host according to the detection result to obtain key traceability information, so as to realize the traceability and evidence collection of the source of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a honeypot technology-based tracing method and apparatus, and a honeypot device. The method comprises the steps of obtaining related information of a suspected malicious attackbehavior; according to the relevant information of the suspected malicious attack behavior, judging whether a malicious host continuously sending out the malicious attack behavior exists or not; if so, carrying out active detection on the malicious host, and obtaining a detection result; and uploading a remote execution script to the malicious host according to the detection result to obtain key traceability information. The method, the device and the honeypot equipment can solve the problem that the existing honeypot technology can only sense malicious attacks and can only perform passive defense except for recording attack behavior logs.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a honeypot technology-based traceability method, device and honeypot equipment. Background technique [0002] Honeypot technology is a technology that deceives the attacker. By arranging some hosts, network services or information as bait, the attacker is induced to attack them, so that the attack behavior can be captured and analyzed, and the attack behavior can be understood. The tools and methods used, inferring attack intentions and motivations, enable defenders to clearly understand the security threats they face, and enhance the security protection capabilities of actual systems through technical and management means. [0003] However, the existing honeypot technology can only perceive malicious attacks, and can only passively defend in addition to recording attack behavior logs. Contents of the invention [0004] The technical problem to be solved by the present invent...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1491H04L63/1416H04L63/1433H04L63/145H04L2463/146
Inventor 于城陶冶刘伟李晖
Owner CHINA UNITED NETWORK COMM GRP CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com