Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Novel honeypot networking method and honeypot system

A honeypot and networking technology, applied in the field of network security, can solve the problems of low capture probability, unusable service ports of service hosts, and low attack capture rate

Active Publication Date: 2021-04-30
广州锦行网络科技有限公司
View PDF8 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. The characteristics of honeypots are relatively obvious. Experienced attackers can easily identify honeypots
[0006] 2. The capture probability of the honeypot is low. Generally, the proportion of real business hosts and trapping nodes is relatively large, so the capture probability is low
[0007] 3. The network of trapping nodes is generally not under the same network switch as the network of real business hosts. If the attacker scans horizontally based on network equipment instead of horizontal scanning based on IP, the traditional honeynet system will not be able to function
[0008] 4. During the deployment process, traditional honeypots need to increase the resources of trapping nodes, and the cost is high
[0009] 5. The idle service port of the real service host cannot be used, resulting in a waste of resources
[0011] found, and if the establishment of the connection with the honeypot fails, it will lead to the failure of attack capture, and the attack capture rate is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Novel honeypot networking method and honeypot system
  • Novel honeypot networking method and honeypot system
  • Novel honeypot networking method and honeypot system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0142] Refer to attached figure 1 , 2 and 3, according to a specific embodiment of the present invention, the honeypot networking method provided by the present invention is described in detail.

[0143] For example:

[0144] The IP address of the real business host is: 10.1.2.3;

[0145] The idle service list is: ftp service, SSH service, smb service, etc.;

[0146] The list of commonly used services by attackers is: ftp service, SSH service, remote desktop service, etc.;

[0147] The idle services selected from the idle service list are: ftp service and SSH service, and the corresponding port numbers are 21 and 22 respectively;

[0148] The trapping nodes bound to idle service ports are configured as: 10.1.2.3:21 and 10.1.2.3:22;

[0149] The honeypot configurations bound to the trapping nodes are: ftp service honeypot and SSH service honeypot;

[0150] Trapped node 1: IP address is 10.1.2.3, port number is 21;

[0151] Trapped node 2: IP address is 10.1.2.3, port num...

Embodiment 2

[0188] Refer to attached figure 2 , according to yet another specific embodiment of the present invention, the processing flow of the present invention will be described in detail when the attacker accesses the idle service port where the decoy node is deployed by using the present invention.

[0189] For example:

[0190] The IP address of the real business host is: 192.168.1.5;

[0191] The idle service list is: Remote Desktop Service, etc.;

[0192] The list of commonly used services by attackers is: Remote Desktop Services, etc.

[0193] The idle service selected from the idle service list is: Remote Desktop Service, and the corresponding port number is 3389;

[0194] The trap node configuration bound to the idle service port is: 192.168.1.5:3389;

[0195] The honeypot configurations bound to the decoy nodes are as follows:

[0196] Trapped node 1: IP address is 192.168.1.5, port number is 3389;

[0197] The attacker entered the real host 192.168.1.5. When the attac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a novel honeypot networking method and a honeypot system, and belongs to the technical field of network security. The invention provides a honeypot networking method, and the method comprises the following steps: listing idle services of a real business host, listing attacker common services, selecting some idle services from the idle services of the real business host according to the attacker common services, deploying the idle services as trapping nodes, deploying one trapping node for each selected idle service, and deploying one trapping node for each selected trapping node; binding the trapping node with the honeypot; when an attacker accesses an idle service, introducing attacker access flow into the honeypot, enabling the honeypot system to analyze the attacker access flow, automatically downloading a countering program and countering the attacker. According to the method, the trapping nodes are deployed on the idle service of the real service host, so that a large number of special servers or special virtual machines created on the idle servers are saved for deploying the trapping nodes, the capture efficiency is high, and the idle service is utilized.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a novel honeypot networking method and a honeypot system. Background technique [0002] Honeypot is a well-known technology in the field of network security. Honeypot is mainly used to induce attackers to attack and then analyze attack behavior. When inducing attackers to attack, traditional honeypots usually need to deploy decoy nodes, bind decoy nodes to honeypots, and forward attacker traffic to honeypots. In traditional honeypots, decoy nodes are deployed on virtual machines On the virtual machine, the virtual machine does not have any business dealings, so as long as there is access to the decoy node, it means that there is an attack. [0003] In the Chinese patent application document CN111756761A, a network defense system, method and computer equipment based on traffic forwarding are disclosed, wherein the system includes: an agent module, a honeypot service modu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1491
Inventor 吴建亮胡鹏朱克群
Owner 广州锦行网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com