Viscous honeypot system and interaction method thereof

A honeypot, sticky technology, applied in the field of network security, can solve the problems of deception failure, downtime, increase hacker vigilance, etc., to achieve the effect of increasing difficulty, reducing network load, and improving survivability

Pending Publication Date: 2022-02-18
MEISHAN POWER SUPPLY CO STATE GRID SICHUAN ELECTRIC POWER CO
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] 1. Most of the data analysis technologies are low-interaction honeypots, which make it impossible for honeypots to effectively record hacking methods;
[0005] 2. There is no corresponding data alarm and processing method after hackers enter the honeypot through the security loopholes set in advance in the honeypot system, resulting in the honeypot system being used by hackers to become a botnet;
[0006] 3. It is relatively simple to enter the honeypot system, which increases the vigilance of hackers and leads to the failure of deception;
[0007] 4. When the honeypot system is attacked by multiple hackers at the same time, it is prone to downtime

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Viscous honeypot system and interaction method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] A sticky honeypot system such as figure 1 As shown, the following modules are included:

[0028] The agent ip module is used to assign the agent ip address to the virtual machine to build a new virtual environment; the agent ip module mainly includes the agent ip pool built by the cloud platform.

[0029] The virtual environment module is used to build a system environment image to simulate the real business system environment according to the proxy ip address; the virtual environment module includes a vmware virtual machine, a Docker container based on a vmware virtual machine, and a Debian system built in a Docker container.

[0030] The environmental vulnerability module is used to build a vulnerable intranet asset architecture and web business architecture in the system environment; the intranet asset architecture includes databases and SSH services, Telnet services, and SMTP services with weak password vulnerabilities; the web business architecture includes files w...

Embodiment 2

[0039] Embodiment 2 is a sticky honeypot system interaction method based on Embodiment 1, including:

[0040] 1) In the form of proxy ip, assign the proxy ip address to the virtual machine to build a new virtual environment;

[0041] 2) Build a system environment image in the new virtual environment to simulate the real business system environment;

[0042] 3) Build a vulnerable intranet asset structure and Web business structure in the system environment;

[0043] 4) Redirect the port of the vulnerable architecture in the honeypot system from iptables to the port of the real business environment;

[0044] 5) Record and store the operation records when the attacker infiltrates, the operation records include the ip address used, the attack duration and sensitive operation commands;

[0045] 6) At the same time, monitor the system environment, and analyze, process and display the monitoring data;

[0046] 7) According to the real-time situation of the system environment, the ...

Embodiment 3

[0048] In this embodiment 3, on the basis of embodiment 1, the honeypot system of embodiment 1 is deployed in a real business environment. The virtual environment module uses the ip address provided by the agent ip module to create a new virtual machine in the real environment, and the The Docker container is used in the machine to complete the deployment of the virtual business environment. Because the Docker container has a faster startup time, is good at handling the concentrated burst of server usage pressure, and can be elastically scaled and rapidly expanded, it is suitable for the construction of a virtual business environment. Build a Debian image in a Docker container. Debian is an open source system with Linux as the kernel. Compared with other Linux systems, it has stronger stability, faster and easier memory management and security protection. Debian is used to complete the honeypot system Build, in the environment vulnerability module, enable the SSH service, Telne...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a viscous honeypot system and an interaction method thereof. The system comprises an agent ip module, a virtual environment module, an environment vulnerability module, a data recording module, a data storage module, a honeypot management module, an emergency processing module and a load balancing module which are in signal connection and interaction. A virtual environment system is built through an agent ip, a honeypot system is monitored and managed, network connection is disconnected in time aiming at botnet risks, multi-task attack loads are balanced to different operation units, and downtime is avoided. According to the invention, the honeypot system and the interaction method thereof are optimized, and the operation efficiency and the self safety are improved.

Description

technical field [0001] The invention relates to the field of network security, in particular to a sticky honeypot system and an interaction method thereof. Background technique [0002] Honeypot technology is a technology to deceive Internet attackers. Generally, it can be considered that a honeypot is an unused but closely monitored network host, which contains false high-value resources and some loopholes to attract intruders to attack the honeypot host in order to protect the real host. At the same time, the honeypot can record all the instructions of the hacker to attack, so as to formulate a means of defense against attacks for use by the real host. Using honeypot technology can resist unknown attacks to a certain extent and enhance the protection ability of the actual system. [0003] The existing honeypot technology has the following problems: [0004] 1. Most of the data analysis technologies are low-interaction honeypots, which make it impossible for honeypots to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06F9/50G06F21/55G06F21/57
CPCH04L63/1491H04L63/1466H04L63/1416H04L63/1433H04L63/0281G06F21/55G06F21/577G06F9/5083H04L2463/144
Inventor 唐海东易伟熊伟兰沂梅陈亮汪晓帆谢廷杰王后勤朱礼鹏曾仕伦杨灏
Owner MEISHAN POWER SUPPLY CO STATE GRID SICHUAN ELECTRIC POWER CO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap