The invention discloses a
honeypot-based network
trapping method, which comprises an outer firewall, an inner firewall and a network deception
system. The beneficial effects of the invention are: the "wide entry" of the internal firewall is to confuse the intruder and let him "make the best use of it", while the "strict exit" ensures that the intruder's activities are limited to the "cage", and more data can be collected , evidence, and also prevent intruders from using the
system as a springboard to conduct further attacks on other systems. Organizing information to deceive forged persons and locations also requires forged information such as salary, budget, and personal records. The more real the forged information is , the more you can avoid deception, and it is easy to be discovered.
Network traffic simulation replicates all access connections, making the deception
system very similar to the real system. Service
camouflage writes a series of scripts in the system to simulate the characteristics of some application services, providing seemingly Normal service, leading the attacker to believe that the
trapping system is a functioning system.