CN113098906A - Application method of micro honeypots in modern families - Google Patents
Application method of micro honeypots in modern families Download PDFInfo
- Publication number
- CN113098906A CN113098906A CN202110502068.XA CN202110502068A CN113098906A CN 113098906 A CN113098906 A CN 113098906A CN 202110502068 A CN202110502068 A CN 202110502068A CN 113098906 A CN113098906 A CN 113098906A
- Authority
- CN
- China
- Prior art keywords
- micro
- honeypot
- attack
- honeypots
- trapping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an application method of micro honeypots in modern families, and belongs to the technical field of network security. The invention provides an application method of micro honeypots in modern families, which comprises the steps of building a micro honeypot center platform on a cloud platform, and virtualizing a plurality of functional micro honeypots on the micro honeypot center platform in batches; disposing trapping nodes in a home network needing micro honeypot service; binding the deployed trapping nodes with the functional micro honeypots; a binding alarm pushing mode is adopted, when an attacker attacks the home network, an attacking behavior is introduced into the functional micro honey pot bound with the trapping node through the trapping node; the micro honeypot pushes an alarm to a home user by analyzing the attack behavior; and the family user performs corresponding processing according to the alarm. The invention applies the micro-honeypot technology to the family to protect the home network, realizes that the user monitors the safety condition of the home network at any time, and takes corresponding measures to block the attack.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an application method of micro honeypots in modern families.
Background
Honeypots are well-known technologies in the field of network security, and are mainly used for inducing attackers to attack and further performing attack behavior analysis. When an attacker is induced to attack, the honeypot usually needs to deploy trapping nodes, bind the trapping nodes with the honeypot, and forward the flow of the attacker to the honeypot. The existing honeypots are high in configuration and maintenance cost and are mainly applied to industries with high safety requirements, such as finance, electric power, government, communication and the like.
In this case, micro-honeypot technology is produced at the same time, and small enterprises are provided with the possibility of applying honeypots. A set of micro honey pot center platform can virtualize thousands of micro honey pots or even tens of thousands of micro honey pots, and the cost of a single micro honey pot can be lower. The micro honey pot center platform is opened on the public network, so that the micro honey pot center platform can be accessed only in a place where the internet can be accessed.
With the popularization and rapid development of the internet, more and more network devices appear in modern families. The network equipment and networking mainly involved in modern families include:
1. the home router: the method is mainly responsible for the connection of the whole home network equipment and the Internet. One end is connected with the optical modem of the operator, and the other end is connected with various network devices in the family. The intelligent door lock can be connected with equipment such as a computer or a camera through a wire, can also be connected with equipment such as a mobile phone, an intelligent door lock, an intelligent air conditioner, an intelligent printer and the like through a wireless mode, and generally has an intranet address of 192.168.1./24;
2. a home storage device: such as home NAS devices, can store movies, home photos, children's videos, teaching videos, etc., mainly through wired connection with the home router. The television can play the files in the NAS device through the network; the mobile phone can also store the pictures and videos shot at ordinary times to NAS equipment through a home router; the NAS device may also download network resources over a network.
3. Family safety camera: there are cameras installed at doorways and balconies of families and responsible for security monitoring, and cameras installed in living rooms, dining rooms and other places and responsible for shooting joyful family times. All cameras are typically wired to the home router.
4. The family safety door lock: connect the family router through wifi, can realize long-range opening the door.
5. Household remote control air conditioner: connect the family router through wifi, can realize long-range opening the air conditioner.
There are also many smart home products, not listed, but basically all smart home products are networked through a home router.
However, if an attacker attacks the home router, the camera can be controlled to acquire files in the NAS, and even the door can be opened remotely, so that a modern home needs a security device, and can find a malicious attacker in advance to perform security measures such as alarming, network breaking and the like.
The existing honeypots cannot be directly applied to modern families because of high deployment and maintenance costs.
The prior art has at least the following disadvantages:
1. at present, honeypots are high in configuration and maintenance cost and are mainly applied to large companies in the industries such as finance, electric power, government, communication and the like.
2. The current home networking equipment mainly focuses on the function aspect and has fewer safety considerations.
3. The current home security solution is mainly solved by a security password mode of the equipment, and is rarely solved by a network layer.
4. At present, no home security solution is solved by means of fraud defense.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides an application method of micro honeypots in modern families, wherein a micro honeypot center platform is built on a cloud platform, and a plurality of functional micro honeypots are virtualized on the micro honeypot center platform in batches; disposing trapping nodes in a home network needing micro honeypot service; binding the deployed trapping nodes with the functional micro honeypots; a binding alarm pushing mode is adopted, when an attacker attacks the home network, an attacking behavior is introduced into the functional micro honey pot bound with the trapping node through the trapping node; the micro honeypot pushes an alarm to a home user by analyzing the attack behavior; and the family user performs corresponding processing according to the alarm. The invention applies the micro-honeypot technology to the family to protect the home network, realizes that the user monitors the safety condition of the home network at any time, and takes corresponding measures to block the attack.
The micro honeypot center platform extracts attacker information such as characteristics of attack behaviors, IP addresses of attackers and the like from a large amount of network data and carries out data sharing on a public network; according to the attack data monitored by the micro-honeypot center platform, the micro-honeypot center platform can send an attack alarm to a user of the micro-honeypot through instant communication means such as WeChat, short message, RCS rich media or third-party application when the attack is monitored, and the user of the micro-honeypot can select a processing mode including real-time operations such as reading alarm information to continuously observe, blocking an IP address of an attacker or breaking a network.
The invention provides an application method of micro honeypots in modern families, which comprises the following steps:
building a micro honey pot center platform on a cloud platform;
virtualizing a plurality of functional micro honeypots in batches on a micro honeypot center platform, each micro honeypot having a plurality of functions, the functions including: monitoring the behavior of an attacker, recording information of the attacker, sending an attack alarm and providing service; the services comprise SSH service, Telnet service, ftp service and sharing service;
disposing trapping nodes in a home network needing micro honeypot service;
binding the deployed trapping nodes with the functional micro honeypots;
configuring a one-way route from the trapping node to the micro honeypot;
binding an alarm pushing mode, wherein the alarm pushing mode comprises pushing through at least one mode of WeChat, short message, RCS rich media and third-party application;
when an attacker attacks the home network, introducing an attack behavior into the functional micro honey pot bound with the trapping nodes through the trapping nodes;
the micro honeypot pushes an alarm to a home user by analyzing the attack behavior;
and the home user performs corresponding processing according to the alarm, wherein the processing comprises continuous observation and blocking of an IP address of an attacker and physical network break through a home router.
Preferably, the trap node deployed in the home network is a hardware device, and can be accessed to the home router through a network cable, and the hardware device performs the following operations:
installing an operating system;
installing a trapping node program;
inducing the flow of the attacker to a micro honey pot bound with the trapping node;
preferably, the operations performed by the hardware device further comprise: after the trapping node program is installed, the hardware equipment is connected to the home router through a network cable, the public network intercommunication IP address of the micro-honeypot center platform is configured, and whether the trapping node is communicated with the micro-honeypot center platform network or not is checked.
Preferably, the micro-honeypot center platform comprises:
the trapping node and micro honey pot module is used for trapping node management, micro honey pot management and binding of the trapping node and the micro honey pot;
the system comprises a workbench module, a network information overview module, a network state evaluation module, an event trend display module and an asset center display module, wherein the workbench module is used for system information overview, network state evaluation, event trend display in a preset time period and asset center display;
the data acquisition and analysis module is used for detecting attacks in real time, recording information related to the attacks, and carrying out threat data analysis, wherein the recorded information comprises attack types, attack source IP addresses, attack targets, event names, attack times, starting time, single attack duration and attack states, and the attack targets represent that a single user or batch users with common characteristics are attacked;
preferably, the micro-honeypot center platform comprises the following operations of managing the trapping nodes:
marking information of trapping nodes;
associating the trap node with the use client;
and binding the trapping nodes and the corresponding micro honeypots.
Preferably, the micro-honeypot center platform further comprises:
the data retrieval module is used for quickly searching data by selecting keywords in the management interface;
the alarm management module is used for transmitting the alarm event data sent by the micro honeypots to the client in a predefined mode;
the data statistics and survival report generation module is used for carrying out statistics on the attack behaviors, acquiring statistical data of attack frequency and attack times and generating a survival report according to the statistical data, the threat data analysis result and the attacker information;
and the attacker portrait module displays the attacker portrait on the interface according to the attack behavior of the attacker in the micro honeypot.
Preferably, the micro-honeypot center platform further comprises:
the user management module is used for adding and deleting users used by the micro honey pots and maintaining user network information and addresses;
and the operation log management module is used for recording the operation of the administrator on the micro honey pot center platform and the alarm related information sent by the micro honey pot center platform.
Preferably, the application method of the micro-honeypot in the modern family further comprises the step that when an attack occurs, the micro-honeypot center platform shares the information of the attacker so as to protect more users.
Preferably, the micro honeypots are low interaction micro honeypots.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention utilizes the micro-honeypot technology of deception defense, is applied to the family security networking, and solves the security defense problem of the family network.
2. The micro-honeypot technology is arranged on the cloud computing, the cost is low, a large number of micro-honeypots can be virtualized, and meanwhile, the connection is convenient.
3. The invention accurately informs the attack warning information of the home network to the user in real time in an instant communication mode such as WeChat, short message, RCS rich media, third-party application and the like, and provides specific information of an attacker for the user so that the user can adopt different attack blocking modes.
4. The invention realizes the information sharing of the attacker and protects other users on the public network who use the micro honeypot service.
Drawings
FIG. 1 is a schematic diagram of home networking of one embodiment of the present invention;
FIG. 2 is a flow chart of one embodiment of the present invention;
FIG. 3 is a schematic diagram of a micro-honeypot center platform architecture of an embodiment of the present invention;
fig. 4 is a schematic diagram of attack data flow according to an embodiment of the present invention.
Detailed Description
The following detailed description of the embodiments of the present invention is provided in conjunction with the accompanying drawings of fig. 1-4.
The invention provides an application method of micro honeypots in modern families, which comprises the following steps:
building a micro honey pot center platform on a cloud platform;
the method for building the micro honey pot center platform on the cloud platform comprises the following steps:
1. applying for cloud resources on a cloud platform, wherein the cloud resources comprise resources such as a CPU (central processing unit), a memory, a hard disk, a network and the like;
2. installing honeypot center platform software;
3. creating a management account for managing the micro honey pot center platform;
4. establishing each module of a micro honey pot center platform, and managing the micro honey pots, analyzing data on the micro honey pots, drawing pictures for attackers, giving an alarm and the like;
virtualizing a plurality of functional micro honeypots in batches on a micro honeypot center platform, each micro honeypot having a plurality of functions, the functions including: monitoring the behavior of an attacker, recording information of the attacker, sending an attack alarm and providing service; the services comprise SSH service, Telnet service, ftp service and sharing service;
compared with honeypots, micro honeypots are lighter in weight, and the number of the micro honeypots with the virtual functions in batches on a micro honeypot center platform can reach thousands or even tens of thousands.
The functions of micro honeypots can be roughly classified into two categories: the first type of semi-scanning function is that when an attacker uses ping or a scanner to detect, the micro honeypot can send out corresponding alarm and record the information of the attacker; the second type is a service function provided: the method comprises the steps that dozens of services such as SSH (secure Shell) service, Telnet service, ftp service and sharing service are included, and when an attacker attacks the micro-honeypot by using the services, the micro-honeypot can send out corresponding alarms and record attacker information. One micro honey pot can have multiple functions at the same time.
Disposing trapping nodes in a home network needing micro honeypot service;
binding the deployed trapping nodes with the functional micro honeypots;
configuring a one-way route from the trapping node to the micro honeypot;
binding the established trapping nodes and the established micro honeypots on a honeypot center platform;
the function of trapping the nodes is to forward all detected information to the bound honeypots, and the honeypots report corresponding attacker information to the platform in an alarm mode.
Binding an alarm pushing mode, wherein the alarm pushing mode comprises pushing through at least one mode of WeChat, short message, RCS rich media and third-party application;
on the micro honey pot center platform, corresponding messages can be sent by connecting a micro message gateway, a short message gateway and an RCS rich media gateway;
the ID of the trapping node deployed by each family is unique, the micro signal or the short signal and the like of the user can be bound through the ID of the trapping node of the family, when the micro honeypot center platform sends an attack alarm to the trapping node bound by the micro honeypot center platform, the alarm can be sent to the user through the micro signal or the short message, and the user can receive the alarm in real time and check the alarm.
When an attacker attacks the home network, introducing an attack behavior into the functional micro honey pot bound with the trapping nodes through the trapping nodes;
the micro honeypot pushes an alarm to a home user by analyzing the attack behavior;
and the home user performs corresponding processing according to the alarm, wherein the processing comprises continuous observation, blocking of an IP address of an attacker and physical network break through a home router, and the physical network break usually comprises the modes of pulling out a network cable, turning off the router and the like.
As a preferred embodiment, the trap node deployed in the home network is a hardware device, and can be accessed to the home router through a network cable, and the hardware device performs the following operations:
installing an operating system;
installing a trapping node program;
inducing the flow of the attacker to a micro honey pot bound with the trapping node;
the hardware device has at least the following configuration: 1 core CPU, 1G memory, 20G storage space and network interface;
as a preferred embodiment, the operations performed by the hardware device further comprise: after installing the trapping node program, connecting hardware equipment to a home router through a network cable, configuring a public network intercommunication IP address of the micro-honeypot center platform, and checking whether the trapping node is communicated with the micro-honeypot center platform network or not so as to ensure that attack flow can be induced to the micro-honeypot.
As a preferred embodiment, the micro honey pot centre platform comprises:
the trapping node and micro honey pot module is used for trapping node management, micro honey pot management and binding of the trapping node and the micro honey pot;
the system comprises a workbench module, a network information overview module, a network state evaluation module, an event trend display module and an asset center display module, wherein the workbench module is used for system information overview, network state evaluation, event trend display in a preset time period and asset center display;
the data acquisition and analysis module is used for detecting attacks in real time, recording information related to the attacks, and carrying out threat data analysis, wherein the recorded information comprises attack types, attack source IP addresses, attack targets, event names, attack times, starting time, single attack duration and attack states, and the attack targets represent that a single user or batch users with common characteristics are attacked;
as a preferred embodiment, the micro-honeypot center platform to trap node management includes the following operations:
marking information of trapping nodes;
associating the trap node with the use client;
and binding the trapping nodes and the corresponding micro honeypots.
In practical application, bound micro honeypots can be selected according to package information subscribed by family customers, if some customers have high requirements, the bound micro honeypots are multifunctional, and if some customers have low requirements, only the bound basic micro honeypots are bound, for example, only the functional micro honeypots of SSH service and shared service can be bound.
As a preferred embodiment, the micro-honeypot center platform further comprises:
the data retrieval module is used for quickly searching data by selecting keywords in the management interface;
the alarm management module is used for transmitting the alarm event data sent by the micro honeypots to the client in a predefined mode;
the data statistics and survival report generation module is used for carrying out statistics on the attack behaviors, acquiring statistical data of attack frequency and attack times and generating a survival report according to the statistical data, the threat data analysis result and the attacker information;
and the attacker portrait module displays the attacker portrait on the interface according to the attack behavior of the attacker in the micro honeypot.
The attacker information includes: IP information used for judging the source of the attacker; the equipment fingerprint information of the attacker comprises equipment hardware information, an operating system, a browser and the like; specific information of an attacker, such as some account information in a browser cache, such as Baidu ID and the like; attack frequency, attack times, used attack means, attack methods, attack tools and the like. The attacker information is mainly used for carrying out attack behavior analysis on the micro honeypot center platform, is used for platform maintenance and statistical analysis, and sends out alarm information according to the analysis result.
As a preferred embodiment, the micro-honeypot center platform further comprises:
the user management module is used for adding and deleting users used by the micro honey pots and maintaining user network information and addresses;
and the operation log management module is used for recording the operation of the administrator on the micro honey pot center platform and the alarm related information sent by the micro honey pot center platform.
The method for applying the micro-honeypots in modern families further comprises the step that when an attack occurs, the micro-honeypot center platform shares attacker information so as to protect more users on the stations.
As a preferred embodiment, the micro honeypots are low interaction micro honeypots.
The micro honeypots are lighter than honeypots, mainly low-interaction micro honeypots are used as main components, and of course, the micro honeypots can be configured as high-interaction or medium-interaction micro honeypots.
Example 1
Referring to fig. 1-4, a detailed description of the method of using micro honeypots in modern homes according to an embodiment of the present invention is provided.
The invention provides an application method of micro honeypots in modern families, which comprises the following steps:
building a micro honey pot center platform on a cloud platform;
the micro honeypot center platform includes:
the trapping node and micro honey pot module is used for trapping node management, micro honey pot management and binding of the trapping node and the micro honey pot;
the micro honeypot center platform comprises the following operations of carrying out management on trapping nodes:
marking information of trapping nodes;
associating the trap node with the use client;
binding the trapping nodes and the corresponding micro honeypots;
the system comprises a workbench module, a network information overview module, a network state evaluation module, an event trend display module and an asset center display module, wherein the workbench module is used for system information overview, network state evaluation, event trend display in a preset time period and asset center display;
the data acquisition and analysis module is used for detecting attacks in real time, recording information related to the attacks, and carrying out threat data analysis, wherein the recorded information comprises attack types, attack source IP addresses, attack targets, event names, attack times, starting time, single attack duration and attack states, and the attack targets represent that a single user or batch users with common characteristics are attacked;
the micro honeypot center platform further comprises:
the data retrieval module is used for quickly searching data by selecting keywords in the management interface;
the alarm management module is used for transmitting the alarm event data sent by the micro honeypots to the client in a predefined mode;
the data statistics and survival report generation module is used for carrying out statistics on the attack behaviors, acquiring statistical data of attack frequency and attack times and generating a survival report according to the statistical data, the threat data analysis result and the attacker information;
the attacker portrait module displays the attacker portrait on the interface according to the attack behavior of the attacker in the micro honeypot;
the micro honeypot center platform further comprises:
the user management module is used for adding and deleting users used by the micro honey pots and maintaining user network information and addresses;
and the operation log management module is used for recording the operation of the administrator on the micro honey pot center platform and the alarm related information sent by the micro honey pot center platform.
Virtualizing a plurality of functional micro-honeypots in batch on a micro-honeypot center platform, wherein each micro-honeypot has a plurality of functions, and the functions comprise: monitoring the behavior of an attacker, recording information of the attacker, sending an attack alarm and providing service; the services comprise SSH service, Telnet service, ftp service and sharing service; the micro honeypot is a low-interaction micro honeypot.
Disposing trapping nodes in a home network needing micro honeypot service;
the trap node deployed in the home network is a hardware device, and can be accessed to the home router through a network cable, and the hardware device performs the following operations:
installing an operating system;
installing a trapping node program;
inducing the flow of the attacker to a micro honey pot bound with the trapping node;
the operations performed by the hardware device further include: after the trapping node program is installed, the hardware equipment is connected to the home router through a network cable, the public network intercommunication IP address of the micro-honeypot center platform is configured, and whether the trapping node is communicated with the micro-honeypot center platform network or not is checked.
Binding the deployed trapping nodes with the functional micro honeypots in the micro honeypot center platform;
configuring a one-way route from the trapping node to the micro honeypot;
binding an alarm pushing mode on a micro honeypot center platform, wherein the alarm pushing mode comprises pushing through at least one mode of WeChat, short message, RCS rich media and third-party application;
when an attacker attacks the home network, introducing an attack behavior into the functional micro honey pot bound with the trapping nodes through the trapping nodes;
the micro honeypot pushes an alarm to a home user by analyzing the attack behavior;
and the home user performs corresponding processing according to the alarm, wherein the processing comprises continuous observation and blocking of an IP address of an attacker and physical network break through a home router.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (8)
1. A method for applying micro honeypots in modern families is characterized by comprising the following steps:
building a micro honey pot center platform on a cloud platform;
virtualizing a plurality of functional micro honeypots in batches on a micro honeypot center platform, each micro honeypot having a plurality of functions, the functions including: monitoring the behavior of an attacker, recording information of the attacker, sending an attack alarm and providing service; the services comprise SSH service, Telnet service, ftp service and sharing service;
disposing trapping nodes in a home network needing micro honeypot service;
binding the deployed trapping nodes with the functional micro honeypots;
configuring a one-way route from the trapping node to the micro honeypot;
binding an alarm pushing mode, wherein the alarm pushing mode comprises pushing through at least one mode of WeChat, short message, RCS rich media and third-party application;
when an attacker attacks the home network, introducing an attack behavior into the functional micro honey pot bound with the trapping nodes through the trapping nodes;
the micro honeypot pushes an alarm to a home user by analyzing the attack behavior;
and the home user performs corresponding processing according to the alarm, wherein the processing comprises continuous observation and blocking of an IP address of an attacker and physical network break through a home router.
2. Method for the application of micro-honeypots in modern homes according to claim 1, characterized in that the trap nodes deployed in the home network are hardware devices accessible to the home router through the network cable, said hardware devices performing the following operations:
installing an operating system;
installing a trapping node program;
and inducing the flow of the attacker to the micro honeypots bound with the trapping nodes.
3. The method of micro-honeypot application in modern homes of claim 2, wherein the operations performed by the hardware device further comprise: after the trapping node program is installed, the hardware equipment is connected to the home router through a network cable, the public network intercommunication IP address of the micro-honeypot center platform is configured, and whether the trapping node is communicated with the micro-honeypot center platform network or not is checked.
4. Method of micro-honeypot application in modern homes according to claim 1, where the micro-honeypot center platform comprises:
the trapping node and micro honey pot module is used for trapping node management, micro honey pot management and binding of the trapping node and the micro honey pot;
the system comprises a workbench module, a network information overview module, a network state evaluation module, an event trend display module and an asset center display module, wherein the workbench module is used for system information overview, network state evaluation, event trend display in a preset time period and asset center display;
and the data acquisition and analysis module is used for detecting the attack in real time, recording information related to the attack, and analyzing threat data, wherein the recorded information comprises the attack type, the attack source IP address, the attack target, the event name, the attack times, the starting time, the single attack duration and the attack state, and the attack target represents that a single user or a batch user with common characteristics attacks.
5. Method for micro-honeypot application in modern homes according to claim 4, characterized by the micro-honeypot central platform to trap node management comprising the following operations:
marking information of trapping nodes;
associating the trap node with the use client;
and binding the trapping nodes and the corresponding micro honeypots.
6. Method of micro-honeypot application in modern homes according to claim 4, where the micro-honeypot center platform further comprises:
the data retrieval module is used for quickly searching data by selecting keywords in the management interface;
the alarm management module is used for transmitting the alarm event data sent by the micro honeypots to the client in a predefined mode;
the data statistics and survival report generation module is used for carrying out statistics on the attack behaviors, acquiring statistical data of attack frequency and attack times and generating a survival report according to the statistical data, the threat data analysis result and the attacker information;
and the attacker portrait module displays the attacker portrait on the interface according to the attack behavior of the attacker in the micro honeypot.
7. Method of micro-honeypot application in modern homes according to claim 4, where the micro-honeypot center platform further comprises:
the user management module is used for adding and deleting users used by the micro honey pots and maintaining user network information and addresses;
and the operation log management module is used for recording the operation of the administrator on the micro honey pot center platform and the alarm related information sent by the micro honey pot center platform.
8. Method for the application of micro-honeypots in modern homes according to claim 1, characterized in that the micro-honeypots are low interaction micro-honeypots.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110502068.XA CN113098906B (en) | 2021-05-08 | 2021-05-08 | Application method of micro honeypots in modern families |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110502068.XA CN113098906B (en) | 2021-05-08 | 2021-05-08 | Application method of micro honeypots in modern families |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113098906A true CN113098906A (en) | 2021-07-09 |
| CN113098906B CN113098906B (en) | 2022-08-30 |
Family
ID=76664959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110502068.XA Active CN113098906B (en) | 2021-05-08 | 2021-05-08 | Application method of micro honeypots in modern families |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113098906B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499915A (en) * | 2021-09-28 | 2022-05-13 | 北京卫达信息技术有限公司 | Trapping attack method, device and system combining virtual nodes and honeypots |
| CN114584349A (en) * | 2022-02-15 | 2022-06-03 | 烽台科技(北京)有限公司 | Network data protection method, device, terminal and readable storage medium |
| CN114866353A (en) * | 2022-07-06 | 2022-08-05 | 广州锦行网络科技有限公司 | Method and device for trapping attackers in expressway network and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090328216A1 (en) * | 2008-06-30 | 2009-12-31 | Microsoft Corporation | Personalized honeypot for detecting information leaks and security breaches |
| CN109361670A (en) * | 2018-10-21 | 2019-02-19 | 北京经纬信安科技有限公司 | Utilize the device and method of the targeted Dynamical Deployment capture malice sample of honey jar |
| CN110875904A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Method for realizing attack processing, honeypot deployment method, honeypot deployment medium and honeypot deployment device |
| CN111431891A (en) * | 2020-03-20 | 2020-07-17 | 广州锦行网络科技有限公司 | Honey pot deployment method |
| CN112165459A (en) * | 2020-09-08 | 2021-01-01 | 广州锦行网络科技有限公司 | Application method for automatically switching to host honeypot based on alarm honeypot information analysis |
| US10972503B1 (en) * | 2018-08-08 | 2021-04-06 | Acalvio Technologies, Inc. | Deception mechanisms in containerized environments |
| CN112738128A (en) * | 2021-01-08 | 2021-04-30 | 广州锦行网络科技有限公司 | Novel honeypot networking method and honeypot system |
-
2021
- 2021-05-08 CN CN202110502068.XA patent/CN113098906B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090328216A1 (en) * | 2008-06-30 | 2009-12-31 | Microsoft Corporation | Personalized honeypot for detecting information leaks and security breaches |
| US10972503B1 (en) * | 2018-08-08 | 2021-04-06 | Acalvio Technologies, Inc. | Deception mechanisms in containerized environments |
| CN110875904A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Method for realizing attack processing, honeypot deployment method, honeypot deployment medium and honeypot deployment device |
| CN109361670A (en) * | 2018-10-21 | 2019-02-19 | 北京经纬信安科技有限公司 | Utilize the device and method of the targeted Dynamical Deployment capture malice sample of honey jar |
| CN111431891A (en) * | 2020-03-20 | 2020-07-17 | 广州锦行网络科技有限公司 | Honey pot deployment method |
| CN112165459A (en) * | 2020-09-08 | 2021-01-01 | 广州锦行网络科技有限公司 | Application method for automatically switching to host honeypot based on alarm honeypot information analysis |
| CN112738128A (en) * | 2021-01-08 | 2021-04-30 | 广州锦行网络科技有限公司 | Novel honeypot networking method and honeypot system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499915A (en) * | 2021-09-28 | 2022-05-13 | 北京卫达信息技术有限公司 | Trapping attack method, device and system combining virtual nodes and honeypots |
| CN114584349A (en) * | 2022-02-15 | 2022-06-03 | 烽台科技(北京)有限公司 | Network data protection method, device, terminal and readable storage medium |
| CN114866353A (en) * | 2022-07-06 | 2022-08-05 | 广州锦行网络科技有限公司 | Method and device for trapping attackers in expressway network and electronic equipment |
| CN114866353B (en) * | 2022-07-06 | 2022-09-30 | 广州锦行网络科技有限公司 | Method and device for trapping attackers in expressway network and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113098906B (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113098906B (en) | Application method of micro honeypots in modern families | |
| CN110677408B (en) | Attack information processing method and device, storage medium and electronic device | |
| Spitzner | Honeypots: Catching the insider threat | |
| Yegneswaran et al. | Using honeynets for internet situational awareness | |
| US9609019B2 (en) | System and method for directing malicous activity to a monitoring system | |
| US8782796B2 (en) | Data exfiltration attack simulation technology | |
| US7770223B2 (en) | Method and apparatus for security management via vicarious network devices | |
| Tien et al. | KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches | |
| CN113676449B (en) | Network attack processing method and device | |
| US20170171244A1 (en) | Database deception in directory services | |
| CN107888607A (en) | A kind of Cyberthreat detection method, device and network management device | |
| CA3013924A1 (en) | Automated honeypot provisioning system | |
| CN103746956A (en) | Virtual honeypot | |
| CN106850690B (en) | Honeypot construction method and system | |
| CN110493238A (en) | Defence method, device, honey pot system and honey jar management server based on honey jar | |
| Dalamagkas et al. | A survey on honeypots, honeynets and their applications on smart grid | |
| WO2016081561A1 (en) | System and method for directing malicious activity to a monitoring system | |
| CN110855659A (en) | redis honeypot deployment system | |
| CN111885067A (en) | Flow-oriented integrated honeypot threat data capturing method | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN115134166A (en) | Attack tracing method based on honey holes | |
| Visoottiviseth et al. | Distributed honeypot log management and visualization of attacker geographical distribution | |
| Ngobeni et al. | A forensic readiness model for wireless networks | |
| Haseeb et al. | Iot attacks: Features identification and clustering | |
| Sharma | Honeypots in Network Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |