Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for enhancing the trapping capability of honeynet and honeynet system

A honeynet and strength technology, applied in transmission systems, electrical components, etc., can solve the problem of high decoy in the honeynet system, and achieve the effect of increasing authenticity and interactivity, and improving deception.

Inactive Publication Date: 2012-07-04
HUAWEI DIGITAL TECH (CHENGDU) CO LTD +1
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] However, in the process of realizing the present invention, the inventor found that the prior art only simulated an environment, and the long-term change of user behavior in the above honeynet system would arouse the suspicion of the attacker. At the same time, the attacker may find that the user in the system Therefore, although the above three types of honeynet systems have their own advantages, they have not solved the high deception problem of the honeynet system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for enhancing the trapping capability of honeynet and honeynet system
  • Method for enhancing the trapping capability of honeynet and honeynet system
  • Method for enhancing the trapping capability of honeynet and honeynet system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] like figure 1 Shown is a flow chart of a method for enhancing honeynet deception provided by Embodiment 1 of the present invention. The method includes:

[0029] S101: Establish a decoy subnet in the honeynet system. The decoy subnet is the main part used to lure the attacker to attack it. The attacker is most interested in various types of servers. Therefore, in this embodiment, The decoy subnet includes at least one physical server. Of course, the more types of servers, the higher the decoy strength. In this embodiment, the server adopts a real physical server, which can make the decoy subnet look more authentic, thereby improving the decoy strength of the decoy subnet. The physical server can be an FTP server, HTTP server, WEB server, mail server etc. In this embodiment, the honeypot host and the physical server may be connected through a hub, router or switch.

[0030] As an embodiment of the present invention, a honeypot host can also be set in the decoy subnet,...

Embodiment 2

[0036] In this embodiment, we further introduce in detail the user behavior simulation in S102 in the first embodiment. First, we will introduce the behavior of simulating and deceiving network users outside the decoy subnet to access the physical server in the decoy subnet:

[0037] like figure 2 Shown is a schematic flow diagram of a simulated network user host accessing a physical server inside a decoy subnet provided by the implementation of the present invention. The access process includes the following steps:

[0038] S201: Deceiving the simulated network user host outside the subnet to create an address file storing the address of the web page on the physical server. Whether it is an FTP server, HTTP server, WEB server or mail server, to access it, you need to enter its webpage address, that is, the Uniform Resource Locator (Uniform Resource Locator, URL) address, so the establishment of this address file is for subsequent Access provides an access basis.

[0039]...

Embodiment 3

[0063] The third embodiment is to illustrate the modification and restoration of IP in the process of simulating network user hosts and simulating local user hosts in the second embodiment. like Figure 5 Shown is a schematic diagram of modifying and restoring IP interaction during a simulated network user host access process provided by Embodiment 3 of the present invention. The process includes the following steps:

[0064] S501: The simulated network user host sends a request data packet to the physical server in the decoy subnet to access the physical server.

[0065] S502: When the request data packet passes through the firewall, the firewall judges whether the request data packet is the request data packet sent by the simulated network user host: if not, directly let the request data packet enter the decoy subnet; if yes, enter the step S503. The judgment of the simulated user has been discussed in the second embodiment, and will not be repeated here.

[0066] S503-50...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a method for enhancing the trapping capability of a honeynet and a honeynet system. The method includes the following steps of: establishing a trapping sub-netthat includes at least one physical server in the honeynet system; simulating the action that a network user outside the trapping sub-net accesses the physical server, and / or the action that a localuser inside the trapping sub-net accesses an external network. The embodiment not only simulates the network environment, but also uses the means of flow simulation generated by user behaviour to enhance the realness and interaction of the honeynet system, thus improving the trapping capability of the honeynet system.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a method and a honeynet system for enhancing honeynet deception. Background technique [0002] At present, with the development of Internet technology, network scanning, the spread of worms and virus codes, and malicious attacks by hackers are dangers that every host on the network may face at any time. In response to the above-mentioned dangers, security technologies such as antivirus software and firewalls have been developed, but they are only passively dealing with the above-mentioned dangers. The proposal of honeypot and honeynet technology is just to attack and study these security threats on the network. [0003] A honeypot is a bait deployed on the network that pretends to be a real network, host, and service to lure malicious attacks. Its value lies in collecting attack activity information on the network, and monitoring, detecting, and analyzing such ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 顾凌志周世杰
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products