A method to determine the attack path of lateral movement in honeynet based on the analysis of attack behavior

An attack path and behavior analysis technology, applied to electrical components, transmission systems, etc., can solve problems such as the inability to identify multiple attackers’ attack paths, rigid methods for determining attack behavior, and inaccessible paths.

Active Publication Date: 2020-08-14
广州锦行网络科技有限公司
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the attack behavior determination method provided by the above-mentioned patent document CN108234400A is too rigid, and it is necessary to preset possible attack paths. When the access path does not exist in the preset library, the access path cannot be clarified; As far as the honeynet is concerned, lateral movement attacks are being carried out, and it is impossible to identify the respective attack paths of multiple attackers through the time axis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method to determine the attack path of lateral movement in honeynet based on the analysis of attack behavior
  • A method to determine the attack path of lateral movement in honeynet based on the analysis of attack behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0057] The method for determining the lateral movement attack path in the honeynet based on attack behavior analysis provided by the present invention comprises the following steps:

[0058] S1: Deploy multiple honeypots to form a honeynet environment. The honeynet environment includes honeypot A, honeypot B, honeypot C...;

[0059] Among them, the honeypot is equipped with a honeypot monitoring module. The honeypot monitoring module is a set of monitoring programs that run secretly in the honeypot. The processes, files, network data and network connections related to the monitoring program have deep hidden characteristics. and tools cannot detect;

[0060] The monitoring program monitors the core layer, the network layer and the application layer in the honeypot host in real time, and the honeypot monitoring module is used to accurately identify active attackers in the current honeypot, and links the attack behavior data with the attack source;

[0061] The honeypot monitori...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method for determining a lateral movement attack path in a honeynet based on attack behavior analysis, which relates to the technical field of honeypots and includes the following steps: S1: deploying multiple honeypots to form a honeynet environment; Clean and preprocess all the honeypot attack data received; S3: store all honeypot attack data processed in step S2 in the database for persistent storage; S4: determine whether the attack source of the attack data is in the honeynet environment If it is not in the honeynet environment, the current honeypot is the entry honeypot for the attacker to enter the honeynet environment; if it is in the honeynet environment, the current honeypot has an upstream springboard honeypot; S5: Combine all honeypots Correlation analysis is performed on the attack data; the attack path provided by the invention is completely determined according to the actual situation of the attacker moving laterally in the honeynet, and the possible attack path is not preset, which is more flexible and accurate than the prior art.

Description

technical field [0001] The invention relates to the field of honeypot technology, in particular to a method for determining a lateral movement attack path in a honeynet based on attack behavior analysis. Background technique [0002] Honeypot technology generally pretends to be a vulnerable network service and responds to the attack connection. It can be used to deceive the attacker, increase its attack cost, and monitor it. In practical applications, multiple honeypots are usually built in the same network to form a honeynet, which provides a real and rich business environment for attackers and increases the difficulty of identifying attackers. [0003] After the attacker enters the honeynet system, the next step is to carry out lateral movement attacks to find valuable resources. In order to better monitor the attacker and identify the attacker's attack intention and target, it is necessary to know Lateral movement attack paths within the network. [0004] Patent documen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1491
Inventor 刘顺明
Owner 广州锦行网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap