Supercharge Your Innovation With Domain-Expert AI Agents!

Extensible honeypot traceability countering method in power industry

An extended technology in the power industry, applied in electrical components, transmission systems, etc., can solve the problems of easy failure of traceability interfaces, difficult reconstruction of anti-trojan horses, and obvious characteristics.

Active Publication Date: 2021-11-19
STATE GRID HUNAN ELECTRIC POWER +2
View PDF10 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The disadvantage is that the existing mainstream honeypot system has obvious characteristics, which are easy to be identified and marked by attackers. At the same time, there are problems such as easy failure of the traceability interface and difficult reconstruction of anti-Trojan horses.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Extensible honeypot traceability countering method in power industry
  • Extensible honeypot traceability countering method in power industry
  • Extensible honeypot traceability countering method in power industry

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032]如图1所示为本发明方法的方法流程示意图:本发明提供的这种电力行业可扩展式蜜罐溯源反制方法,包括如下步骤:

[0033]对监测到的攻击行为进行攻击情报信息汇聚的步骤;具体包括如下步骤(如图2所示):

[0034]对已部署的若干台蜜罐管理节点配置统一的syslog日志服务器地址;一旦蜜罐系统监测到攻击告警,则将告警信息传送至日志服务器;

[0035]使用自动化脚本监听syslog日志流,并对日志数据进行清洗;然后将清洗后的日志数据发送到分布式消息队列nsq中的指定订阅通道中;所述的对日志数据进行清洗包括特殊字符转义、IP信息提取、json序列化等步骤;

[0036]从nsq队列中获取到蜜罐传输过来的攻击IP信息,通过自动化脚本集成主流的情报信息查询接口,汇聚检索结果并生成基础的攻击者画像;所述的攻击者画像包括攻击源的IP地址、域名注册信息、APT组织活动信息、新型载荷信息以及各类情报平台信息等,实现基础情报信息的聚合;

[0037]对查询到的情报数据进行清洗和处理,形成结构化数据,一个真实的攻击IP对应一条数据记录,并以键值对的数据形式存入到数据库中;

[0038]对数据库的操作接口进行封装,形成统一的数据控制接口,从而对攻击数据和收集到的情报信息进行实时查询与更新,为后续的攻击溯源提供初步的取证依据,为应对潜在攻击威胁制定预防措施;

[0039]构建溯源接口的步骤;具体包括如下步骤(如图3所示):

[0040]对已公开的第三方溯源接口进行集成,基于跨站脚本利用原理,对接口代码进行重构,以script标签形式内嵌入页面中,构建自定义接口集;

[0041]部署nginx软件模块,编译溯源接口代码并上传至安全测试平台(如xss平台),生成能够进行远程访问的url;基于HTML语言中图片标签、脚本标签的src属性不受浏览器同源策略限制这一特性,利用nginx反编译功能将生成的url以源路径属性的形式插入页面中,实现对溯源接口的无感集成;

[0042]构建反制木马的步骤;具体包括如下步骤(如图4所示):

[0043]使用远程控制工具生成具有反连功能的攻击载荷,嵌入攻击载荷加载器;

[0044]对攻击载荷进行免杀操作,从而生成反制木马;

[0045]配置远控工具监听器,以保持对反连vps操作的持续监听;

[0046]具体实施时,构建反制木马分为攻击载荷设计与本地文件载入两步;首先构建攻击载...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an extensible honeypot traceability countering method for the power industry. The method comprises the following steps: carrying out attack intelligence information aggregation on monitored attack behaviors; constructing a traceability interface; constructing counter Trojan horse; and fusing the constructed traceability interface and countering Trojan horse into a honeypot template as honeypot node deployment so as to perform traceability countering aiming at the characteristics of the electric power information system. According to the invention, active collection and convergence of attack information and intelligence information integration are realized; a code packaging and reconstructing method is applied to construct a user-defined traceability interface set and kill-free countering Trojan horse, and a traceability countering module is decoupled from an original honey pot function, so that extension of the honey pot function is realized; and finally, a novel honeypot template is constructed by using a self-defined traceability interface set and a Trojan horse countering tool to form a diversified attack trapping combination, and the combination is designed, arranged and deployed to a real attack intrusion link according to an actual application scene of the power industry, so that the method has certain expansibility and practicability.

Description

technical field [0001] The invention belongs to the field of network security in the electric power industry, and in particular relates to an expandable honeypot traceability countermeasure method in the electric power industry. Background technique [0002] With the changes in the international situation, the competition among countries in cyberspace has become more intense. Network security incidents in recent years have shown that my country's Internet network security situation is gradually severe, and key information infrastructure represented by power systems has become an important target of network attacks. Therefore, it is particularly important to strengthen dynamic defense and active defense capabilities. [0003] Honeypot technology is an active protection technology with the concept of "deception and trapping" as the core. It forges services by establishing special networks, terminals, services and data to attract intrusion behaviors, thereby obtaining informati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1491H04L63/1408H04L63/1416H04L63/1425Y04S40/20
Inventor 高隽魏如意曹琳婧孙毅臻田峥陈中伟贺泽华
Owner STATE GRID HUNAN ELECTRIC POWER
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com