411 results about "Honeypot" patented technology

The present invention discloses a vulnerability simulation overload honeypot method which comprises a host computer, a port scanning deception simulating module, a vulnerability scanning deception simulating module, a vulnerability scanning deception simulating module, a vulnerability attach deception simulating module, a data auditing module and a vulnerability utilizing module. When the attach sequence arrives at the simulated honeypot, a simulated honeypot system is used for processing according to the situation. When an attacker executes vulnerability scanning to the virtual host computer, the simulated honeypot responds and processes according to the vulnerability configuration information. Afterwards, these vulnerabilities are used for further attacking. Hereon, the simulated honeypot system transmits the vulnerability attack data flow to a vulnerability honeypot system. The vulnerability utilization attach of the attacker is processed and responded by a vulnerability attack simulating module. Finally, when the attacker successfully obtains the control power through the vulnerability attack, the attack data hereon is transmitted to a physical honeypot module. All attack processes and related data are recorded by a data auditing module for analyzing comprehensively. The method reduces the number of hardware devices in the honeynet and reduces the cost.

The invention provides a network attack information processing method. The network attack information processing method comprises the following steps: acquiring attack traffic for attacking a target system; in response to the acquired attack traffic, triggering a port multiplexing process to monitor the attack traffic forwarded by the target port; triggering an attack information classification model, and identifying the category of the attack traffic; triggering a port forwarding process based on an identification result of the attack information classification model, and forwarding the attack traffic. The invention further provides a network attack information processing device, electronic equipment and a storage medium. According to the invention, the attack traffic can be forwarded tothe corresponding honeypot systems of different types, the network attack information processing efficiency of the honeypot systems is improved, the number of deployed servers is reduced, the cost ofa user is saved, and the large-scale deployment of the honeypot systems is realized.

The invention provides an implementation method and device of an application-type honeypot. The implementation method comprises the following steps: obtaining application service to be simulated and the attribute information and the application environment of the application service to be simulated, and deploying the same application service and application environment into the honeypot; setting the corresponding attributes of the honeypot, for example, a login account of the application service of the honeypot is set to be the same with the application service to be simulated, and the known controllable security holes of at least one application service is opened; according to a user flag, carrying out decryption processing on all pieces of business data in the application service, applying a confounding algorithm to carry out deformation processing on all pieces of business data, and then, importing the business data into the application service of the honeypot; and importing newly-added business data into the application service of the honeypot in fixed time or real time. The invention also provides corresponding equipment. The application-type honeypot can be combined with the real business data of the user to confuse an attacker to a maximum degree, and the attacker is enabled to think that the honeypot is the real application service data of the user.

The invention is a method and system for detecting attackers that are interested in attacking an organization's infrastructure during the reconnaissance phase of an Advanced Persistent Threat (APT). APTs are very sophisticated attacks and incorporate advanced methods for evading current security mechanisms. Therefore, the present invention uses an innovative social network honeypot.

Techniques for preventing ransomware from encrypting files on a target machine are disclosed. In some embodiments, a system/process/computer program product for preventing ransomware from encrypting files on a target machine includes monitoring file system activities on a computing device; detecting an unauthorized activity associated with a honeypot file or honeypot folder; and performing an action based on a policy in response to the unauthorized activity associated with the honeypot file or honeypot folder.

The invention provides a novel honeypot networking method and a honeypot system, and belongs to the technical field of network security. The invention provides a honeypot networking method, and the method comprises the following steps: listing idle services of a real business host, listing attacker common services, selecting some idle services from the idle services of the real business host according to the attacker common services, deploying the idle services as trapping nodes, deploying one trapping node for each selected idle service, and deploying one trapping node for each selected trapping node; binding the trapping node with the honeypot; when an attacker accesses an idle service, introducing attacker access flow into the honeypot, enabling the honeypot system to analyze the attacker access flow, automatically downloading a countering program and countering the attacker. According to the method, the trapping nodes are deployed on the idle service of the real service host, so that a large number of special servers or special virtual machines created on the idle servers are saved for deploying the trapping nodes, the capture efficiency is high, and the idle service is utilized.

The invention discloses a method for forwarding attack traffic to a honeypot. A gateway agent mode is adopted; a gateway and a flow forwarding module are simply deployed; request access to a sensitiveport on a real service server is forwarded to a gateway; the gateway carries out flow forwarding module rule configuration, forwards the request of the attacker to the honeypot, the honeypot carriesout attack evidence obtaining and replies the access request of the attacker, forwarding of the data packet is easily achieved through the gateway, and the situation that the whole communication quality is affected by instability generated in the agent disguising process is prevented. Intrusion detection is carried out, deployment is easy and convenient, operability is high, network safety and enterprise service safety and stability are maintained, and convenience is provided for disguise agency deployment of small and medium-sized enterprises.

The invention relates to an attack data acquisition method and device of a honeypot system. The method comprises the steps that real industrial control equipment, virtual industrial control equipmentand an upper computer in the honeypot system are operated; wherein the upper computer is used for sending a control instruction to the real industrial control equipment and the virtual industrial control equipment and reading state data; and the flow monitoring device monitors the communication flow information of the honeypot system, and analyzes and records attack behavior data in the communication flow information. By adopting the method, the simulation degree of the honeypot system can be improved, and an cracking of an attacker is prevented.

A computer network security system is provided. The system offers a last line of defense against malicious software through a novel software adapted to detect and deploy defensive action against the presence of malicious activity in a shared file environment. The novel software allows the administrator to create random honeypot files of known parameters that can be stored in vulnerable folders in a user-friendly manner. The novel software constantly monitors those files. If the novel software detects any unwanted action on the monitored honeypot files, through detection of a change in the known parameters, the present invention deploys defensive actions to protect the server including establishing fire walls and cessation of file sharing. Once defensive actions have been taken, the software reports all active sessions and open files as of the time of detection.

The invention discloses an Internet of Things honeynet system based on SOAP service simulation, and belongs to the technical field of Internet of Things security. The objective of the invention is tomonitor and collect the security state of the Internet of Things, capture the malicious request of a hacker for the Internet of Things, and collect malicious samples. According to the method, a middle-high interaction honeypot is designed according to a router SOAP service vulnerability CVE-2017-17215;; in order to prevent the situation that a hacker performs injecting service details which are not completed by the simulation serviceand the simulation service honeypot cannot respond and cannot capture subsequent malicious codes and samples, the function of supplementing the simulation servicehoneypot with the honeypot for providing the real SOAP service is realized by using equipment firmware with vulnerabilities; in order to capture more types of SOAP attacks, the SOAP port exposed mostin 2018 is analyzed, and a corresponding multi-port honeypot is manufactured. The honeypots are deployed to a plurality of nodes, a control center is designed at the same time to distribute commands and transmit files, and Docker technology packaging is assisted to achieve rapid deployment. Hackers cannot control the Internet of Things equipment through SOAP service vulnerabilities, so that the security of the Internet of Things is improved.

The invention discloses an attack perception method, device and equipment based on honeypot induction and a medium. The method comprises the following steps: filtering a captured data package to obtain a first target data package, and outputting the first target data package to a user mode process; determining a target communication induction strategy corresponding to the first target data packetin a user mode process, and communicating with a source Internet protocol address corresponding to the first target data packet based on the target communication induction strategy to capture at leastone second target data packet sent by the source Internet protocol address; and determining the first target data packet and/or the second target data packet corresponding to the first target data packet as a to-be-analyzed data packet, analyzing the to-be-analyzed data packet based on a preset analysis rule set, and analyzing an attack behavior according to an analysis result. The system has thedual advantages of an intrusion detection system and a honeypot system, attack information can be captured more comprehensively, and the safety of the network is protected.

The invention discloses a system and method for detecting Ethereum digital currency stealing attacks. The method comprises the steps: deploying an Ethereum honeypot, inducing a network attacker to quickly find a honeypot host, transmitting a detection request, and capturing a malicious request from the attacker; storing the malicious request from the attacker in a database; and analyzing the attack data, associating the malicious request, detecting an attack behavior, identifying an attack method used by an attacker, tracking the attacker, and generating a detection result. According to the method, the malicious request sent by the attacker is attracted and captured, and the attack technique used by the attacker is further recognized, and weak points of an existing system are effectively found, so that the Ethereum system is better protected.

Techniques for using honeypots to lure attackers and gather data about attackers and attack patterns on Infrastructure-as-a-Service (IaaS) instances. The gathered data may then be analyzed and used to proactively prevent such attacks.

The invention discloses an attack defense method, device and equipment, a storage medium and a system. The method comprises the following steps: receiving access requests of attackers forwarded by a plurality of probe nodes; collecting attack behavior information according to each access request; according to the attack behavior information, extracting attack behavior characteristics for defendingagainst attacks. According to the invention, the monitoring in a larger range can be realized based on a small amount of high-interaction honeypot, the cost is effectively reduced, the deployment andimplementation are simple, the occupied resources are less, and the problems that a small amount of honeypot nodes are difficult to play a honeypot role and the protection range is not comprehensiveenough in the prior art are solved.