| HoneyBow: 一个基于高交互式蜜罐技术的恶意代码自动捕获器 |
| |
| 引用本文: | 诸葛建伟,韩心慧,周勇林,宋程昱,郭晋鹏,邹 维.HoneyBow: 一个基于高交互式蜜罐技术的恶意代码自动捕获器[J].通信学报,2007,28(12):8-13. |
| |
| 作者姓名: | 诸葛建伟 韩心慧 周勇林 宋程昱 郭晋鹏 邹 维 |
| |
| 作者单位: | 1. 北京大学,计算机科学技术研究所,北京,100871
2. 国家计算机网络应急技术处理协调中心,北京,100029 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划);国家242信息安全计划基金 |
| |
| 摘 要: | 恶意代码已成为互联网最为严重的安全威胁之一,自动化捕获恶意代码样本是及时有效地应对恶意代码传播的必要前提,提出了一个基于高交互式蜜罐技术的恶意代码自动捕获器HoneyBow。相比较于基于低交互式蜜罐技术的Nepenthes恶意代码捕获器,HoneyBow具有恶意代码捕获类型更为全面、能够捕获未知恶意代码的优势,互联网上的实际恶意代码捕获记录对比和Mocbot蠕虫的应急响应处理实例对其进行了充分验证。
|
| 关 键 词: | 恶意代码 恶意代码捕获 蜜罐 蜜网 |
| 文章编号: | 1000-436X(2007)12-0008-06 |
| 收稿时间: | 2007-09-03 |
| 修稿时间: | 2007-11-20 |
HoneyBow: an automated malware collection tool based on the high-interaction honeypot principle |
| |
| ZHUGE Jian-wei,HAN Xin-hui,ZHOU Yong-lin,SONG Cheng-yu,GUO Jin-peng,ZOU Wei.HoneyBow: an automated malware collection tool based on the high-interaction honeypot principle[J].Journal on Communications,2007,28(12):8-13. |
| |
| Authors: | ZHUGE Jian-wei HAN Xin-hui ZHOU Yong-lin SONG Cheng-yu GUO Jin-peng ZOU Wei |
| |
| Abstract: | Malware has become one of the severest threats to the public Internet. To deal with the malware breakout effectively as early as possible, an automated malware collection solution must be implemented as a precondition. An automated malware collection tool was presented based on the high-interaction honeypot principle called HoneyBow. Comparing with the Nepenthes platform based on the low-interaction honeypot principle, HoneyBow has its advantages on wilder range of captured malware samples and the capability of collecting unknown malware samples, which are vali- dated by the experiment results from wild malware collection and the case of Mocbot dealment. |
| |
| Keywords: | malware malware collection honeypot honeynet |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
