共查询到20条相似文献,搜索用时 15 毫秒
1.
网络安全领域日益受到重视,蜜罐与蜜网技术是基于主动防御理论而提出的。蜜罐与蜜网技术通过精心布置的诱骗环境来吸引网络攻击者的入侵,进而了解攻击思路、攻击工具和攻击目的等行为信息。本文介绍了蜜罐的主要技术原理,并且比较和分析了第一代、第二代和第三代蜜网模型。 相似文献
2.
Éric Alata Ion Alberdi Vincent Nicomette Philippe Owezarski Mohamed Kaâniche 《Journal in Computer Virology》2008,4(2):127-136
High-interaction honeypots are interesting as they help understand how attacks unfold on a compromised machine. However, observations
are generally limited to the operations performed by the attackers on the honeypot itself. Outgoing malicious activities carried
out from the honeypot towards remote machines on the Internet are generally disallowed for legal liability reasons. It is
particularly instructive, however, to observe activities initiated from the honeypot in order to monitor attacker behavior
across different, possibly compromised remote machines. This paper proposes to this end a dynamic redirection mechanism of
connections initiated from the honeypot. This mechanism gives the attacker the illusion of being actually connected to a remote
machine whereas he is redirected to another local honeypot. The originality of the proposed redirection mechanism lies in
its dynamic aspect: the redirections are made automatically on the fly. This mechanism has been implemented and tested on
a Linux kernel. This paper presents the design and the implementation of this mechanism. 相似文献
3.
蜜罐作为新兴的网络防御技术,不仅能够主动防御网络攻击,而且还可以收集攻击者的重要信息。但是,当前的蜜罐并不具有模拟应用层服务的功能,利用蜜罐提出了一种实现Web服务器诱骗系统的方法,该系统不但实现了Web服务器的基本功能,而且还增加了蜜罐的自学习能力,大大提高了蜜罐的诱骗性。 相似文献
4.
传统的单一蜜罐系统不一定能保证长时间与攻击者进行交互,以至于无法检测提取充足的关于攻击者的信息。为了提高服务器的安全和收集到更多攻击者的信息,提出了一种基于双蜜罐技术的防御系统方案,在防火墙的DM7区域架设两台蜜罐系统,其中蜜罐A是基于Windows平台下搭建的虚拟服务器以引诱攻击者,蜜罐B基于Linux平台下搭建,通过Libevent、Libpcap等一些库函数完全模拟真实的服务器,该蜜罐具有较强的安全防护措施和不易攻破的特征。 相似文献
5.
《Journal of Parallel and Distributed Computing》2006,66(9):1165-1180
The honeypot has emerged as an effective tool to provide insights into new attacks and exploitation trends. However, a single honeypot or multiple independently operated honeypots only provide limited local views of network attacks. Coordinated deployment of honeypots in different network domains not only provides broader views, but also create opportunities of early network anomaly detection, attack correlation, and global network status inference. Unfortunately, coordinated honeypot operation require close collaboration and uniform security expertise across participating network domains. The conflict between distributed presence and uniform management poses a major challenge in honeypot deployment and operation.To address this challenge, we present Collapsar, a virtual machine-based architecture for network attack capture and detention. A Collapsar center hosts and manages a large number of high-interaction virtual honeypots in a local dedicated network. To attackers, these honeypots appear as real systems in their respective production networks. Decentralized logical presence of honeypots provides a wide diverse view of network attacks, while the centralized operation enables dedicated administration and convenient event correlation, eliminating the need for honeypot expertise in every production network domain. Collapsar realizes the traditional honeyfarm vision as well as our new reverse honeyfarm vision, where honeypots act as vulnerable clients exploited by real-world malicious servers. We present the design, implementation, and evaluation of a Collapsar prototype. Our experiments with a number of real-world attacks demonstrate the effectiveness and practicality of Collapsar. 相似文献
6.
7.
8.
Yilei Wang Guoyu Yang Tao Li Lifeng Zhang Yanli Wang Lishan Ke Yi Dou Shouzhe Li Xiaomei Yu 《国际智能系统杂志》2020,35(12):2032-2048
The vulnerabilities in cryptographic currencies facilitate the adversarial attacks. Therefore, the attackers have incentives to increase their rewards by strategic behaviors. Block withholding attacks (BWH) are such behaviors that attackers withhold blocks in the target pools to subvert the blockchain ecosystem. Furthermore, BWH attacks may dwarf the countermeasures by combining with selfish mining attacks or other strategic behaviors, for example, fork after withholding (FAW) attacks and power adaptive withholding (PAW) attacks. That is, the attackers may be intelligent enough such that they can dynamically gear their behaviors to optimal attacking strategies. In this paper, we propose mixed-BWH attacks with respect to intelligent attackers, who leverage reinforcement learning to pin down optimal strategic behaviors to maximize their rewards. More specifically, the intelligent attackers strategically toggle among BWH, FAW, and PAW attacks. Their main target is to fine-tune the optimal behaviors, which incur maximal rewards. The attackers pinpoint the optimal attacking actions with reinforcement learning, which is formalized into a Markov decision process. The simulation results show that the rewards of the mixed strategy are much higher than that of honest strategy for the attackers. Therefore, the attackers have enough incentives to adopt the mixed strategy. 相似文献
9.
Honeypot-网络陷阱 总被引:20,自引:3,他引:20
Honeypot是一个网络陷阱或欺骗系统,它可以诱惑攻击者,使他们将时间和资源都花费在攻击Honeypot上,从而保护工作系统免于攻击。它能监视和跟踪攻击者,收集攻击者的信息,以便分析系统所面临的威胁,学习攻击者的工具、策略和动机,因此在网络安全中起着积极防御的作用。文章将论述Honeypot的定义、作用和工作方式,简单介绍Honeypot系统的主要技术以及几种Honeypot的构造方法。 相似文献
10.
NIDS在蜜罐系统中的应用 总被引:1,自引:0,他引:1
本文根据NIDS存在的问题和蜜罐系统的优势,设计了一个将NIDS与蜜罐系统相结合的模型。由蜜罐吸引攻击者,NIDS将可疑数据包重定向至蜜罐系统中。蜜罐记录下攻击者的行为,进行远程备份,并通过恢复模块保证整个系统处于安全状态。 相似文献
11.
本文根据NIDS存在的问题和蜜罐系统的优势,设计了一个将NIDS与蜜罐系统相结合的模型。由蜜罐吸引攻击者,NIDS将可疑数据包重定向至蜜罐系统中。蜜罐记录下攻击者的行为,进行远程备份,并通过恢复模块保证整个系统处于安全状态。 相似文献
12.
Botnets: big and bigger 总被引:1,自引:0,他引:1
Researchers design honeynet computer networks specifically to be attacked. The hosts that comprise a honeynet and serve as attack targets are called honeypots. Researchers configure them to capture a variety of useful data about computer attacks without compromising other computers. Moreover, honeynet researchers strive to implement data capture and control in such a way that intruders are unaware that their actions are being monitored. Although honeynet technology is relatively new, it is developing rapidly. Honeynets have already proven themselves to be useful sources of information. In this article, I'll describe an attack on a honeypot that occurred in March 2003 during the onset and peak activity of several worms that targeted vulnerable hosts running Windows file sharing. We incorporated the compromised honeypot into a large botnet that attackers used to initiate distributed denial-of-service (DDOS) attacks against several Internet sites. I explain the structure of such botnets, their use by computer attackers, and the threat they pose to Internet sites. 相似文献
13.
蜜罐是防御方为了改变网络攻防博弈不对称局面而引入的一种主动防御技术,通过部署没有业务用途的安全资源,诱骗攻击者对其进行非法使用,从而对攻击行为进行捕获和分析,了解攻击工具与方法,推测攻击意图和动机.蜜罐技术赢得了安全社区的持续关注,得到了长足发展与广泛应用,并已成为互联网安全威胁监测与分析的一种主要技术手段.介绍了蜜罐技术的起源与发展演化过程,全面分析了蜜罐技术关键机制的研究现状,回顾了蜜罐部署结构的发展过程,并归纳总结了蜜罐技术在互联网安全威胁监测、分析与防范等方向上的最新应用成果.最后,对蜜罐技术存在的问题、发展趋势与进一步研究方向进行了讨论. 相似文献
14.
《Journal of Parallel and Distributed Computing》2006,66(9):1152-1164
The Denial-of-Service (DoS) attack is a challenging problem in the current Internet. Many schemes have been proposed to trace spoofed (forged) attack packets back to their sources. Among them, hop-by-hop schemes are less vulnerable to router compromise than packet marking schemes, but they require accurate attack signatures, high storage or bandwidth overhead, and cooperation of many ISPs.In this paper, we propose honeypot back-propagation, an efficient hop-by-hop traceback mechanism, in which accurate attack signatures are obtained by a novel leverage of the roaming honeypots scheme. The reception of attack packets by a roaming honeypot (a decoy machine camouflaged within a server pool) triggers the activation of a tree of honeypot sessions rooted at the honeypot under attack toward attack sources. The tree is formed hierarchically, first at Autonomous system (AS) level and then at router level. Honeypot back-propagation supports incremental deployment by providing incentives for ISPs even with partial deployment.Against low-rate attackers, most traceback schemes would take a long time to collect the needed number of packets. To address this problem, we also propose progressive back-propagation to handle low-rate attacks, such as on-off attacks with short bursts. Analytical and simulation results demonstrate the effectiveness of the proposed schemes under a variety of DDoS attack scenarios. 相似文献
15.
通过分析DDoS攻击的基本原理,本文提出蜜罐技术在防御分布式拒绝服务(D istributed DoS,DDoS)攻击中的一种应用,并在实验环境下对其性能进行了分析。 相似文献
16.
随着蜜罐技术的发展和应用,攻击者针对蜜罐的研究也越来越多,主要集中在蜜罐的识别技术上。一旦入侵者确定入侵对象是个蜜罐,那么蜜罐就失去了部署的意义。主要讨论了几种蜜罐识别技术并提出了相应的防御措施,并对蜜罐的发展趋势提出自己的看法。 相似文献
17.
为降低真实AP被探测攻击的概率及实现对探测攻击行为进行跟踪研究,提出了一种基于可加载内核模块LKM与无线网卡驱动MadWiFi的无线接入点蜜罐实现技术,随机生成大量的虚假无线接入点并响应连接探测,同时对探测攻击行为进行跟踪分析。实验结果表明该无线蜜罐实现技术达到了预期效果。 相似文献
18.
蜜罐是一种用于安全威胁发现与攻击特征提取的主动防御技术,能够提供高价值且低误报率的攻击流量和样本。蜜罐的应用压缩了网络黑客的隐匿空间,攻击者可通过蜜罐识别技术来发现和规避蜜罐。因此,安全人员有必要从攻击者的角度深入研究蜜罐识别的方法,以便优化蜜罐系统的设计与实现。本文从蜜罐的结构出发,总结了8种蜜罐识别要素,并评估了不同识别要素的准确性和隐蔽性。结合互联网蜜罐分布特点,归纳了一种互联网中的蜜罐识别流程,并基于Conpot工控蜜罐架构的固有缺陷,提出了一种基于数据包分片的工控蜜罐识别方法。通过三次互联网扫描,共发现2432个Conpot工控蜜罐,并进一步分析了其分布特点。 相似文献
19.
随着车联网的快速发展,服务提供商通过将5G基站型路侧单元(RSU,road side unit)部署在靠近车辆的位置,能够迅速为车辆用户提供缓存服务。然而,由于恶意攻击者的存在,其通过控制基站获取权限使基站变为恶意基站,达到身份伪造攻击的目的,并以恶意基站的名义发送消息干扰车辆与可信基站之间的通信链路,容易造成严重的行车安全问题。提出了车联网中基于攻防博弈的蜜罐防御及传输策略,通过部署蜜罐基站混淆攻击者,从而降低车联网中身份伪造攻击的风险,提高车联网数据传输的可靠性。将车联网场景中可信基站与恶意基站之间的交互问题建模为攻防博弈模型,在此基础上可信基站与蜜罐基站联合作为防守方来抵御恶意攻击。可信基站和恶意基站作为攻防博弈双方选择各自相应的策略,构建双方效益函数模型,并结合车辆时延反馈机制,防守方与恶意基站动态调整各自策略。通过调整蜜罐基站与车辆的交互性和IP随机化程度,使防守方的整体效益得到有效提升,并利用混合策略纳什均衡理论得出最优解。大量的仿真实验结果表明,所提出的策略能够在恶意攻击者存在的情况下,提高车联网服务的安全传输性能,对比无蜜罐防御方案,防守方期望效益提升了48.9%,数据... 相似文献
20.
随着网络技术的不断发展,网络安全技术已经从早期对攻击和病毒的被动防御开始向对攻击者进行欺骗并且对其入侵行为进行监测的方向发展。基于蜜罐技术的网络安全系统可以实现对内部网络和信息的保护,并且可以对攻击行为进行分析和取证。文中对蜜罐系统分类特点、部署位置以及配置数量进行了分析,同时对蜜罐系统中关键部分取证服务器的实现进行了研究,并进行了实验测试,测试结果表明该蜜罐系统可以实现对攻击行为进行捕捉和记录的功能。对蜜罐系统的部署和保护模式进行研究,可以从理论上优化蜜罐系统的配置和部署,具有很高的实践意义。 相似文献