基于蜜罐技术的攻防对抗场景下网络攻击诱捕溯源方法
Traceability method of network attack and trapping based on honeypot technology
高奇 1贡晓静 2黄蕊 3黄承麟 4周深永4
作者信息
- 1. 广西财政信息管理中心,广西 南宁 530021
- 2. 广西警察学院,广西 南宁 530028
- 3. 广西四方汇通人才服务有限责任公司,广西 南宁 530021
- 4. 广西昊华科技股份有限公司,广西 南宁 530022
- 折叠
摘要
由于传统日志分析、入侵检测等溯源方法主要通过事后分析来追溯攻击源头,难以满足攻防对抗场景对溯源工作的快速、准确的要求,文章提出基于蜜罐技术的攻防对抗场景下网络攻击诱捕溯源方法.在攻防对抗场景中部署蜜罐诱捕攻击者实施网络攻击,并收集攻击流量数据,把每一个攻击端和防护端的流量数据归为多个簇,对簇进行匹配判断攻击流量的发送源,实现攻防对抗场景下网络攻击诱捕溯源.实验结果表明,该方法在攻防对抗场景下可以准确提供网络攻击端的IP 地址信息,具有较高的可靠性.
Abstract
Since the traditional traceability methods such as log analysis,intrusion detection and so on mainly trace the source of attack through post-hoc analysis,it is difficult to meet the requirements of rapid and accurate traceability of attack and defense confrontation scenes,and the network attack trapping tracing method based on honeypot technology is proposed.In the attack and defense confrontation scenario,honey tanks are deployed to trap attackers to carry out network attacks,and collect attack traffic data,classify the traffic data of each attack end and protection end into multiple clusters,matching the clusters to judge the sending source of attack traffic,so as to realize the traceability of network attack trapping in the attack and defense confrontation scenario.The experimental results show that the design method can provide the IP address information of the network attack end accurately in the attack and defense confrontation scenarios,with high reliability.
关键词
蜜罐技术/攻防对抗场景/网络攻击/诱捕溯源Key words
honeypot technology/attack and defense confrontation scenarios/network attack引用本文复制引用
出版年
2024
NETL
NSTL
万方数据