蜜罐技术研究与应用进展
作者:
基金项目:

国家自然科学基金(61003127, 61003303); 国家重点基础研究发展计划(973)(2009CB320505); 国家242 信息安全计划(2011A40)


Honeypot Technology Research and Application
Author:
  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [19]
  • |
  • 相似文献 [20]
  • | | |
  • 文章评论
    摘要:

    蜜罐是防御方为了改变网络攻防博弈不对称局面而引入的一种主动防御技术,通过部署没有业务用途的安全资源,诱骗攻击者对其进行非法使用,从而对攻击行为进行捕获和分析,了解攻击工具与方法,推测攻击意图和动机.蜜罐技术赢得了安全社区的持续关注,得到了长足发展与广泛应用,并已成为互联网安全威胁监测与分析的一种主要技术手段.介绍了蜜罐技术的起源与发展演化过程,全面分析了蜜罐技术关键机制的研究现状,回顾了蜜罐部署结构的发展过程,并归纳总结了蜜罐技术在互联网安全威胁监测、分析与防范等方向上的最新应用成果.最后,对蜜罐技术存在的问题、发展趋势与进一步研究方向进行了讨论.

    Abstract:

    Honeypot is a proactive defense technology, introduced by the defense side to change the asymmetric situation of a network attack and defensive game. Through the deployment of the honeypots, i.e. security resources without any production purpose, the defenders can deceive attackers to illegally take advantage of the honeypots and capture and analyze the attack behaviors to understand the attack tools and methods, and to learn the intentions and motivations. Honeypot technology has won the sustained attention of the security community to make considerable progress and get wide application, and has become one of the main technical means of the Internet security threat monitoring and analysis. In this paper, the origin and evolution process of the honeypot technology are presented first. Next, the key mechanisms of honeypot technology are comprehensively analyzed, the development process of the honeypot deployment structure is also reviewed, and the latest applications of honeypot technology in the directions of Internet security threat monitoring, analysis and prevention are summarized. Finally, the problems of honeypot technology, development trends and further research directions are discussed.

    参考文献
    [1] Spitzner L. Honeypots: Tracking Hackers. Boston: Addison-Wesley Longman Publishing Co., Inc., 2002.
    [2] Stoll C. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. London: The Bodley Head Ltd., 1989.
    [3] The Honeynet Project, Know Your Enemy: Learning about Security Threats. 2nd ed., Boston: Addison-Wesley Professional, 2004.
    [4] Spitzner L. Honeypot farms. 2012. http://www.symantec.com/connect/articles/honeypot-farms
    [5] Liu BX, Xu RS. Study and design of the proactive security protecting measure honeynet. Computer Engineer, 2002,28(12):9-11 (inChinese with English abstract).
    [6] Cao AJ, Liu BX, Xu RS. Summary of the honeynet and entrapment defense technology. Computer Engineer, 2004,30(9):1-3 (inChinese with English abstract).
    [7] Zhang F, Zhou SJ, Qin ZG, Liu JD. Honeypot: A supplemented active defense system for network security. In: Fan P, Shen H, eds.Proc. of the 4th Int’l Conf. on Parallel and Distributed Computing, Applications and Technologies. Gran Canaria: IEEE, 2003.231-235. [doi: 10.1109/PDCAT.2003.1236295]
    [8] Zhou YL, Zhuge JW, Xu N, Jiao XL, Sun WM, Ji YC, Du YJ. Matrix: A distributed honeynet and its applications. In: Proc. of the20th Annual FIRST Conf. (FIRST 2008). British Columbia, 2008. http://www.first.org/conference/2008/papers/zhou-yonglin-slides.pdf
    [9] Zhuge JW, Holz T, Han XH, et al. Collecting autonomous spreading malware using high-interaction honeypots. In: Qing SH, ed.Proc. of 9th Int’l Conf. on Information and Communications Security (ICICS 2007). LNCS 4861, Zhengzhou: Springer-Verlag,2007. 438-451. [doi: 10.1007/978-3-540-77048-0_34]
    [10] Han XH, Guo JP, Zhou YL, Zhuge JW, Zou W. Investigation on the botnets activities. Journal on Communications, 2007,28(12):167-172 (in Chinese with English abstract).
    [11] Cheng JR, Yin JP, Liu Y, Zhong JW. Advances in the honeypot and honeynet technologies. Journal of Computer Research andDevelopment, 2008,45(Suppl.):375-378 (in Chinese with English abstract).
    [12] Cohen F. The deception toolkit. 2012. http://all.net/dtk/index.html
    [13] Cohen F, Lambert D, Preston C, Berry N, Stewart C, Thomas E. A framework for deception. 2012. http://www.all.net/journal/deception/Framework/Framework.html
    [14] Provos N. A virtual honeypot framework. In: Proc. of the 13th Conf. on USENIX Security Symp. Berkeley: USENIX Association,2004. 1-14.
    [15] Baecher P, Koetter M, Holz T, Dornseif M, Freiling F. The Nepenthes platform: An efficient approach to collect malware. In:Diego Z, et al., eds. Proc. of the 9th Int’l Symp. on Recent Advances in Intrusion Detection (RAID 2006). LNCS 4219, Hamburg:Springer-Verlag, 2006. 165-184. [doi: 10.1007/11856214_9]
    [16] Watson D, Riden J. The honeynet project: Data collection tools, infrastructure, archives and analysis. In: Zanero S, ed. Proc. of theWOMBAT Workshop on Information Security Threats Data Collection and Sharing (WISTDCS 2008). Amsterdam: IEEEComputer Society Press, 2008. 24-30. [doi: 10.1109/WISTDCS.2008.11]
    [17] Hoepers C, Steding-Jessen K, Cordeiro LER, Chavos MHPC. A national early warning capability based on a network of distributedhoneypots. In: Proc. of the 17th Annual FIRST Conf. on Computer Security Incident Handling (FIRST 2005). Singapore, 2005.http://www.cert.br/docs/palestras/certbr-early-warning-first2005.pdf
    [18] Leita C, Pham VH, Thonnard O, Ramirrez-Silva E, Pouget F, Kirda E, Dacier M. The Leurre.com project: Collecting Internetthreats information using a worldwide distributed honeynet. In: Zanero S, ed. Proc. of the WOMBAT Workshop on InformationSecurity Threats Data Collection and Sharing (WISTDCS 2008). Amsterdam: IEEE Computer Society Press, 2008. 40-57. [doi: 10.1109/WISTDCS.2008.8]
    [19] Leita C, Dacier M. SGNET: A worldwide deployable framework to support the analysis of malware threat models. In: Avi
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

诸葛建伟,唐勇,韩心慧,段海新.蜜罐技术研究与应用进展.软件学报,2013,24(4):825-842

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2012-02-12
  • 最后修改日期:2012-12-27
  • 在线发布日期: 2013-03-26
文章二维码
您是第19892996位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号