蜜罐是防御方为了改变网络攻防博弈不对称局面而引入的一种主动防御技术,通过部署没有业务用途的安全资源,诱骗攻击者对其进行非法使用,从而对攻击行为进行捕获和分析,了解攻击工具与方法,推测攻击意图和动机.蜜罐技术赢得了安全社区的持续关注,得到了长足发展与广泛应用,并已成为互联网安全威胁监测与分析的一种主要技术手段.介绍了蜜罐技术的起源与发展演化过程,全面分析了蜜罐技术关键机制的研究现状,回顾了蜜罐部署结构的发展过程,并归纳总结了蜜罐技术在互联网安全威胁监测、分析与防范等方向上的最新应用成果.最后,对蜜罐技术存在的问题、发展趋势与进一步研究方向进行了讨论.

Honeypot is a proactive defense technology, introduced by the defense side to change the asymmetric situation of a network attack and defensive game. Through the deployment of the honeypots, i.e. security resources without any production purpose, the defenders can deceive attackers to illegally take advantage of the honeypots and capture and analyze the attack behaviors to understand the attack tools and methods, and to learn the intentions and motivations. Honeypot technology has won the sustained attention of the security community to make considerable progress and get wide application, and has become one of the main technical means of the Internet security threat monitoring and analysis. In this paper, the origin and evolution process of the honeypot technology are presented first. Next, the key mechanisms of honeypot technology are comprehensively analyzed, the development process of the honeypot deployment structure is also reviewed, and the latest applications of honeypot technology in the directions of Internet security threat monitoring, analysis and prevention are summarized. Finally, the problems of honeypot technology, development trends and further research directions are discussed.

国家自然科学基金(61003127, 61003303); 国家重点基础研究发展计划(973)(2009CB320505); 国家242 信息安全计划(2011A40)