高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

蜜罐技术研究新进展

石乐义 李阳 马猛飞

石乐义, 李阳, 马猛飞. 蜜罐技术研究新进展[J]. 电子与信息学报, 2019, 41(2): 498-508. doi: 10.11999/JEIT180292
引用本文: 石乐义, 李阳, 马猛飞. 蜜罐技术研究新进展[J]. 电子与信息学报, 2019, 41(2): 498-508. doi: 10.11999/JEIT180292
Leyi SHI, Yang LI, Mengfei MA. Latest Research Progress of Honeypot Technology[J]. Journal of Electronics & Information Technology, 2019, 41(2): 498-508. doi: 10.11999/JEIT180292
Citation: Leyi SHI, Yang LI, Mengfei MA. Latest Research Progress of Honeypot Technology[J]. Journal of Electronics & Information Technology, 2019, 41(2): 498-508. doi: 10.11999/JEIT180292

蜜罐技术研究新进展

doi: 10.11999/JEIT180292
基金项目: 国家自然科学基金(61772551)
详细信息
    作者简介:

    石乐义:男,1975年生,博士,教授,研究方向为网络安全、博弈理论、移动互联网

    李阳:女,1993年生,硕士生,研究方向为网络安全、蜜罐、区块链

    马猛飞:男,1993年生,硕士生,研究方向为网络安全、主动防御

    通讯作者:

    石乐义 shileyi@upc.edu.cn

  • 中图分类号: TP393.08

Latest Research Progress of Honeypot Technology

Funds: The National Natural Science Foundation of China (61772551)
  • 摘要:

    蜜罐技术是网络防御中的陷阱技术,它通过吸引诱骗攻击者并记录其攻击行为,从而研究学习敌手的攻击目的和攻击手段,保护真实服务资源。然而,传统蜜罐技术存在着静态配置、固定部署等先天不足,极易被攻击者识别绕过而失去诱骗价值。因此,如何提高蜜罐的动态性与诱骗性成为蜜罐领域的关键问题。该文对近年来国内外蜜罐领域研究成果进行了梳理,首先总结了蜜罐发展历史,随后以蜜罐关键技术为核心,对执行过程、部署方式、反识别思想、博弈理论基础进行了分析;最后,对近年来不同蜜罐防御成果分类叙述,并对蜜罐技术发展趋势进行了分析陈述,针对潜在安全威胁,展望新兴领域防御应用。

  • 表  1  蜜罐应用性能比对

    蜜罐名称应用领域仿真精度数据质量可嵌入度
    SCADA Honeynet工控系统一般较差较好
    ArtemisaIP话音优秀优秀一般
    BluePot蓝牙较好一般较差
    Ghost USB honeypotUSB较好一般优秀
    下载: 导出CSV

    表  2  应用蜜罐技术的拒绝服务攻击方案

    方案防护体系攻击识别方法保护措施
    李硕等人[52]传统防护与高交互蜜罐主机负荷检测暂停数据包转发
    Sardana等人[53]自动响应蜜罐网络流量标记重定向可疑流量
    Sembiring[54]物理蜜罐主机与虚拟软件服务攻击模式分析隔离攻击源IP
    下载: 导出CSV

    表  3  蜜罐应用场景及学术研究点

    应用场景研究点
    社交网络恶意行为检测
    物联网IoT攻击途径
    自携设备攻击数字取证
    体域网安全通信通道
    无线网络恶意连接检测
    网络数据分析
    工业控制网络非法请求记录
    工控攻击识别
    威胁事件感知
    智能设备恶意数据捕捉
    恶意软件检测
    诈骗信息分析
    下载: 导出CSV
  • IRVENE C, FORMBY D, LITCHFIELD S, et al. HoneyBot: A honeypot for robotic systems[J]. Proceedings of the IEEE, 2018, 106(1): 61–70. doi: 10.1109/JPROC.2017.2748421
    诸葛建伟, 唐勇, 韩心慧, 等. 蜜罐技术研究与应用进展[J]. 软件学报, 2013, 24(4): 825–842. doi: 10.3724/SP.J.1001.2013.04369

    ZHUGE Jianwei, TANG Yong, HAN Xinhui, et al. Honeypot technology research and application[J]. Journal of Software, 2013, 24(4): 825–842. doi: 10.3724/SP.J.1001.2013.04369
    LAURÉN S, RAUTI S, and LEPPÄNEN V. An interface diversified honeypot for malware analysis[C]. Proccedings of the 10th European Conference on Software Architecture Workshops, New York, USA, 2016: 1–6.
    AGRAWAL N and TAPASWI S. Wireless rogue access point detection using shadow honeynet[J]. Wireless Personal Communications, 2015, 83(1): 551–570. doi: 10.1007/s11277-015-2408-0
    VASILOMANOLAKIS E, KARUPPAYAH S, KIKIRAS P, et al. A honeypot-driven cyber incident monitor: Lessons learned and steps ahead[C]. The 8th International Conference on Security of Information and Networks, Sochi, Russia, 2015: 158–164.
    VASILOMANOLAKIS E, SRINIVASA S, CORDERO C G, et al. Multi-stage attack detection and signature generation with ICS honeypots[C]. IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, 2016: 1227–1232.
    WAFI H, FIADE A, HAKIEM N, et al. Implementation of a modern security systems honeypot honey network on wireless networks[C]. International Young Engineers Forum, Almada, Portugal, 2017: 91–96.
    LEONARD A, CAI H, VENKATASUBRAMANIAN K, et al. A honeypot system for wearable networks[C]. IEEE 37th Sarnoff Symposium, Newark, USA, 2016: 199–201.
    GUARNIZO J, TAMBE A, BHUNIA S S, et al. SIPHON: Towards scalable high-Interation physical honeypots[C]. The 3rd ACM Workshop on Cyber-Physical System Security, New York, USA, 2017: 57–68.
    黄开枝, 洪颖, 罗文宇, 等. 基于演化博弈机制的物理层安全协作方法[J]. 电子与信息学报, 2015, 37(1): 193–199. doi: 10.11999/JEIT140309

    HUANG Kaizhi, HONG Ying, LUO Wenyu, et al. A method for physical layer security cooperation based on evolutionary game[J]. Journal of Electronics &Information Technology, 2015, 37(1): 193–199. doi: 10.11999/JEIT140309
    石乐义, 赵俊楠, 李芹, 等. 基于信令博弈的网络诱骗防御策略分析与仿真[J]. 系统仿真学报, 2016, 28(2): 348–353. doi: 10.16182/j.cnki.joss.2016.02.013

    SHI Leyi, ZHAO Junnan, LI Qin, et al. Signaling game analysis and simulation on network decoy defense strategies[J]. Journal of System Simulation, 2016, 28(2): 348–353. doi: 10.16182/j.cnki.joss.2016.02.013
    LA Q D, QUEK T Q S, LEE J, et al. Deceptive attack and defense game in honeypot-enabled networks for the internet of things[J]. IEEE Internet of Things Journal, 2016, 3(6): 1025–1035. doi: 10.1109/JIOT.2016.2547994
    刘江, 张红旗, 杨英杰, 等. 基于主机安全状态迁移模型的动态网络防御有效性评估[J]. 电子与信息学报, 2017, 39(3): 509–517. doi: 10.11999/JEIT160513

    LIU Jiang, ZHANG Hongqi, and YANG Yingjie, et al. Effectiveness evaluation of moving network defense based on host security state transition model[J]. Journal of Electronics &Information Technology, 2017, 39(3): 509–517. doi: 10.11999/JEIT160513
    KUWATLY I, SRAJ M, AL MASRI Z, et al. A dynamic honeypot design for intrusion detection[C]. The IEEE/ACS International Conference on Pervasive Services, Beirut, Lebanon, 2004: 95–104.
    ARTAIL H, SAFA H, SRAJ M, et al. A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks[J]. Computers & Security, 2006, 25(4): 274–288. doi: 10.1016/j.cose.2006.02.009
    PAUNA A, IACOB A, and BICA I. QRASSH—A self-adaptive SSH honeypot driven by Q-learning[C]. International Conference on Communications, Bucharest, Romania, 2018, 417–422.
    SAEEDI A, KHOTANLOU H, and NASSIRI M. A dynamic approach for honeypot management[J]. International Journal of Information, Security and Systems Management, 2012, 1(2): 104–109.
    FAN W, FERNÁNDEZ D, and DU Z. Adaptive and flexible virtual honeynet[C]. International Conference on Mobile, Secure and Programmable Networking, Paris, France, 2015: 1–17.
    HECKER C and HAY B. Automated honeynet deployment for dynamic network environment[C]. International Conference on System Sciences, Hawaii, USA, 2013: 4880–4889.
    FAN W, FERNÁNDEZ D, and DU Z. Versatile virtual honeynet management framework[J]. IET Information Security, 2016, 11(1): 38–45. doi: 10.1049/iet-ifs.2015.0256
    石乐义, 李婕, 刘昕, 等. 基于动态阵列蜜罐的协同网络防御策略研究[J]. 通信学报, 2012, 33(11): 159–164. doi: 10.3969/j.issn.1000-436x.2012.11.020

    SHI Leyi, LI Jie, LIU Xin, et al. Research on dynamic array honeypot for collaborative network defense strategy[J]. Journal on Communications, 2012, 33(11): 159–164. doi: 10.3969/j.issn.1000-436x.2012.11.020
    石乐义, 姜蓝蓝, 贾春福, 等. 蜜罐诱骗防御机理的博弈理论分析[J]. 电子与信息学报, 2012, 34(6): 1420–1424. doi: 10.3724/SP.J.1146.2011.00929

    SHI Leyi, JIANG Lanlan, JIA Chunfu, et al. A game theoretic analysis for the honeypot deceptive mechanism[J]. Journal of Electronics &Information Technology, 2012, 34(6): 1420–1424. doi: 10.3724/SP.J.1146.2011.00929
    石乐义, 姜蓝蓝, 刘昕, 等. 拟态式蜜罐诱骗特性的博弈理论分析[J]. 电子与信息学报, 2013, 35(5): 1063–1068. doi: 10.3724/SP.J.1146.2012.01213

    SHI Leyi, JIANG Lanlan, LIU Xin, et al. Game theoretic analysis for the feature of mimicry honeypot[J]. Journal of Electronics &Information Technology, 2013, 35(5): 1063–1068. doi: 10.3724/SP.J.1146.2012.01213
    SAADI C and CHAOUI H. Cloud computing security using IDS-AM-Clust, honeyd, honeywall and honeycomb[J]. Procedia Computer Science, 2016, 85: 433–442. doi: 10.1016/j.procs.2016.05.189
    SOCHOR T and ZUZCAK M. High-interaction linux honeypot architecture in recent perspective[C]. International Conference on Computer Networks, Brunow, Poland, 2016: 118–131.
    BUDA M and BLUEMKE I. Data mining algorithms in the analysis of security logs from a honeypot system[C]. International Conference on Dependability and Complex Systems, Brunow, Poland, 2016: 63–73.
    JIA Zhaopeng, CUI Xiang, LIU Qixu, et al. Micro-Honeypot: Using browser fingerprinting to track attackers[C]. IEEE Third International Conference on Data Science in Cyberspace, Guangzhou, China, 2018: 197–204.
    MUN H J and HAN K H. Blackhole attack: user identity and password seize attack using honeypot[J]. Journal of Computer Virology and Hacking Techniques, 2016, 12(3): 185–190. doi: 10.1007/s11416-016-0270-6
    王传极. 基于蜜罐技术捕获的电子数据的证据效力研究[D]. [硕士论文], 华东政法大学, 2015.

    WANG ChuanJi. Research on the evidence validity of data capturing by honeypot[D]. [Master dissertation], East China University of Political Science and Law, 2015.
    ULUSOY H, KANTARCIOGLU M, THURAISINGHAM B, et al. Honeypot based unauthorized data access detection in MapReduce systems[C]. IEEE International Conference on Intelligence and Security Informatics, Baltimore, USA, 2015: 126–131.
    SKRZEWSKI M. About the efficiency of malware monitoring via server-side honeypots[C]. International Conference on Computer Networks, Brunow, Poland, 2016: 132–140.
    SOCHOR T and ZUZCAK M. Attractiveness study of honeypots and honeynets in internet threat detection[C]. International Conference on Computer Networks, Brunow, Poland, 2015: 69–81.
    DAHBUL R N, LIM C, and PURNAMA J. Enhancing honeypot deception capability through network service fingerprinting[J]. Journal of Physics: Conference Series, 2017, 801(1): 1–7. doi: 10.1088/1742-6596/801/1/012057
    SOCHOR T, ZUZCAK M, and BUJOK P. Analysis of attackers against windows emulating honeypots in various types of networks and regions[C]. Eighth International Conference on Ubiquitous and Future Networks, Vienna, Austria, 2016: 863–868.
    武泽慧, 魏强, 任开磊, 等. 基于OpenFlow交换机洗牌的DDoS攻击动态防御方法[J]. 电子与信息学报, 2017, 39(2): 397–404. doi: 10.11999/JEIT160449

    WU Zehui, WEI Qiang, REN Kailei, et al. Dynamic defense for DDoS attack using openflow-based switch shuffling approach[J]. Journal of Electronics &Information Technology, 2017, 39(2): 397–404. doi: 10.11999/JEIT160449
    SAUD Z and ISLAM M H. Towards proactive detection of Advanced Persistent Threat (APT) attacks using honeypots[C]. The 8th International Conference on Security of Information and Networks, Sochi, Russia, 2015: 154–157.
    CHAMOTRA S, SEHGAL R K, ROR S, et al. Honeypot deployment in broadband networks[C]. International Conference on Information Systems Security, Jaipur, India, 2016: 479–488.
    刘胜利, 彭飞, 武东英, 等. CHoney: 一个面向 Cisco 路由器攻击捕获的新型蜜罐[J]. 北京邮电大学学报, 2015, 38(5): 47–53. doi: 10.13190/j.jbupt.2015.05.008

    LIU Shengli, PENG Fei, WU Dongying, et al. CHoney: A new honeypot for capturing attacks against cisco routers[J]. Journal of Beijing University of Posts and Telecommunications, 2015, 38(5): 47–53. doi: 10.13190/j.jbupt.2015.05.008
    郭军权, 诸葛建伟, 孙东红, 等. Spampot: 基于分布式蜜罐的垃圾邮件捕获系统[J]. 计算机研究与发展, 2014, 51(5): 1071–1080. doi: 10.7544/issn1000-1239.2014.20120738

    GUO Junquan, ZHUGE Jianwei, SUN Donghong, et al. Spampot: A spam capture system based on distributed honeypot[J]. Journal of Computer Research and Development, 2014, 51(5): 1071–1080. doi: 10.7544/issn1000-1239.2014.20120738
    贾召鹏, 方滨兴, 崔翔, 等. ArkHoney: 基于协同机制的Web蜜罐[J]. 计算机学报, 2018, 41(2): 413–425. doi: 10.11897/SP.J.1016.2018.00413

    JIA Zhaopeng, FANG Binxing, CUI Xiang, et al. ArkHoney: A web honeypot based on collaborative mechanisms[J]. Chinese journal of Computers, 2018, 41(2): 413–425. doi: 10.11897/SP.J.1016.2018.00413
    PARK J H, CHOI J W, and SONG J S. How to design practical client honeypots based on virtual environment[C]. Asia Joint Conference on Information Security, Fukuoka, Japan, 2016: 67–73.
    AKIYAMA M, YAGI T, YADA T, et al. Analyzing the ecosystem of malicious URL redirection through longitudinal observation from honeypots[J]. Computers & Security, 2017, 69(1): 155–173. doi: 10.1016/j.cose.2017.01.003
    MOORE C. Detecting ransomware with honeypot techniques[C]. Cybersecurity and Cyberforensics Conference, Amman, Jordan, 2016: 77–81.
    AL-HAKBANI M M and DAHSHAN M H. Avoiding honeypot detection in peer-to-peer botnets[C]. IEEE International Conference on Engineering and Technology, Coimbatore, India, 2015: 1–7.
    CHAMOTRA S, SEHGAL R K, and ROR S. Bot detection and botnet tracking in honeynet context[C]. Conference on Information and Communication Technology for Intelligent Systems, Ahmedabad, India, 2016: 563–574.
    OLAGUNJU A O and SAMU F. In search of effective honeypot and honeynet systems for real-time intrusion detection and prevention[C]. The 5th Annual Conference on Research in Information Technology, Boston, USA, 2016: 41–46.
    MUHAMMET B and RESUL D. A novel honeypot based security approach for real-time intrusion detection and prevention systems[J]. Journal of Information Security and Applications, 2018, 41: 103. doi: 10.1016/j.jisa.2018.06.004
    ALBASHIR A A A N. Detecting unknown vulnerabilities using honeynet[C]. First International Conference on Anti-Cybercrime, Riyadh, Saudi Arabia, 2015: 1–4.
    KUZE N, ISHIKURA S, YAGI T, et al. Detection of vulnerability scanning using features of collective accesses based on information collected from multiple honeypots[C]. Network Operations and Management Symposium, Istanbul, Turkey, 2016: 1067–1072.
    CHAMOTRA S, SEHGAL R K, and MISRA R S. Honeypot baselining for zero day attack detection[J]. International Journal of Information Security and Privacy, 2017, 11(3): 63–74. doi: 10.4018/IJISP.2017070106
    ANIRUDH M, THILEEBAN S A, and NALLATHAMBI D J. Use of honeypots for mitigating DoS attacks targeted on IoT networks[C]. International Conference on Computer, Communication and Signal Processing, Chennai, India, 2017: 1–4.
    李硕, 张权. 基于蜜罐的CC攻击防护体系[J]. 信息安全与通信保密, 2015(9): 99–102. doi: 10.3969/j.issn.1009-8054.2015.09.030

    LI Shuo and ZHANG Quan. Protection system of CC attack based on honeypot[J]. Information Security and Communications Privacy, 2015(9): 99–102. doi: 10.3969/j.issn.1009-8054.2015.09.030
    SARDANA A and JOSHI R. An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks[J]. Computer Communications, 2009, 32(12): 1384–1399. doi: 10.1016/j.comcom.2009.03.005
    SEMBIRING I. Implementation of honeypot to detect and prevent distributed denial of service attack[C]. International Conference on Information Technology, Computer, and Electrical Engineering, Semarang, Indonesia, 2016: 345–350.
    NISRINE M. A security approach for social networks based on honeypots[C]. IEEE International Colloquium on Information Science and Technology, Tangier, Morocco, 2016: 638–643.
    KEBANDE V R, KARIE N M, and VENTER H S. A generic digital forensic readiness model for BYOD using honeypot technology[C]. IST-Africa Week Conference, Durban, South Africa, 2016: 1–12.
    邢文娟. 基于Android的手机蜜罐研究与设计[D]. [硕士论文], 中国石油大学(华东), 2016.

    XING Wenjuan. The rsearch and dsign of mbile phone honeypot based on android[D]. [Master dissertation], China University of Petroleum (East China), 2016.
    SERBANESCU A V, OBERMEIER S, and YU D Y. A scalable honeynet architecture for industrial control systems[C]. International Conference on E-Business and Telecommunications, Colmar, France, 2015: 179–200.
    李京京. 基于蜜罐技术的ICS威胁感知平台设计与实现[D]. [硕士论文], 郑州大学, 2017.

    LI Jingjing. Design and implementation of ICS threat perception platform based on honeypot[D]. [Master dissertation], Zhengzhou University, 2017.
    AHMED H M, HASSAN N F, and FAHAD A A. Designing a smartphone honeypot system using performance counters[J]. Karbala International Journal of Modern Science, 2017, 3(1): 46–52. doi: 10.1016/j.kijoms.2017.02.004
    BALDUZZI M, GUPTA P, GU L, et al. Mobipot: Understanding mobile telephony threats with honeycards[C]. The 11th ACM on Asia Conference on Computer and Communications Security, Xi’an, China, 2016: 723–734.
    贾召鹏, 方滨兴, 刘潮歌, 等. 网络欺骗技术综述[J]. 通信学报, 2018, 38(12): 128–143. doi: 10.11959/j.issn.1000-436x.2017281

    JIA Zhaopeng, FANG Binxing, LIU Chaoge, et al. Survey on cyber deception[J]. Journal on Communications, 2018, 38(12): 128–143. doi: 10.11959/j.issn.1000-436x.2017281
  • 加载中
表(3)
计量
  • 文章访问数:  4356
  • HTML全文浏览量:  3143
  • PDF下载量:  376
  • 被引次数: 0
出版历程
  • 收稿日期:  2018-03-28
  • 修回日期:  2018-10-30
  • 网络出版日期:  2018-11-09
  • 刊出日期:  2019-02-01

目录

    /

    返回文章
    返回