蜜罐技術研究新進展

石樂義; 李陽; 馬猛飛

doi:10.11999/JEIT180292

蜜罐技術研究新進展

doi: 10.11999/JEIT180292

中國石油大學(華東)計算機與通信工程學院 ??青島 ??266580

基金項目: 國家自然科學基金(61772551)

詳細信息

作者簡介:
石樂義：男，1975年生，博士，教授，研究方向為網(wǎng)絡安全、博弈理論、移動互聯(lián)網(wǎng)

李陽：女，1993年生，碩士生，研究方向為網(wǎng)絡安全、蜜罐、區(qū)塊鏈

馬猛飛：男，1993年生，碩士生，研究方向為網(wǎng)絡安全、主動防御

通訊作者:
石樂義　shileyi@upc.edu.cn

中圖分類號: TP393.08
計量
- 文章訪問數(shù): 4426
- HTML全文瀏覽量: 3268
- PDF下載量: 379
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2018-03-28
- 修回日期: 2018-10-30
- 網(wǎng)絡出版日期: 2018-11-09
- 刊出日期: 2019-02-01

Latest Research Progress of Honeypot Technology

College of Computer and Communication of Engineering, China University of Petroleum, Qingdao 266580, China

Funds: The National Natural Science Foundation of China (61772551)

摘要

摘要:
蜜罐技術是網(wǎng)絡防御中的陷阱技術，它通過吸引誘騙攻擊者并記錄其攻擊行為，從而研究學習敵手的攻擊目的和攻擊手段，保護真實服務資源。然而，傳統(tǒng)蜜罐技術存在著靜態(tài)配置、固定部署等先天不足，極易被攻擊者識別繞過而失去誘騙價值。因此，如何提高蜜罐的動態(tài)性與誘騙性成為蜜罐領域的關鍵問題。該文對近年來國內外蜜罐領域研究成果進行了梳理，首先總結了蜜罐發(fā)展歷史，隨后以蜜罐關鍵技術為核心，對執(zhí)行過程、部署方式、反識別思想、博弈理論基礎進行了分析；最后，對近年來不同蜜罐防御成果分類敘述，并對蜜罐技術發(fā)展趨勢進行了分析陳述，針對潛在安全威脅，展望新興領域防御應用。
- 網(wǎng)絡安全 /
- 蜜罐技術 /
- 蜜網(wǎng) /
- 反蜜罐 /
- 攻防策略 /
- 主動防御
Abstract:
Honeypot technology is a network trap in cyber defense. It can attract and deceive attackers and record their attack behavior, so as to study the target and attack means of the adversary and protect real service resources. However, because of the static configuration and the fixed deployment in traditional honeypots, it is as easy as a pie for intruders to identify and escape those traps, which makes them meaningless. Therefore, how to improve the dynamic characteristic and the camouflage performance of honeypot becomes a key problem in the field of honeypot. In this paper, the recent research achievements in honeypot are summarized. Firstly, the development history of honeypot in four stages is summed up. Subsequently, by focusing on the key honeypot mechanism, the analysis on process, deployment, counter-recognition and game theory are carried out. Finally, the achievements of honeypot in different aspects are characterized and the development trends of honeypot technology is depicted.
- Network security /
- Honeypot technology /
- Honeynet /
- Anti-honeypot /
- Attack-defense strategy /
- Proactive defense

HTML全文

表 1 蜜罐應用性能比對

蜜罐名稱	應用領域	仿真精度	數(shù)據(jù)質量	可嵌入度
SCADA Honeynet	工控系統(tǒng)	一般	較差	較好
Artemisa	IP話音	優(yōu)秀	優(yōu)秀	一般
BluePot	藍牙	較好	一般	較差
Ghost USB honeypot	USB	較好	一般	優(yōu)秀

下載: 導出CSV

表 2 應用蜜罐技術的拒絕服務攻擊方案

方案	防護體系	攻擊識別方法	保護措施
李碩等人^[52]	傳統(tǒng)防護與高交互蜜罐	主機負荷檢測	暫停數(shù)據(jù)包轉發(fā)
Sardana等人^[53]	自動響應蜜罐	網(wǎng)絡流量標記	重定向可疑流量
Sembiring^[54]	物理蜜罐主機與虛擬軟件服務	攻擊模式分析	隔離攻擊源IP

下載: 導出CSV

表 3 蜜罐應用場景及學術研究點

應用場景	研究點
社交網(wǎng)絡	惡意行為檢測
物聯(lián)網(wǎng)	IoT攻擊途徑
自攜設備	攻擊數(shù)字取證
體域網(wǎng)	安全通信通道
無線網(wǎng)絡	惡意連接檢測
無線網(wǎng)絡	網(wǎng)絡數(shù)據(jù)分析
工業(yè)控制網(wǎng)絡	非法請求記錄
	工控攻擊識別
	威脅事件感知
智能設備	惡意數(shù)據(jù)捕捉
	惡意軟件檢測
	詐騙信息分析

下載: 導出CSV

參考文獻(62)

IRVENE C, FORMBY D, LITCHFIELD S, et al. HoneyBot: A honeypot for robotic systems[J]. Proceedings of the IEEE, 2018, 106(1): 61–70. doi: 10.1109/JPROC.2017.2748421

諸葛建偉, 唐勇, 韓心慧, 等. 蜜罐技術研究與應用進展[J]. 軟件學報, 2013, 24(4): 825–842. doi: 10.3724/SP.J.1001.2013.04369

ZHUGE Jianwei, TANG Yong, HAN Xinhui, et al. Honeypot technology research and application[J]. Journal of Software, 2013, 24(4): 825–842. doi: 10.3724/SP.J.1001.2013.04369

LAURéN S, RAUTI S, and LEPP?NEN V. An interface diversified honeypot for malware analysis[C]. Proccedings of the 10th European Conference on Software Architecture Workshops, New York, USA, 2016: 1–6.

AGRAWAL N and TAPASWI S. Wireless rogue access point detection using shadow honeynet[J]. Wireless Personal Communications, 2015, 83(1): 551–570. doi: 10.1007/s11277-015-2408-0

VASILOMANOLAKIS E, KARUPPAYAH S, KIKIRAS P, et al. A honeypot-driven cyber incident monitor: Lessons learned and steps ahead[C]. The 8th International Conference on Security of Information and Networks, Sochi, Russia, 2015: 158–164.

VASILOMANOLAKIS E, SRINIVASA S, CORDERO C G, et al. Multi-stage attack detection and signature generation with ICS honeypots[C]. IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, 2016: 1227–1232.

WAFI H, FIADE A, HAKIEM N, et al. Implementation of a modern security systems honeypot honey network on wireless networks[C]. International Young Engineers Forum, Almada, Portugal, 2017: 91–96.

LEONARD A, CAI H, VENKATASUBRAMANIAN K, et al. A honeypot system for wearable networks[C]. IEEE 37th Sarnoff Symposium, Newark, USA, 2016: 199–201.

GUARNIZO J, TAMBE A, BHUNIA S S, et al. SIPHON: Towards scalable high-Interation physical honeypots[C]. The 3rd ACM Workshop on Cyber-Physical System Security, New York, USA, 2017: 57–68.

黃開枝, 洪穎, 羅文宇, 等. 基于演化博弈機制的物理層安全協(xié)作方法[J]. 電子與信息學報, 2015, 37(1): 193–199. doi: 10.11999/JEIT140309

HUANG Kaizhi, HONG Ying, LUO Wenyu, et al. A method for physical layer security cooperation based on evolutionary game[J]. Journal of Electronics &Information Technology, 2015, 37(1): 193–199. doi: 10.11999/JEIT140309

石樂義, 趙俊楠, 李芹, 等. 基于信令博弈的網(wǎng)絡誘騙防御策略分析與仿真[J]. 系統(tǒng)仿真學報, 2016, 28(2): 348–353. doi: 10.16182/j.cnki.joss.2016.02.013

SHI Leyi, ZHAO Junnan, LI Qin, et al. Signaling game analysis and simulation on network decoy defense strategies[J]. Journal of System Simulation, 2016, 28(2): 348–353. doi: 10.16182/j.cnki.joss.2016.02.013

LA Q D, QUEK T Q S, LEE J, et al. Deceptive attack and defense game in honeypot-enabled networks for the internet of things[J]. IEEE Internet of Things Journal, 2016, 3(6): 1025–1035. doi: 10.1109/JIOT.2016.2547994

劉江, 張紅旗, 楊英杰, 等. 基于主機安全狀態(tài)遷移模型的動態(tài)網(wǎng)絡防御有效性評估[J]. 電子與信息學報, 2017, 39(3): 509–517. doi: 10.11999/JEIT160513

LIU Jiang, ZHANG Hongqi, and YANG Yingjie, et al. Effectiveness evaluation of moving network defense based on host security state transition model[J]. Journal of Electronics &Information Technology, 2017, 39(3): 509–517. doi: 10.11999/JEIT160513

KUWATLY I, SRAJ M, AL MASRI Z, et al. A dynamic honeypot design for intrusion detection[C]. The IEEE/ACS International Conference on Pervasive Services, Beirut, Lebanon, 2004: 95–104.

ARTAIL H, SAFA H, SRAJ M, et al. A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks[J]. Computers & Security, 2006, 25(4): 274–288. doi: 10.1016/j.cose.2006.02.009

PAUNA A, IACOB A, and BICA I. QRASSH—A self-adaptive SSH honeypot driven by Q-learning[C]. International Conference on Communications, Bucharest, Romania, 2018, 417–422.

SAEEDI A, KHOTANLOU H, and NASSIRI M. A dynamic approach for honeypot management[J]. International Journal of Information, Security and Systems Management, 2012, 1(2): 104–109.

FAN W, FERNáNDEZ D, and DU Z. Adaptive and flexible virtual honeynet[C]. International Conference on Mobile, Secure and Programmable Networking, Paris, France, 2015: 1–17.

HECKER C and HAY B. Automated honeynet deployment for dynamic network environment[C]. International Conference on System Sciences, Hawaii, USA, 2013: 4880–4889.

FAN W, FERNáNDEZ D, and DU Z. Versatile virtual honeynet management framework[J]. IET Information Security, 2016, 11(1): 38–45. doi: 10.1049/iet-ifs.2015.0256

石樂義, 李婕, 劉昕, 等. 基于動態(tài)陣列蜜罐的協(xié)同網(wǎng)絡防御策略研究[J]. 通信學報, 2012, 33(11): 159–164. doi: 10.3969/j.issn.1000-436x.2012.11.020

SHI Leyi, LI Jie, LIU Xin, et al. Research on dynamic array honeypot for collaborative network defense strategy[J]. Journal on Communications, 2012, 33(11): 159–164. doi: 10.3969/j.issn.1000-436x.2012.11.020

石樂義, 姜藍藍, 賈春福, 等. 蜜罐誘騙防御機理的博弈理論分析[J]. 電子與信息學報, 2012, 34(6): 1420–1424. doi: 10.3724/SP.J.1146.2011.00929

SHI Leyi, JIANG Lanlan, JIA Chunfu, et al. A game theoretic analysis for the honeypot deceptive mechanism[J]. Journal of Electronics &Information Technology, 2012, 34(6): 1420–1424. doi: 10.3724/SP.J.1146.2011.00929

石樂義, 姜藍藍, 劉昕, 等. 擬態(tài)式蜜罐誘騙特性的博弈理論分析[J]. 電子與信息學報, 2013, 35(5): 1063–1068. doi: 10.3724/SP.J.1146.2012.01213

SHI Leyi, JIANG Lanlan, LIU Xin, et al. Game theoretic analysis for the feature of mimicry honeypot[J]. Journal of Electronics &Information Technology, 2013, 35(5): 1063–1068. doi: 10.3724/SP.J.1146.2012.01213

SAADI C and CHAOUI H. Cloud computing security using IDS-AM-Clust, honeyd, honeywall and honeycomb[J]. Procedia Computer Science, 2016, 85: 433–442. doi: 10.1016/j.procs.2016.05.189

SOCHOR T and ZUZCAK M. High-interaction linux honeypot architecture in recent perspective[C]. International Conference on Computer Networks, Brunow, Poland, 2016: 118–131.

BUDA M and BLUEMKE I. Data mining algorithms in the analysis of security logs from a honeypot system[C]. International Conference on Dependability and Complex Systems, Brunow, Poland, 2016: 63–73.

JIA Zhaopeng, CUI Xiang, LIU Qixu, et al. Micro-Honeypot: Using browser fingerprinting to track attackers[C]. IEEE Third International Conference on Data Science in Cyberspace, Guangzhou, China, 2018: 197–204.

MUN H J and HAN K H. Blackhole attack: user identity and password seize attack using honeypot[J]. Journal of Computer Virology and Hacking Techniques, 2016, 12(3): 185–190. doi: 10.1007/s11416-016-0270-6

王傳極. 基于蜜罐技術捕獲的電子數(shù)據(jù)的證據(jù)效力研究[D]. [碩士論文], 華東政法大學, 2015.

WANG ChuanJi. Research on the evidence validity of data capturing by honeypot[D]. [Master dissertation], East China University of Political Science and Law, 2015.

ULUSOY H, KANTARCIOGLU M, THURAISINGHAM B, et al. Honeypot based unauthorized data access detection in MapReduce systems[C]. IEEE International Conference on Intelligence and Security Informatics, Baltimore, USA, 2015: 126–131.

SKRZEWSKI M. About the efficiency of malware monitoring via server-side honeypots[C]. International Conference on Computer Networks, Brunow, Poland, 2016: 132–140.

SOCHOR T and ZUZCAK M. Attractiveness study of honeypots and honeynets in internet threat detection[C]. International Conference on Computer Networks, Brunow, Poland, 2015: 69–81.

DAHBUL R N, LIM C, and PURNAMA J. Enhancing honeypot deception capability through network service fingerprinting[J]. Journal of Physics: Conference Series, 2017, 801(1): 1–7. doi: 10.1088/1742-6596/801/1/012057

SOCHOR T, ZUZCAK M, and BUJOK P. Analysis of attackers against windows emulating honeypots in various types of networks and regions[C]. Eighth International Conference on Ubiquitous and Future Networks, Vienna, Austria, 2016: 863–868.

武澤慧, 魏強, 任開磊, 等. 基于OpenFlow交換機洗牌的DDoS攻擊動態(tài)防御方法[J]. 電子與信息學報, 2017, 39(2): 397–404. doi: 10.11999/JEIT160449

WU Zehui, WEI Qiang, REN Kailei, et al. Dynamic defense for DDoS attack using openflow-based switch shuffling approach[J]. Journal of Electronics &Information Technology, 2017, 39(2): 397–404. doi: 10.11999/JEIT160449

SAUD Z and ISLAM M H. Towards proactive detection of Advanced Persistent Threat (APT) attacks using honeypots[C]. The 8th International Conference on Security of Information and Networks, Sochi, Russia, 2015: 154–157.

CHAMOTRA S, SEHGAL R K, ROR S, et al. Honeypot deployment in broadband networks[C]. International Conference on Information Systems Security, Jaipur, India, 2016: 479–488.

劉勝利, 彭飛, 武東英, 等. CHoney: 一個面向 Cisco 路由器攻擊捕獲的新型蜜罐[J]. 北京郵電大學學報, 2015, 38(5): 47–53. doi: 10.13190/j.jbupt.2015.05.008

LIU Shengli, PENG Fei, WU Dongying, et al. CHoney: A new honeypot for capturing attacks against cisco routers[J]. Journal of Beijing University of Posts and Telecommunications, 2015, 38(5): 47–53. doi: 10.13190/j.jbupt.2015.05.008

郭軍權, 諸葛建偉, 孫東紅, 等. Spampot: 基于分布式蜜罐的垃圾郵件捕獲系統(tǒng)[J]. 計算機研究與發(fā)展, 2014, 51(5): 1071–1080. doi: 10.7544/issn1000-1239.2014.20120738

GUO Junquan, ZHUGE Jianwei, SUN Donghong, et al. Spampot: A spam capture system based on distributed honeypot[J]. Journal of Computer Research and Development, 2014, 51(5): 1071–1080. doi: 10.7544/issn1000-1239.2014.20120738

賈召鵬, 方濱興, 崔翔, 等. ArkHoney: 基于協(xié)同機制的Web蜜罐[J]. 計算機學報, 2018, 41(2): 413–425. doi: 10.11897/SP.J.1016.2018.00413

JIA Zhaopeng, FANG Binxing, CUI Xiang, et al. ArkHoney: A web honeypot based on collaborative mechanisms[J]. Chinese journal of Computers, 2018, 41(2): 413–425. doi: 10.11897/SP.J.1016.2018.00413

PARK J H, CHOI J W, and SONG J S. How to design practical client honeypots based on virtual environment[C]. Asia Joint Conference on Information Security, Fukuoka, Japan, 2016: 67–73.

AKIYAMA M, YAGI T, YADA T, et al. Analyzing the ecosystem of malicious URL redirection through longitudinal observation from honeypots[J]. Computers & Security, 2017, 69(1): 155–173. doi: 10.1016/j.cose.2017.01.003

MOORE C. Detecting ransomware with honeypot techniques[C]. Cybersecurity and Cyberforensics Conference, Amman, Jordan, 2016: 77–81.

AL-HAKBANI M M and DAHSHAN M H. Avoiding honeypot detection in peer-to-peer botnets[C]. IEEE International Conference on Engineering and Technology, Coimbatore, India, 2015: 1–7.

CHAMOTRA S, SEHGAL R K, and ROR S. Bot detection and botnet tracking in honeynet context[C]. Conference on Information and Communication Technology for Intelligent Systems, Ahmedabad, India, 2016: 563–574.

OLAGUNJU A O and SAMU F. In search of effective honeypot and honeynet systems for real-time intrusion detection and prevention[C]. The 5th Annual Conference on Research in Information Technology, Boston, USA, 2016: 41–46.

MUHAMMET B and RESUL D. A novel honeypot based security approach for real-time intrusion detection and prevention systems[J]. Journal of Information Security and Applications, 2018, 41: 103. doi: 10.1016/j.jisa.2018.06.004

ALBASHIR A A A N. Detecting unknown vulnerabilities using honeynet[C]. First International Conference on Anti-Cybercrime, Riyadh, Saudi Arabia, 2015: 1–4.

KUZE N, ISHIKURA S, YAGI T, et al. Detection of vulnerability scanning using features of collective accesses based on information collected from multiple honeypots[C]. Network Operations and Management Symposium, Istanbul, Turkey, 2016: 1067–1072.

CHAMOTRA S, SEHGAL R K, and MISRA R S. Honeypot baselining for zero day attack detection[J]. International Journal of Information Security and Privacy, 2017, 11(3): 63–74. doi: 10.4018/IJISP.2017070106

ANIRUDH M, THILEEBAN S A, and NALLATHAMBI D J. Use of honeypots for mitigating DoS attacks targeted on IoT networks[C]. International Conference on Computer, Communication and Signal Processing, Chennai, India, 2017: 1–4.

李碩, 張權. 基于蜜罐的CC攻擊防護體系[J]. 信息安全與通信保密, 2015(9): 99–102. doi: 10.3969/j.issn.1009-8054.2015.09.030

LI Shuo and ZHANG Quan. Protection system of CC attack based on honeypot[J]. Information Security and Communications Privacy, 2015(9): 99–102. doi: 10.3969/j.issn.1009-8054.2015.09.030

SARDANA A and JOSHI R. An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks[J]. Computer Communications, 2009, 32(12): 1384–1399. doi: 10.1016/j.comcom.2009.03.005

SEMBIRING I. Implementation of honeypot to detect and prevent distributed denial of service attack[C]. International Conference on Information Technology, Computer, and Electrical Engineering, Semarang, Indonesia, 2016: 345–350.

NISRINE M. A security approach for social networks based on honeypots[C]. IEEE International Colloquium on Information Science and Technology, Tangier, Morocco, 2016: 638–643.

KEBANDE V R, KARIE N M, and VENTER H S. A generic digital forensic readiness model for BYOD using honeypot technology[C]. IST-Africa Week Conference, Durban, South Africa, 2016: 1–12.

邢文娟. 基于Android的手機蜜罐研究與設計[D]. [碩士論文], 中國石油大學(華東), 2016.

XING Wenjuan. The rsearch and dsign of mbile phone honeypot based on android[D]. [Master dissertation], China University of Petroleum (East China), 2016.

SERBANESCU A V, OBERMEIER S, and YU D Y. A scalable honeynet architecture for industrial control systems[C]. International Conference on E-Business and Telecommunications, Colmar, France, 2015: 179–200.

李京京. 基于蜜罐技術的ICS威脅感知平臺設計與實現(xiàn)[D]. [碩士論文], 鄭州大學, 2017.

LI Jingjing. Design and implementation of ICS threat perception platform based on honeypot[D]. [Master dissertation], Zhengzhou University, 2017.

AHMED H M, HASSAN N F, and FAHAD A A. Designing a smartphone honeypot system using performance counters[J]. Karbala International Journal of Modern Science, 2017, 3(1): 46–52. doi: 10.1016/j.kijoms.2017.02.004

BALDUZZI M, GUPTA P, GU L, et al. Mobipot: Understanding mobile telephony threats with honeycards[C]. The 11th ACM on Asia Conference on Computer and Communications Security, Xi’an, China, 2016: 723–734.

賈召鵬, 方濱興, 劉潮歌, 等. 網(wǎng)絡欺騙技術綜述[J]. 通信學報, 2018, 38(12): 128–143. doi: 10.11959/j.issn.1000-436x.2017281

JIA Zhaopeng, FANG Binxing, LIU Chaoge, et al. Survey on cyber deception[J]. Journal on Communications, 2018, 38(12): 128–143. doi: 10.11959/j.issn.1000-436x.2017281

施引文獻

資源附件(0)

訪問統(tǒng)計