机构地区:[1]北京邮电大学网络空间安全学院,北京100876 [2]中国科学院信息工程研究所,北京100093 [3]电子科技大学广东电子信息工程研究院,广东东莞523808 [4]广州大学网络空间先进技术研究院,广州510006 [5]中国科学院大学网络空间安全学院,北京100049
出 处:《计算机学报》2018年第2期413-425,共13页Chinese Journal of Computers
基 金:本课题得到东莞市引进创新科研团队计划(201636000100038)、国家重点研发计划(2016YFB0801604)资助.
摘 要:基于Web技术的互联网应用的迅速发展引起了黑客的关注,针对Web的攻击成为互联网上的主要威胁之一.Web蜜罐技术可以帮助人们收集攻击信息从而使得人们能够更好的应对此类威胁,因而受到安全研究人员的重视.然而,蜜罐只能捕获针对自身的攻击,如果攻击者发现想要攻击的应用不在蜜罐系统中,那么攻击者将不会进行下一步动作,蜜罐系统也就不能捕获到攻击数据.为了提高攻击者攻击Web蜜罐成功的概率,文中提出了一种在Web蜜罐系统中部署多个不同应用的方案.首先,提出了蜜罐簇的概念,由多个不同的应用蜜罐组成蜜罐簇;然后设计了蜜罐簇协同算法,通过协同算法使得整个蜜罐簇作为一个Web蜜罐发挥作用;最后使用四种不同的应用实现了基于协同机制的蜜罐原型ArkHoney.在两个月的部署中,ArkHoney蜜罐系统捕获到来自985个不同IP的7933次请求.通过分析捕获到的数据,人工已确认针对四种应用的26次攻击.文中对捕获到的总体数据进行了统计,然后选取蜜罐簇中不同蜜罐捕获到的案例进行分析,实验表明文中提出的基于协同机制的Web蜜罐能有效增加蜜罐系统对攻击的捕获能力.With the rapid development and increasing growth of network services on Websites,Web attack has drawn significant attention from attackers,making it one of the major threats on the Internet.Such attack has caused great loss of financial and intellectual property.High interaction honeypots can attract attackers,detect attacks and suspicious behaviors on the Internet and collect information about what attackers do during and after their attacks.The information collected by a honeypot can effectively help security vendors and services providers to learn the threats websites faced and thus protect websites from attacks.However,what attack information can be collected depend on the type and version of web applications installed in the web honeypot.High interaction Web honeypots can only collect limited information from attacks if the targetapplication is not deployed in a honeypot,due to the fact that the attacks will failed.In order to increase probability that a Web honeypot will be successfully attacked,It's better to deploy various Web applications in one single Web honeypot.This paper proposes a design scheme for high interaction Web honeypot,intending for the obvious promotion of success probability of a Web honeypot be attacked,so that to enhance attack information collection on high-interaction Web honeypot.First,we analysis the process of Web attacks against honeypot and introduced a concept called honeypot-cluster which consists of several Web honeypots and a cooperative control unit.In each of the Web honeypot,different kinds of Web applications have been installed.Then,a collaborative algorithm is designed.The cooperative control unit uses collaborative algorithm to determine which application in the honeypot-cluster is the attacker'desire.By using the collaborative algorithm,a honeypot-cluster performance as if it is a single Web honeypot.When the honeypot-cluster get an attack,it will forward the attack to the application selected by collaborative algorithm.In this way,a Web honeypot can collect more att
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
