欺骗诱捕技术在气象网络安全攻防对抗场景下的应用  被引量：7

作　　者：周琰[1] 马强[1] ZHOU Yan;MA Qiang(National Meteorological Information Centre,Beijing 100081)

机构地区：[1]国家气象信息中心,北京100081

出　　处：《气象科技》2023年第2期208-214,共7页Meteorological Science and Technology

基　　金：国家气象信息中心信息网络安全与“信创”技术研发创新团队(NMIC-202011-05)攻关任务;国家气象信息中心科研项目结余资金课题(NMICJY202320);国家重点研发计划项目(2016YFA0602100)资助。

摘　　要：随着信息技术的快速发展,网络安全形势愈发严峻,气象部门通过组织网络攻防演习,以实战标准检验并提升业务安全防护体系能力。在演习中,攻击队伍对重要业务单位的真实网络及信息系统进行攻击渗透,各业务单位作为防守方开展实时监控与应急处置。由于攻防双方信息不对等,防守方采用传统防御手段经常处于被动挨打的局面。为提升网络防御能力,本文研究伪装欺骗和攻击诱捕技术在气象部门网络安全实战场景下的应用,通过采用基于蜜罐的欺骗诱捕平台,构建主动防御体系,实现对异常网络流量的监测、分析和预警,并对攻击方进行诱捕、溯源。经过实战检验,欺骗诱捕技术的应用切实提高了网络安全防御能力,保障气象业务系统稳定运行。With the rapid development of information technology,the cyber security situation is becoming more and more severe.The meteorological department has organized network attack and defence exercises to test and improve the capability of the service security protection system with practical standards.In the drill,the attacking team penetrates the real network and information system of important operational units.Each unit acts as the defender to carry out real-time monitoring and emergency response.Because of the information imbalance between the two sides,the defence is often in a passive situation by using traditional defence means.In order to improve the network defence capability,this paper studies the application of camouflage deception and attack trapping technology in the actual scenario of cyber security in meteorological departments.By adopting a honeypot-based deception trapping platform,an active defence system is constructed to realize the monitoring,analysis and early warning of abnormal network traffic,and trap and trace the source of attackers.Through actual combat tests,the application of deception trapping technology has effectively improved the cyber security defence capability and ensured meteorological operational systems stable and reliable.

关 键 词：网络安全 欺骗诱捕 攻防对抗 流量重定向 行为分析 

分 类 号：P409[天文地球—大气科学及气象学] TN915.088[电子电信—通信与信息系统]