摘要
针对蜜罐在配置和维护方面存在的挑战,提出了动态蜜罐技术的思想,并对它进行分析.动态蜜罐是一个即插即用的蜜罐系统,它通过监控和自学习实时的网络环境、收集网络中计算机的信息能够自动地确定应配置多少蜜罐以及怎样对它们进行配置.该蜜罐系统主要使用了被动指纹识别技术和虚拟蜜罐技术.被动指纹识别技术基于每种操作系统的IP协议栈都有其自身特点的原理,通过捕捉和分析网络中的数据包从而确定周围计算机操作系统的类型.利用虚拟蜜罐技术的思想,能够在单一的物理设备上配置多个虚拟的蜜罐系统.结合这两种技术,文章最后给出了一个动态蜜罐的设计模型,同时也分析了它的不足之处.研究结果表明,动态蜜罐能够从根本上解决蜜罐在配置和维护上存在的问题.
Aiming at the deployment and maintenance of honeypot, an idea of dynamic honeypot was proposed and analyzed. The dynamic honeypot is a kind of plug and play system by using passive fingerprinting and virtual honeypots. The dynamic honeypot can monitor and self-study real-time network environment, retrieves information and automatically determine how many honeypots to deploy and how to deploy them. The passive fingerprinting is based on the principle that every operating system′s IP stack has its own idiosyncrasies and determines the type operating system by capturing, analyzing packets in the network. By using the virtual honeypots technology multiple honeypots can be deployed on a single physical device. Combined these two kinds of technology, a model of dynamic honeypot was designed. The deficiency of this model was also analyzed. The results of research show that dynamic honeypot can radically revolutionize the deployment and maintenance of honeypots.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2005年第2期86-88,102,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家网络与信息安全保障持续发展计划资助项目(2004研1917021)
武汉市科学技术局资助项目(20043001032).
关键词
蜜罐
动态蜜罐
被动指纹识别
honeypots
dynamic honeypot
passive fingerprinting
