摘要
针对网络对抗和计算机网络安全防护的现实需求,提出了一种在分布式欺骗空间中实施多重欺骗的网络主动防御技术,通过仿真常用的网络服务程序以及伪造安全漏洞来诱骗入侵者,利用内核级操作控制、文件系统镜像和信息欺骗,构建基于Windows和Linux平台的欺骗性操作环境,实现了对网络入侵全过程的欺骗、监视与控制。该技术突破了普通蜜罐技术单一欺骗层次的局限性,使得欺骗性、交互性和安全性同时得到明显提高。
A network active defense technology based on multi-layers deception in the distributed deception space is proposed to meet the needs of network countermeasure and network security. This technology simulates usual network service programs and forges vulnerabilities to lure the intruder. With operation control at kernel level, file system mirror and information deception, it creates the deceiving operating environment on the platform of Windows and Linux. Thus the process of intrusion is fully deceived, monitored and controlled. This technology breaks the limitation of a single layer deception used by other general honeypots, and obviously promotes the level of deception, interaction and ensures security.
出处
《国防科技大学学报》
EI
CAS
CSCD
北大核心
2008年第3期65-69,共5页
Journal of National University of Defense Technology
基金
国家863计划重大专项资助项目(2003AA146010)
关键词
网络欺骗
主动防御
蜜罐
网络服务仿真
操作行为控制
network deception
active defense
honeypot
network service simulation
operation control
