摘要
蜜罐技术是一种欺骗入侵者以达到采集黑客攻击方法和保护真实主机目标的诱骗技术,它的核心价值在于被探测、被攻击或者被威胁,以此达到对这些攻击活动的检测与分析,从而了解攻击者的目的、攻击手段甚至于心理习惯,最终实现从观察攻击者的行为中学习到深层次的信息保护的方法。在蜜罐技术的应用过程中,最为关键的一点就是蜜罐系统对攻击者所具有的迷惑性。从蜜罐系统特有的系统特征、硬件特征以及网络特征出发,分析各种蜜罐系统或者虚拟机系统中可能存在的一些可识别的特性,提出一些识别方案并针对部分方法进行了编程识别,希望能够引起安全行业的重视,能够推动蜜罐技术的发展。
Honeypot technology is employed to trap attacks,thus to collect the attack information and protect the real host.The core value of the honeypot lies in being detected,attacked and threatened,with this,the people could analyze the attack,know its attack purpose,means and strategies,and finally learn in-depth information protection methods.In the application of honeypot technology,the most important point is the misleading of the attackers.This paper analyzes the identifiable points of the honeypot and virtual machine systems through several specific characteristics of the system hardware and the network.Then it proposes some solutions to the identification with experimental statistics.It is hoped that the information security industry could attach the importance to and promote the development of honeypot technology.
出处
《信息安全与通信保密》
2011年第5期91-93,共3页
Information Security and Communications Privacy
关键词
蜜罐
虚拟机
探测
识别
honeypot
virtual machine
detection
identification
