蜜罐技术研究新进展
|
摘要
蜜罐技术是网络防御中的陷阱技术,它通过吸引诱骗攻击者并记录其攻击行为,从而研究学习敌手的攻击目的和攻击手段,保护真实服务资源。然而,传统蜜罐技术存在着静态配置、固定部署等先天不足,极易被攻击者识别绕过而失去诱骗价值。因此,如何提高蜜罐的动态性与诱骗性成为蜜罐领域的关键问题。该文对近年来国内外蜜罐领域研究成果进行了梳理,首先总结了蜜罐发展历史,随后以蜜罐关键技术为核心,对执行过程、部署方式、反识别思想、博弈理论基础进行了分析;最后,对近年来不同蜜罐防御成果分类叙述,并对蜜罐技术发展趋势进行了分析陈述,针对潜在安全威胁,展望新兴领域防御应用。
Honeypot technology is a network trap in cyber defense. It can attract and deceive attackers and record their attack behavior, so as to study the target and attack means of the adversary and protect real service resources. However, because of the static configuration and the fixed deployment in traditional honeypots, it is as easy as a pie for intruders to identify and escape those traps, which makes them meaningless.Therefore, how to improve the dynamic characteristic and the camouflage performance of honeypot becomes a key problem in the field of honeypot. In this paper, the recent research achievements in honeypot are summarized. Firstly, the development history of honeypot in four stages is summed up. Subsequently, by focusing on the key honeypot mechanism, the analysis on process, deployment, counter-recognition and game theory are carried out. Finally, the achievements of honeypot in different aspects are characterized and the development trends of honeypot technology is depicted.
Honeypot technology is a network trap in cyber defense. It can attract and deceive attackers and record their attack behavior, so as to study the target and attack means of the adversary and protect real service resources. However, because of the static configuration and the fixed deployment in traditional honeypots, it is as easy as a pie for intruders to identify and escape those traps, which makes them meaningless.Therefore, how to improve the dynamic characteristic and the camouflage performance of honeypot becomes a key problem in the field of honeypot. In this paper, the recent research achievements in honeypot are summarized. Firstly, the development history of honeypot in four stages is summed up. Subsequently, by focusing on the key honeypot mechanism, the analysis on process, deployment, counter-recognition and game theory are carried out. Finally, the achievements of honeypot in different aspects are characterized and the development trends of honeypot technology is depicted.
引文
[1]IRVENE C,FORMBY D,LITCHFIELD S,et al.Honey Bot:A honeypot for robotic systems[J].Proceedings of the IEEE,2018,106(1):61-70.doi:10.1109/JPROC.2017.2748421.
[2]诸葛建伟,唐勇,韩心慧,等.蜜罐技术研究与应用进展[J].软件学报,2013,24(4):825-842.doi:10.3724/SP.J.1001.2013.04369.ZHUGE Jianwei,TANG Yong,HAN Xinhui,et al.Honeypot technology research and application[J].Journal of Software,2013,24(4):825-842.doi:10.3724/SP.J.1001.2013.04369.
[3]LAURéN S,RAUTI S,and LEPP?NEN V.An interface diversified honeypot for malware analysis[C].Proccedings of the 10th European Conference on Software Architecture Workshops,New York,USA,2016:1-6.doi:10.1145/2993412.2993417.
[4]AGRAWAL N and TAPASWI S.Wireless rogue access point detection using shadow honeynet[J].Wireless Personal Communications,2015,83(1):551-570.doi:10.1007/s11277-015-2408-0.
[5]VASILOMANOLAKIS E,KARUPPAYAH S,KIKIRAS P,et al.A honeypot-driven cyber incident monitor:Lessons learned and steps ahead[C].The 8th International Conference on Security of Information and Networks,Sochi,Russia,2015:158-164.doi:10.1145/2799979.2799999.
[6]VASILOMANOLAKIS E,SRINIVASA S,CORDERO C G,et al.Multi-stage attack detection and signature generation with ICS honeypots[C].IEEE/IFIP Network Operations and Management Symposium,Istanbul,Turkey,2016:1227-1232.doi:10.1109/NOMS.2016.7502992.
[7]WAFI H,FIADE A,HAKIEM N,et al.Implementation of a modern security systems honeypot honey network on wireless networks[C].International Young Engineers Forum,Almada,Portugal,2017:91-96.doi:10.1109/YEF-ECE.2017.7935647.
[8]LEONARD A,CAI H,VENKATASUBRAMANIAN K,et al.A honeypot system for wearable networks[C].IEEE 37th Sarnoff Symposium,Newark,USA,2016:199-201.doi:10.1109/SARNOF.2016.7846755.
[9]GUARNIZO J,TAMBE A,BHUNIA S S,et al.SIPHON:Towards scalable high-Interation physical honeypots[C].The 3rd ACM Workshop on Cyber-Physical System Security,New York,USA,2017:57-68.doi:10.1145/3055186.3055192.
[10]黄开枝,洪颖,罗文宇,等.基于演化博弈机制的物理层安全协作方法[J].电子与信息学报,2015,37(1):193-199.doi:10.11999/JEIT140309.HUANG Kaizhi,HONG Ying,LUO Wenyu,et al.Amethod for physical layer security cooperation based on evolutionary game[J].Journal of Electronics&Information Technology,2015,37(1):193-199.doi:10.11999/JEIT140309.
[11]石乐义,赵俊楠,李芹,等.基于信令博弈的网络诱骗防御策略分析与仿真[J].系统仿真学报,2016,28(2):348-353.doi:10.16182/j.cnki.joss.2016.02.013.SHI Leyi,ZHAO Junnan,LI Qin,et al.Signaling game analysis and simulation on network decoy defense strategies[J].Journal of System Simulation,2016,28(2):348-353.doi:10.16182/j.cnki.joss.2016.02.013.
[12]LA Q D,QUEK T Q S,LEE J,et al.Deceptive attack and defense game in honeypot-enabled networks for the internet of things[J].IEEE Internet of Things Journal,2016,3(6):1025-1035.doi:10.1109/JIOT.2016.2547994.
[13]刘江,张红旗,杨英杰,等.基于主机安全状态迁移模型的动态网络防御有效性评估[J].电子与信息学报,2017,39(3):509-517.doi:10.11999/JEIT160513.LIU Jiang,ZHANG Hongqi,and YANG Yingjie,et al.Effectiveness evaluation of moving network defense based on host security state transition model[J].Journal of Electronics&Information Technology,2017,39(3):509-517.doi:10.11999/JEIT160513.
[14]KUWATLY I,SRAJ M,AL MASRI Z,et al.A dynamic honeypot design for intrusion detection[C].The IEEE/ACSInternational Conference on Pervasive Services,Beirut,Lebanon,2004:95-104.doi:10.1109/PERSER.2004.1356776.
[15]ARTAIL H,SAFA H,SRAJ M,et al.A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks[J].Computers&Security,2006,25(4):274-288.doi:10.1016/j.cose.2006.02.009.
[16]PAUNA A,IACOB A,and BICA I.QRASSH-A self-adaptive SSH honeypot driven by Q-learning[C].International Conference on Communications,Bucharest,Romania,2018,417-422.doi:10.1109/ICComm.2018.8484261.
[17]SAEEDI A,KHOTANLOU H,and NASSIRI M.A dynamic approach for honeypot management[J].International Journal of Information,Security and Systems Management,2012,1(2):104-109.
[18]FAN W,FERNáNDEZ D,and DU Z.Adaptive and flexible virtual honeynet[C].International Conference on Mobile,Secure and Programmable Networking,Paris,France,2015:1-17.doi:10.1007/978-3-319-25744-0_1.
[19]HECKER C and HAY B.Automated honeynet deployment for dynamic network environment[C].International Conference on System Sciences,Hawaii,USA,2013:4880-4889.doi:10.1109/HICSS.2013.110.
[20]FAN W,FERNáNDEZ D,and DU Z.Versatile virtual honeynet management framework[J].IET Information Security,2016,11(1):38-45.doi:10.1049/iet-ifs.2015.0256.
[21]石乐义,李婕,刘昕,等.基于动态阵列蜜罐的协同网络防御策略研究[J].通信学报,2012,33(11):159-164.doi:10.3969/j.issn.1000-436x.2012.11.020.SHI Leyi,LI Jie,LIU Xin,et al.Research on dynamic array honeypot for collaborative network defense strategy[J].Journal on Communications,2012,33(11):159-164.doi:10.3969/j.issn.1000-436x.2012.11.020.
[22]石乐义,姜蓝蓝,贾春福,等.蜜罐诱骗防御机理的博弈理论分析[J].电子与信息学报,2012,34(6):1420-1424.doi:10.3724/SP.J.1146.2011.00929.SHI Leyi,JIANG Lanlan,JIA Chunfu,et al.A game theoretic analysis for the honeypot deceptive mechanism[J].Journal of Electronics&Information Technology,2012,34(6):1420-1424.doi:10.3724/SP.J.1146.2011.00929.
[23]石乐义,姜蓝蓝,刘昕,等.拟态式蜜罐诱骗特性的博弈理论分析[J].电子与信息学报,2013,35(5):1063-1068.doi:10.3724/SP.J.1146.2012.01213.SHI Leyi,JIANG Lanlan,LIU Xin,et al.Game theoretic analysis for the feature of mimicry honeypot[J].Journal of Electronics&Information Technology,2013,35(5):1063-1068.doi:10.3724/SP.J.1146.2012.01213.
[24]SAADI C and CHAOUI H.Cloud computing security using IDS-AM-Clust,honeyd,honeywall and honeycomb[J].Procedia Computer Science,2016,85:433-442.doi:10.1016/j.procs.2016.05.189.
[25]SOCHOR T and ZUZCAK M.High-interaction linux honeypot architecture in recent perspective[C].International Conference on Computer Networks,Brunow,Poland,2016:118-131.doi:10.1007/978-3-319-39207-3_11.
[26]BUDA M and BLUEMKE I.Data mining algorithms in theanalysis of security logs from a honeypot system[C].International Conference on Dependability and Complex Systems,Brunow,Poland,2016:63-73.doi:10.1007/978-3-319 -39639-2_6.
[27]JIA Zhaopeng,CUI Xiang,LIU Qixu,et al.MicroHoneypot:Using browser fingerprinting to track attackers[C].IEEE Third International Conference on Data Science in Cyberspace,Guangzhou,China,2018:197-204.doi:10.1109/DSC.2018.00036.
[28]MUN H J and HAN K H.Blackhole attack:user identity and password seize attack using honeypot[J].Journal of Computer Virology and Hacking Techniques,2016,12(3):185-190.doi:10.1007/s11416-016-0270-6.
[29]王传极.基于蜜罐技术捕获的电子数据的证据效力研究[D].[硕士论文],华东政法大学,2015.WANG Chuan Ji.Research on the evidence validity of data capturing by honeypot[D].[Master dissertation],East China University of Political Science and Law,2015.
[30]ULUSOY H,KANTARCIOGLU M,THURAISINGHAM B,et al.Honeypot based unauthorized data access detection in Map Reduce systems[C].IEEE International Conference on Intelligence and Security Informatics,Baltimore,USA,2015:126-131.doi:10.1109/ISI.2015.7165951.
[31]SKRZEWSKI M.About the efficiency of malware monitoring via server-side honeypots[C].International Conference on Computer Networks,Brunow,Poland,2016:132-140.doi:10.1007/978-3-319-39207-3_12.
[32]SOCHOR T and ZUZCAK M.Attractiveness study of honeypots and honeynets in internet threat detection[C].International Conference on Computer Networks,Brunow,Poland,2015:69-81.doi:10.1007/978-3-319-19419-6_7.
[33]DAHBUL R N,LIM C,and PURNAMA J.Enhancing honeypot deception capability through network service fingerprinting[J].Journal of Physics:Conference Series,2017,801(1):1-7.doi:10.1088/1742-6596/801/1/012057.
[34]SOCHOR T,ZUZCAK M,and BUJOK P.Analysis of attackers against windows emulating honeypots in various types of networks and regions[C].Eighth International Conference on Ubiquitous and Future Networks,Vienna,Austria,2016:863-868.doi:10.1109/ICUFN.2016.7537159.
[35]武泽慧,魏强,任开磊,等.基于Open Flow交换机洗牌的DDo S攻击动态防御方法[J].电子与信息学报,2017,39(2):397-404.doi:10.11999/JEIT160449.WU Zehui,WEI Qiang,REN Kailei,et al.Dynamic defense for DDo S attack using openflow-based switch shuffling approach[J].Journal of Electronics&Information Technology,2017,39(2):397-404.doi:10.11999/JEIT160449.
[36]SAUD Z and ISLAM M H.Towards proactive detection ofAdvanced Persistent Threat(APT)attacks using honeypots[C].The 8th International Conference on Security of Information and Networks,Sochi,Russia,2015:154-157.doi:10.1145/2799979.2800042.
[37]CHAMOTRA S,SEHGAL R K,ROR S,et al.Honeypot deployment in broadband networks[C].International Conference on Information Systems Security,Jaipur,India,2016:479-488.doi:10.1007/978-3-319-49806-5_27.
[38]刘胜利,彭飞,武东英,等.CHoney:一个面向Cisco路由器攻击捕获的新型蜜罐[J].北京邮电大学学报,2015,38(5):47-53.doi:10.13190/j.jbupt.2015.05.008.LIU Shengli,PENG Fei,WU Dongying,et al.CHoney:Anew honeypot for capturing attacks against cisco routers[J].Journal of Beijing University of Posts and Telecommunications,2015,38(5):47-53.doi:10.13190/j.jbupt.2015.05.008.
[39]郭军权,诸葛建伟,孙东红,等.Spampot:基于分布式蜜罐的垃圾邮件捕获系统[J].计算机研究与发展,2014,51(5):1071-1080.doi:10.7544/issn1000-1239.2014.20120738.GUO Junquan,ZHUGE Jianwei,SUN Donghong,et al.Spampot:A spam capture system based on distributed honeypot[J].Journal of Computer Research and Development,2014,51(5):1071-1080.doi:10.7544/issn1000-1239.2014.20120738.
[40]贾召鹏,方滨兴,崔翔,等.Ark Honey:基于协同机制的Web蜜罐[J].计算机学报,2018,41(2):413-425.doi:10.11897/SP.J.1016.2018.00413.JIA Zhaopeng,FANG Binxing,CUI Xiang,et al.Ark Honey:A web honeypot based on collaborative mechanisms[J].Chinese journal of Computers,2018,41(2):413-425.doi:10.11897/SP.J.1016.2018.00413.
[41]PARK J H,CHOI J W,and SONG J S.How to design practical client honeypots based on virtual environment[C].Asia Joint Conference on Information Security,Fukuoka,Japan,2016:67-73.doi:10.1109/Asia JCIS.2016.19.
[42]AKIYAMA M,YAGI T,YADA T,et al.Analyzing the ecosystem of malicious URL redirection through longitudinal observation from honeypots[J].Computers&Security,2017,69(1):155-173.doi:10.1016/j.cose.2017.01.003.
[43]MOORE C.Detecting ransomware with honeypot techniques[C].Cybersecurity and Cyberforensics Conference,Amman,Jordan,2016:77-81.doi:10.1109/CCC.2016.14.
[44]AL-HAKBANI M M and DAHSHAN M H.Avoiding honeypot detection in peer-to-peer botnets[C].IEEEInternational Conference on Engineering and Technology,Coimbatore,India,2015:1-7.doi:10.1109/ICETECH.2015.7275017.
[45]CHAMOTRA S,SEHGAL R K,and ROR S.Bot detectionand botnet tracking in honeynet context[C].Conference on Information and Communication Technology for Intelligent Systems,Ahmedabad,India,2016:563-574.doi:10 .1007/978-3-319-30933-0_56.
[46]OLAGUNJU A O and SAMU F.In search of effective honeypot and honeynet systems for real-time intrusion detection and prevention[C].The 5th Annual Conference on Research in Information Technology,Boston,USA,2016:41-46.doi:10.1145/2978178.2978184.
[47]MUHAMMET B and RESUL D.A novel honeypot based security approach for real-time intrusion detection and prevention systems[J].Journal of Information Security and Applications,2018,41:103.doi:10.1016/j.jisa.2018.06.004.
[48]ALBASHIR A A A N.Detecting unknown vulnerabilities using honeynet[C].First International Conference on AntiCybercrime,Riyadh,Saudi Arabia,2015:1-4.doi:10.1109/Anti-Cybercrime.2015.7351929.
[49]KUZE N,ISHIKURA S,YAGI T,et al.Detection of vulnerability scanning using features of collective accesses based on information collected from multiple honeypots[C].Network Operations and Management Symposium,Istanbul,Turkey,2016:1067-1072.doi:10.1109/NOMS.2016.7502962.
[50]CHAMOTRA S,SEHGAL R K,and MISRA R S.Honeypot baselining for zero day attack detection[J].International Journal of Information Security and Privacy,2017,11(3):63-74.doi:10.4018/IJISP.2017070106.
[51]ANIRUDH M,THILEEBAN S A,and NALLATHAMBI DJ.Use of honeypots for mitigating Do S attacks targeted on Io T networks[C].International Conference on Computer,Communication and Signal Processing,Chennai,India,2017:1-4.doi:10.1109/ICCCSP.2017.7944057.
[52]李硕,张权.基于蜜罐的CC攻击防护体系[J].信息安全与通信保密,2015(9):99-102.doi:10.3969/j.issn.1009-8054.2015.09.030.LI Shuo and ZHANG Quan.Protection system of CC attack based on honeypot[J].Information Security and Communications Privacy,2015(9):99-102.doi:10.3969/j.issn.1009-8054.2015.09.030.
[53]SARDANA A and JOSHI R.An auto-responsive honeypot architecture for dynamic resource allocation and Qo Sadaptation in DDo S attacked networks[J].Computer Communications,2009,32(12):1384-1399.doi:10.1016/j.comcom.2009.03.005.
[54]SEMBIRING I.Implementation of honeypot to detect and prevent distributed denial of service attack[C].International Conference on Information Technology,Computer,and Electrical Engineering,Semarang,Indonesia,2016:345-350.doi:10.1109/ICITACEE.2016.7892469.
[55]NISRINE M.A security approach for social networks basedon honeypots[C].IEEE International Colloquium on Information Science and Technology,Tangier,Morocco,2016:638-643.doi:10.1109/CIST.2016.7804964.
[56]KEBANDE V R,KARIE N M,and VENTER H S.Ageneric digital forensic readiness model for BYOD using honeypot technology[C].IST-Africa Week Conference,Durban,South Africa,2016:1-12.doi:10.1109/ISTAFRICA.2016.7530590.
[57]邢文娟.基于Android的手机蜜罐研究与设计[D].[硕士论文],中国石油大学(华东),2016.XING Wenjuan.The rsearch and dsign of mbile phone honeypot based on android[D].[Master dissertation],China University of Petroleum(East China),2016.
[58]SERBANESCU A V,OBERMEIER S,and YU D Y.Ascalable honeynet architecture for industrial control systems[C].International Conference on E-Business and Telecommunications,Colmar,France,2015:179-200.doi:10.1007/978-3-319-30222-5_9.
[59]李京京.基于蜜罐技术的ICS威胁感知平台设计与实现[D].[硕士论文],郑州大学,2017.LI Jingjing.Design and implementation of ICS threat perception platform based on honeypot[D].[Master dissertation],Zhengzhou University,2017.
[60]AHMED H M,HASSAN N F,and FAHAD A A.Designing a smartphone honeypot system using performance counters[J].Karbala International Journal of Modern Science,2017,3(1):46-52.doi:10.1016/j.kijoms.2017.02.004.
[61]BALDUZZI M,GUPTA P,GU L,et al.Mobipot:Understanding mobile telephony threats with honeycards[C].The 11th ACM on Asia Conference on Computer and Communications Security,Xi’an,China,2016:723-734.doi:10.1145/2897845.2897890.
[62]贾召鹏,方滨兴,刘潮歌,等.网络欺骗技术综述[J].通信学报,2018,38(12):128-143.doi:10.11959/j.issn.1000-436x.2017281.JIA Zhaopeng,FANG Binxing,LIU Chaoge,et al.Survey on cyber deception[J].Journal on Communications,2018,38(12):128-143.doi:10.11959/j.issn.1000-436x.2017281.
[2]诸葛建伟,唐勇,韩心慧,等.蜜罐技术研究与应用进展[J].软件学报,2013,24(4):825-842.doi:10.3724/SP.J.1001.2013.04369.ZHUGE Jianwei,TANG Yong,HAN Xinhui,et al.Honeypot technology research and application[J].Journal of Software,2013,24(4):825-842.doi:10.3724/SP.J.1001.2013.04369.
[3]LAURéN S,RAUTI S,and LEPP?NEN V.An interface diversified honeypot for malware analysis[C].Proccedings of the 10th European Conference on Software Architecture Workshops,New York,USA,2016:1-6.doi:10.1145/2993412.2993417.
[4]AGRAWAL N and TAPASWI S.Wireless rogue access point detection using shadow honeynet[J].Wireless Personal Communications,2015,83(1):551-570.doi:10.1007/s11277-015-2408-0.
[5]VASILOMANOLAKIS E,KARUPPAYAH S,KIKIRAS P,et al.A honeypot-driven cyber incident monitor:Lessons learned and steps ahead[C].The 8th International Conference on Security of Information and Networks,Sochi,Russia,2015:158-164.doi:10.1145/2799979.2799999.
[6]VASILOMANOLAKIS E,SRINIVASA S,CORDERO C G,et al.Multi-stage attack detection and signature generation with ICS honeypots[C].IEEE/IFIP Network Operations and Management Symposium,Istanbul,Turkey,2016:1227-1232.doi:10.1109/NOMS.2016.7502992.
[7]WAFI H,FIADE A,HAKIEM N,et al.Implementation of a modern security systems honeypot honey network on wireless networks[C].International Young Engineers Forum,Almada,Portugal,2017:91-96.doi:10.1109/YEF-ECE.2017.7935647.
[8]LEONARD A,CAI H,VENKATASUBRAMANIAN K,et al.A honeypot system for wearable networks[C].IEEE 37th Sarnoff Symposium,Newark,USA,2016:199-201.doi:10.1109/SARNOF.2016.7846755.
[9]GUARNIZO J,TAMBE A,BHUNIA S S,et al.SIPHON:Towards scalable high-Interation physical honeypots[C].The 3rd ACM Workshop on Cyber-Physical System Security,New York,USA,2017:57-68.doi:10.1145/3055186.3055192.
[10]黄开枝,洪颖,罗文宇,等.基于演化博弈机制的物理层安全协作方法[J].电子与信息学报,2015,37(1):193-199.doi:10.11999/JEIT140309.HUANG Kaizhi,HONG Ying,LUO Wenyu,et al.Amethod for physical layer security cooperation based on evolutionary game[J].Journal of Electronics&Information Technology,2015,37(1):193-199.doi:10.11999/JEIT140309.
[11]石乐义,赵俊楠,李芹,等.基于信令博弈的网络诱骗防御策略分析与仿真[J].系统仿真学报,2016,28(2):348-353.doi:10.16182/j.cnki.joss.2016.02.013.SHI Leyi,ZHAO Junnan,LI Qin,et al.Signaling game analysis and simulation on network decoy defense strategies[J].Journal of System Simulation,2016,28(2):348-353.doi:10.16182/j.cnki.joss.2016.02.013.
[12]LA Q D,QUEK T Q S,LEE J,et al.Deceptive attack and defense game in honeypot-enabled networks for the internet of things[J].IEEE Internet of Things Journal,2016,3(6):1025-1035.doi:10.1109/JIOT.2016.2547994.
[13]刘江,张红旗,杨英杰,等.基于主机安全状态迁移模型的动态网络防御有效性评估[J].电子与信息学报,2017,39(3):509-517.doi:10.11999/JEIT160513.LIU Jiang,ZHANG Hongqi,and YANG Yingjie,et al.Effectiveness evaluation of moving network defense based on host security state transition model[J].Journal of Electronics&Information Technology,2017,39(3):509-517.doi:10.11999/JEIT160513.
[14]KUWATLY I,SRAJ M,AL MASRI Z,et al.A dynamic honeypot design for intrusion detection[C].The IEEE/ACSInternational Conference on Pervasive Services,Beirut,Lebanon,2004:95-104.doi:10.1109/PERSER.2004.1356776.
[15]ARTAIL H,SAFA H,SRAJ M,et al.A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks[J].Computers&Security,2006,25(4):274-288.doi:10.1016/j.cose.2006.02.009.
[16]PAUNA A,IACOB A,and BICA I.QRASSH-A self-adaptive SSH honeypot driven by Q-learning[C].International Conference on Communications,Bucharest,Romania,2018,417-422.doi:10.1109/ICComm.2018.8484261.
[17]SAEEDI A,KHOTANLOU H,and NASSIRI M.A dynamic approach for honeypot management[J].International Journal of Information,Security and Systems Management,2012,1(2):104-109.
[18]FAN W,FERNáNDEZ D,and DU Z.Adaptive and flexible virtual honeynet[C].International Conference on Mobile,Secure and Programmable Networking,Paris,France,2015:1-17.doi:10.1007/978-3-319-25744-0_1.
[19]HECKER C and HAY B.Automated honeynet deployment for dynamic network environment[C].International Conference on System Sciences,Hawaii,USA,2013:4880-4889.doi:10.1109/HICSS.2013.110.
[20]FAN W,FERNáNDEZ D,and DU Z.Versatile virtual honeynet management framework[J].IET Information Security,2016,11(1):38-45.doi:10.1049/iet-ifs.2015.0256.
[21]石乐义,李婕,刘昕,等.基于动态阵列蜜罐的协同网络防御策略研究[J].通信学报,2012,33(11):159-164.doi:10.3969/j.issn.1000-436x.2012.11.020.SHI Leyi,LI Jie,LIU Xin,et al.Research on dynamic array honeypot for collaborative network defense strategy[J].Journal on Communications,2012,33(11):159-164.doi:10.3969/j.issn.1000-436x.2012.11.020.
[22]石乐义,姜蓝蓝,贾春福,等.蜜罐诱骗防御机理的博弈理论分析[J].电子与信息学报,2012,34(6):1420-1424.doi:10.3724/SP.J.1146.2011.00929.SHI Leyi,JIANG Lanlan,JIA Chunfu,et al.A game theoretic analysis for the honeypot deceptive mechanism[J].Journal of Electronics&Information Technology,2012,34(6):1420-1424.doi:10.3724/SP.J.1146.2011.00929.
[23]石乐义,姜蓝蓝,刘昕,等.拟态式蜜罐诱骗特性的博弈理论分析[J].电子与信息学报,2013,35(5):1063-1068.doi:10.3724/SP.J.1146.2012.01213.SHI Leyi,JIANG Lanlan,LIU Xin,et al.Game theoretic analysis for the feature of mimicry honeypot[J].Journal of Electronics&Information Technology,2013,35(5):1063-1068.doi:10.3724/SP.J.1146.2012.01213.
[24]SAADI C and CHAOUI H.Cloud computing security using IDS-AM-Clust,honeyd,honeywall and honeycomb[J].Procedia Computer Science,2016,85:433-442.doi:10.1016/j.procs.2016.05.189.
[25]SOCHOR T and ZUZCAK M.High-interaction linux honeypot architecture in recent perspective[C].International Conference on Computer Networks,Brunow,Poland,2016:118-131.doi:10.1007/978-3-319-39207-3_11.
[26]BUDA M and BLUEMKE I.Data mining algorithms in theanalysis of security logs from a honeypot system[C].International Conference on Dependability and Complex Systems,Brunow,Poland,2016:63-73.doi:10.1007/978-3-319 -39639-2_6.
[27]JIA Zhaopeng,CUI Xiang,LIU Qixu,et al.MicroHoneypot:Using browser fingerprinting to track attackers[C].IEEE Third International Conference on Data Science in Cyberspace,Guangzhou,China,2018:197-204.doi:10.1109/DSC.2018.00036.
[28]MUN H J and HAN K H.Blackhole attack:user identity and password seize attack using honeypot[J].Journal of Computer Virology and Hacking Techniques,2016,12(3):185-190.doi:10.1007/s11416-016-0270-6.
[29]王传极.基于蜜罐技术捕获的电子数据的证据效力研究[D].[硕士论文],华东政法大学,2015.WANG Chuan Ji.Research on the evidence validity of data capturing by honeypot[D].[Master dissertation],East China University of Political Science and Law,2015.
[30]ULUSOY H,KANTARCIOGLU M,THURAISINGHAM B,et al.Honeypot based unauthorized data access detection in Map Reduce systems[C].IEEE International Conference on Intelligence and Security Informatics,Baltimore,USA,2015:126-131.doi:10.1109/ISI.2015.7165951.
[31]SKRZEWSKI M.About the efficiency of malware monitoring via server-side honeypots[C].International Conference on Computer Networks,Brunow,Poland,2016:132-140.doi:10.1007/978-3-319-39207-3_12.
[32]SOCHOR T and ZUZCAK M.Attractiveness study of honeypots and honeynets in internet threat detection[C].International Conference on Computer Networks,Brunow,Poland,2015:69-81.doi:10.1007/978-3-319-19419-6_7.
[33]DAHBUL R N,LIM C,and PURNAMA J.Enhancing honeypot deception capability through network service fingerprinting[J].Journal of Physics:Conference Series,2017,801(1):1-7.doi:10.1088/1742-6596/801/1/012057.
[34]SOCHOR T,ZUZCAK M,and BUJOK P.Analysis of attackers against windows emulating honeypots in various types of networks and regions[C].Eighth International Conference on Ubiquitous and Future Networks,Vienna,Austria,2016:863-868.doi:10.1109/ICUFN.2016.7537159.
[35]武泽慧,魏强,任开磊,等.基于Open Flow交换机洗牌的DDo S攻击动态防御方法[J].电子与信息学报,2017,39(2):397-404.doi:10.11999/JEIT160449.WU Zehui,WEI Qiang,REN Kailei,et al.Dynamic defense for DDo S attack using openflow-based switch shuffling approach[J].Journal of Electronics&Information Technology,2017,39(2):397-404.doi:10.11999/JEIT160449.
[36]SAUD Z and ISLAM M H.Towards proactive detection ofAdvanced Persistent Threat(APT)attacks using honeypots[C].The 8th International Conference on Security of Information and Networks,Sochi,Russia,2015:154-157.doi:10.1145/2799979.2800042.
[37]CHAMOTRA S,SEHGAL R K,ROR S,et al.Honeypot deployment in broadband networks[C].International Conference on Information Systems Security,Jaipur,India,2016:479-488.doi:10.1007/978-3-319-49806-5_27.
[38]刘胜利,彭飞,武东英,等.CHoney:一个面向Cisco路由器攻击捕获的新型蜜罐[J].北京邮电大学学报,2015,38(5):47-53.doi:10.13190/j.jbupt.2015.05.008.LIU Shengli,PENG Fei,WU Dongying,et al.CHoney:Anew honeypot for capturing attacks against cisco routers[J].Journal of Beijing University of Posts and Telecommunications,2015,38(5):47-53.doi:10.13190/j.jbupt.2015.05.008.
[39]郭军权,诸葛建伟,孙东红,等.Spampot:基于分布式蜜罐的垃圾邮件捕获系统[J].计算机研究与发展,2014,51(5):1071-1080.doi:10.7544/issn1000-1239.2014.20120738.GUO Junquan,ZHUGE Jianwei,SUN Donghong,et al.Spampot:A spam capture system based on distributed honeypot[J].Journal of Computer Research and Development,2014,51(5):1071-1080.doi:10.7544/issn1000-1239.2014.20120738.
[40]贾召鹏,方滨兴,崔翔,等.Ark Honey:基于协同机制的Web蜜罐[J].计算机学报,2018,41(2):413-425.doi:10.11897/SP.J.1016.2018.00413.JIA Zhaopeng,FANG Binxing,CUI Xiang,et al.Ark Honey:A web honeypot based on collaborative mechanisms[J].Chinese journal of Computers,2018,41(2):413-425.doi:10.11897/SP.J.1016.2018.00413.
[41]PARK J H,CHOI J W,and SONG J S.How to design practical client honeypots based on virtual environment[C].Asia Joint Conference on Information Security,Fukuoka,Japan,2016:67-73.doi:10.1109/Asia JCIS.2016.19.
[42]AKIYAMA M,YAGI T,YADA T,et al.Analyzing the ecosystem of malicious URL redirection through longitudinal observation from honeypots[J].Computers&Security,2017,69(1):155-173.doi:10.1016/j.cose.2017.01.003.
[43]MOORE C.Detecting ransomware with honeypot techniques[C].Cybersecurity and Cyberforensics Conference,Amman,Jordan,2016:77-81.doi:10.1109/CCC.2016.14.
[44]AL-HAKBANI M M and DAHSHAN M H.Avoiding honeypot detection in peer-to-peer botnets[C].IEEEInternational Conference on Engineering and Technology,Coimbatore,India,2015:1-7.doi:10.1109/ICETECH.2015.7275017.
[45]CHAMOTRA S,SEHGAL R K,and ROR S.Bot detectionand botnet tracking in honeynet context[C].Conference on Information and Communication Technology for Intelligent Systems,Ahmedabad,India,2016:563-574.doi:10 .1007/978-3-319-30933-0_56.
[46]OLAGUNJU A O and SAMU F.In search of effective honeypot and honeynet systems for real-time intrusion detection and prevention[C].The 5th Annual Conference on Research in Information Technology,Boston,USA,2016:41-46.doi:10.1145/2978178.2978184.
[47]MUHAMMET B and RESUL D.A novel honeypot based security approach for real-time intrusion detection and prevention systems[J].Journal of Information Security and Applications,2018,41:103.doi:10.1016/j.jisa.2018.06.004.
[48]ALBASHIR A A A N.Detecting unknown vulnerabilities using honeynet[C].First International Conference on AntiCybercrime,Riyadh,Saudi Arabia,2015:1-4.doi:10.1109/Anti-Cybercrime.2015.7351929.
[49]KUZE N,ISHIKURA S,YAGI T,et al.Detection of vulnerability scanning using features of collective accesses based on information collected from multiple honeypots[C].Network Operations and Management Symposium,Istanbul,Turkey,2016:1067-1072.doi:10.1109/NOMS.2016.7502962.
[50]CHAMOTRA S,SEHGAL R K,and MISRA R S.Honeypot baselining for zero day attack detection[J].International Journal of Information Security and Privacy,2017,11(3):63-74.doi:10.4018/IJISP.2017070106.
[51]ANIRUDH M,THILEEBAN S A,and NALLATHAMBI DJ.Use of honeypots for mitigating Do S attacks targeted on Io T networks[C].International Conference on Computer,Communication and Signal Processing,Chennai,India,2017:1-4.doi:10.1109/ICCCSP.2017.7944057.
[52]李硕,张权.基于蜜罐的CC攻击防护体系[J].信息安全与通信保密,2015(9):99-102.doi:10.3969/j.issn.1009-8054.2015.09.030.LI Shuo and ZHANG Quan.Protection system of CC attack based on honeypot[J].Information Security and Communications Privacy,2015(9):99-102.doi:10.3969/j.issn.1009-8054.2015.09.030.
[53]SARDANA A and JOSHI R.An auto-responsive honeypot architecture for dynamic resource allocation and Qo Sadaptation in DDo S attacked networks[J].Computer Communications,2009,32(12):1384-1399.doi:10.1016/j.comcom.2009.03.005.
[54]SEMBIRING I.Implementation of honeypot to detect and prevent distributed denial of service attack[C].International Conference on Information Technology,Computer,and Electrical Engineering,Semarang,Indonesia,2016:345-350.doi:10.1109/ICITACEE.2016.7892469.
[55]NISRINE M.A security approach for social networks basedon honeypots[C].IEEE International Colloquium on Information Science and Technology,Tangier,Morocco,2016:638-643.doi:10.1109/CIST.2016.7804964.
[56]KEBANDE V R,KARIE N M,and VENTER H S.Ageneric digital forensic readiness model for BYOD using honeypot technology[C].IST-Africa Week Conference,Durban,South Africa,2016:1-12.doi:10.1109/ISTAFRICA.2016.7530590.
[57]邢文娟.基于Android的手机蜜罐研究与设计[D].[硕士论文],中国石油大学(华东),2016.XING Wenjuan.The rsearch and dsign of mbile phone honeypot based on android[D].[Master dissertation],China University of Petroleum(East China),2016.
[58]SERBANESCU A V,OBERMEIER S,and YU D Y.Ascalable honeynet architecture for industrial control systems[C].International Conference on E-Business and Telecommunications,Colmar,France,2015:179-200.doi:10.1007/978-3-319-30222-5_9.
[59]李京京.基于蜜罐技术的ICS威胁感知平台设计与实现[D].[硕士论文],郑州大学,2017.LI Jingjing.Design and implementation of ICS threat perception platform based on honeypot[D].[Master dissertation],Zhengzhou University,2017.
[60]AHMED H M,HASSAN N F,and FAHAD A A.Designing a smartphone honeypot system using performance counters[J].Karbala International Journal of Modern Science,2017,3(1):46-52.doi:10.1016/j.kijoms.2017.02.004.
[61]BALDUZZI M,GUPTA P,GU L,et al.Mobipot:Understanding mobile telephony threats with honeycards[C].The 11th ACM on Asia Conference on Computer and Communications Security,Xi’an,China,2016:723-734.doi:10.1145/2897845.2897890.
[62]贾召鹏,方滨兴,刘潮歌,等.网络欺骗技术综述[J].通信学报,2018,38(12):128-143.doi:10.11959/j.issn.1000-436x.2017281.JIA Zhaopeng,FANG Binxing,LIU Chaoge,et al.Survey on cyber deception[J].Journal on Communications,2018,38(12):128-143.doi:10.11959/j.issn.1000-436x.2017281.