蜜罐
计算机科学
鉴定(生物学)
入侵检测系统
指纹(计算)
网络安全
互联网
计算机安全
操作系统
植物
生物
作者
Yongjian Zhang,Wenjie Liu,Kenan Guo,Yanmei Kang
标识
DOI:10.1109/itnec56291.2023.10082467
摘要
Honeypots-a new active defense technique-can accomplish the goal of identifying security vulnerabilities and extracting attack features by constructing controlled vulnerability traps and deceiving attackers into launching intrusion assaults. Attackers typically use honeypot identification techniques to go around honeypots in order to conceal their attack strategies. In this paper, we proposes a new method for detecting and classifying SSH honeypots based on multi-fingerprinting. Target samples are first classified into suspected honeypots and normal hosts using the Random Forest algorithm, and then suspected honeypots are classified using multi-fingerprint features. This five-element detection model can increase the accuracy of honeypot classification while also cutting down on wasted time. Finally, through experimental measurements and comparative analysis with the other method for identifying honeypot, the method in this paper significantly improves the accuracy of identifying SSH honeypot types. It is also more efficient in classifying and detecting large-scale target IPs for honeypots, and there are a lot of real SSH honeypot IPs that can be found by searching the Internet, which can then be further analyzed to obtain their geographical distribution and survival rate characteristics.
科研通智能强力驱动
Strongly Powered by AbleSci AI