蜜罐
网络数据包
计算机科学
异常检测
集合(抽象数据类型)
入侵检测系统
构造(python库)
异常(物理)
网络安全
计算机网络
数据挖掘
实时计算
凝聚态物理
物理
程序设计语言
作者
Xingyu Chen,Bin Lu,Rongbo Sun,Mengjia Jiang
标识
DOI:10.1145/3592307.3592325
摘要
Honeypot detection is a popular technology in the current cyber security, which can be used to check the disguise and protection level of deployed honeypots. To address the problem of low detection accuracy of existing honeypot detection techniques, this paper proposes a honeypot detection method based on the differences of anomalous requests’ response. The method uses the anomalous request packet construction method designed in this paper to construct anomalous request packets, and sends the constructed anomalous request packets to the identity-known devices to collect the responses. Combined with the responses analysis method designed in this paper, the responses are analyzed in terms of similarity in both content and structure dimensions, which enables the evaluation of anomalous request packets in turn, and the selection of those that can consistently trigger a differential response from the honeypots to form a probing packets set based on anomaly. A deep learning model aiming at honeypot detection is designed using the responses of the identity-known devices in response to the probing packets set based on anomaly. The model and the responses of the nodes to detect to the probing packets set based on anomaly are used to detect honeypots. Experiment shows that the method is able to detect the nodes to detect with an accuracy of 96.4%.
科研通智能强力驱动
Strongly Powered by AbleSci AI