Nothing Special   »   [go: up one dir, main page]

CN108521426B - Array honeypot cooperative control method based on block chain - Google Patents

Array honeypot cooperative control method based on block chain Download PDF

Info

Publication number
CN108521426B
CN108521426B CN201810329244.2A CN201810329244A CN108521426B CN 108521426 B CN108521426 B CN 108521426B CN 201810329244 A CN201810329244 A CN 201810329244A CN 108521426 B CN108521426 B CN 108521426B
Authority
CN
China
Prior art keywords
host
array
honeypot
block chain
mining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810329244.2A
Other languages
Chinese (zh)
Other versions
CN108521426A (en
Inventor
石乐义
李阳
刘天旭
李晓雨
刘娜
崔雯迪
刘佳
朱红强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China University of Petroleum East China
Original Assignee
China University of Petroleum East China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China University of Petroleum East China filed Critical China University of Petroleum East China
Priority to CN201810329244.2A priority Critical patent/CN108521426B/en
Publication of CN108521426A publication Critical patent/CN108521426A/en
Application granted granted Critical
Publication of CN108521426B publication Critical patent/CN108521426B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to an array honeypot cooperative control method based on a block chain. Starting from a P2P networking model, a topological structure consistent with an Etherhouse platform is constructed, and communication between the two is realized through a web 3J. Each host in the array executes mining, the host acquiring the accounting right can act as a honeypot service transformation task in a certain period of time, transformation information is sent through an encryption mechanism, and other hosts receive and execute corresponding transformation instructions. Furthermore, the external port request access data is stored in the block chain by using the information non-tamper property of the block chain, and is used for digital evidence obtaining of attack performed by an attacker. The method ensures the cooperative operation of the array honeypot host cluster, thereby luring attackers by using the dynamically transformed true and false service and realizing the purpose of network security active defense.

Description

Array honeypot cooperative control method based on block chain
Technical Field
The invention relates to a decentralized method of a network active defense system, in particular to a block chain-based array honeypot cooperative control method, which starts from a P2P networking model of a block chain and realizes distributed cooperative operation of an array trap honeypot host, and belongs to the technical field of network security.
Background
In network attack and defense countermeasures in the information age, a defense party adopts various strategies to protect a system, wherein the honeypot technology with the decoy property is more active compared with the traditional defense measures, and the goal of consuming attacks is achieved by constructing false bugs, services, resources and the like to lure attackers, so that a real system is protected. However, static honeypots are very noticeable to the adversary, thereby keeping the adversary away from the trap and attacking the protected system. Therefore, enhancing honeypot dynamics contributes to the enhancement of anti-recognition capability.
By constructing the honeypot system with array transformation, dynamic trapping attack is realized, real service resources are dynamically protected, the dynamic transformation strategy of the system improves the confusion degree of attackers, so that the attackers cannot distinguish honeypots from real systems in the array system which is true and false even at a certain time t0The adversary realizes the identification of a certain host in the honeypot system, and due to the existence of a dynamic transformation mechanism (true false, false true), the attack identification will be carried out at the next moment t1Become a protective identification of the honeypot system, i.e. the attacker will be at t1Time of day is bypassed at t0The host of the honeypot service is identified at the moment, and the host is converted into the real service at the moment, so that the aim of protecting the real service is fulfilled.
Aiming at the distributed characteristics of the array honeypot system, the cooperative operation of all internal hosts needs to be ensured, and the automatic operation is realized. However, the traditional centralized mechanism provides central control by a specific host, determines a specific conversion scheme at a certain time, and the other hosts receive and execute the central host conversion command in the slave role. Under the centralized control mechanism, if a specific central server is down, the whole array honeypot system is paralyzed, and great loss is caused to a defensive party.
Disclosure of Invention
In order to avoid destructive consequences caused by a central control mechanism, ensure the normal operation of the system and improve the robustness of the system, the invention adopts a decentralized cooperative control mechanism based on a block chain to realize the automatic operation of each host in the array honeypot system, and under the mechanism, even if a certain server fails, the overall operation state of the system cannot be influenced. The intelligent contract in the block chain is deployed in a private chain formed by a plurality of array hosts, and the automatic instruction execution target without central control, which accords with the business logic of the array honeypot system, is achieved through the code on the chain, namely the decentralized cooperative control mechanism of the array host cluster.
In order to achieve the above purpose, the proposed array honeypot cooperative control method based on the block chain mainly comprises the following steps:
(1) under an Ether shop platform, a creating block file is utilized to build a private chain formed by n hosts in honey pots in an array, namely, priChain ═ host0,host2,…,hostn-1};
(2) In n hosts, a distributed dynamic array honeypot system with an active defense function is constructed, namely honAlrray { sys }0,sys2,…,sysn-1};
(3) Deploying an intelligent contract which accords with the decentralized business logic of the array honeypot system on the priChain;
(4) creating Etherhouse account ═ { ac0,ac2,…,acn-1Executing ore digging;
(5) account ac for mining successiCorresponding service hostiBy the other n-1 hosts host in the private chain of the array honeypotjVerifying authenticity of the product, wherein j is not equal to i;
(6) honeypot host for actual successful ore excavationiSystem sys for realizing honeypot array through Ether house platform interfaceiThe information transmission of (2);
(7) array honeypot system host receiving mining success instructioniThe method is responsible for converting service specific information distribution tasks in the future T time period;
(8) after a period of time T, a new round of mining is performed, selecting a host different from the hostiOther host with accounting rightiWherein j ≠ i, executes oneAnd the secondary circulation is used for implementing the service transformation and distribution tasks of each host of the array honeypot.
The method further comprises the steps that before a private chain is built by utilizing the created file, data adjustment needs to be carried out on the JSON type file, namely, internal difficulty (difficulty value) parameters are modified, and the mining time interval T is within a reasonable range through adjustment of the difficulty value, so that the transformation period of the internal service host of the array honeypot system is in the best defense stage.
The invention further adopts the technical scheme that when a distributed array honeypot system is constructed, a peer-to-peer P2P network architecture between nodes is established, and the architecture ensures the role equality of all hosts in the array, namely, each host not only serves as a communication server, but also serves as a communication client, and realizes peer-to-peer intercommunication of a topological structure with an Ethernet platform.
The further technical scheme of the invention is that the method also comprises the steps of sending a transformation instruction to other array hosts in the successfully mined honey pot system host, ensuring the information confidentiality by utilizing an RSA asymmetric encryption mechanism, implementing RSA encryption by an instruction sender, transmitting encrypted ciphertext data, implementing RSA decryption by an instruction receiver, acquiring readable plaintext information of a specific transformation instruction, preventing data from being stolen and utilized in the communication process, recording information of specific service access time, ports and the like by the successfully mined honey pot system host, storing the information into a private chain by utilizing a web3J interface, and taking the access record data as digital evidence for an attacker to initiate attack due to the fact that the data in the chain can not be tampered so as to provide system defense guarantee in legal meaning.
Compared with a cooperative mechanism under the traditional central centralized control, the method and the system have the advantages that the decentralized operation of the array honeypot system is realized by using the block chain technology, each host realizes the automatic execution of contracts through codes on the chain, the central control is not needed, and the normal operation state of the system cannot be influenced by the fault of any node. Meanwhile, the change duration is in an optimal defense period by adjusting the difficulty value, and the attack can be effectively resisted. In addition, the encryption technology is utilized to ensure that sensitive data in the communication process is prevented from being stolen.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the present invention is further described below with reference to the accompanying drawings and specific embodiments:
FIG. 1 is a schematic diagram of array honeypot cooperative control of an array honeypot cooperative control method based on a block chain, which is disclosed by the invention;
FIG. 2 is a flow chart of a single instruction transformation method of the block chain-based array honeypot cooperative control method disclosed by the invention.
Detailed Description
In order to make the objects, techniques and advantages of the present invention more apparent, the present invention will be described in detail and fully hereinafter with reference to the accompanying drawings.
Step (1): under an Ether shop platform, a creating block file is utilized to build a private chain formed by n hosts in honey pots in an array, namely, priChain ═ host0,host2,…,hostn-1}。
In the step (1), a private chain is built by utilizing the created file, and data adjustment needs to be carried out on the JSON type file, namely, an internal difficulty parameter is modified. By adjusting the difficulty value, the mining time interval T is within a reasonable range, so that the transformation period of the internal service host of the array honeypot system is in the best defense stage.
Step (2): in n hosts, a distributed dynamic array honeypot system with an active defense function is constructed, namely honAlrray { sys }0,sys2,…,sysn-1}。
In the step (2), in order to ensure consistency between the honeypot system and the block chain distribution structure, a peer-to-peer P2P network architecture between nodes is established, and the architecture ensures role equality of all hosts in the array, that is, each host serves as both a communication server and a communication client, and realizes peer-to-peer intercommunication of the topology structure with the ethernet platform.
And (3): and deploying an intelligent contract which accords with the decentralized business logic of the array honeypot system on the priChain.
The intelligent contract in the step (3) needs to meet the actual service requirement of the honeypot system, and the automatically executed chain code is realized.
And (4): creating Etherhouse account ═ { ac0,ac2,…,acn-1And fourthly, performing ore excavation.
The Ether house accounts in the step (4) are created according to the corresponding nodes, and under the array honey pot system, one host ore digging node corresponds to one Ether house ore digging account, so that the application requirements can be met.
And (5): account ac for mining successiCorresponding service hostiBy the other n-1 hosts host in the private chain of the array honeypotjIt is verified for authenticity, where j ≠ i.
And (6): honeypot host for actual successful ore excavationiSystem sys for realizing honeypot array through Ether house platform interfaceiThe information transmission of (2).
In the step (6), in the process of sending the transformation instructions to other array hosts in the successfully mined honey pot system host, the RSA asymmetric encryption mechanism is used for ensuring the information confidentiality, the instruction sender implements RSA encryption and transmits encrypted ciphertext data, and the instruction receiver implements RSA decryption to obtain readable plaintext information of the specific transformation instructions, so that the data in the communication process is prevented from being stolen and utilized. The successful mining honeypot system host also records information such as specific service access time and port, and stores the information into a private chain by using a web3J interface, and due to the non-tamper property of data in the chain, the access record data can be used as digital evidence for an attacker to launch attack, thereby providing system defense guarantee in legal meaning.
And (7): array honeypot system host receiving mining success instructioniAnd the method is responsible for transforming the service specific information distribution task in the future T time period.
And (8): after a period of time T, a new round of mining is performed, selecting a host different from the hostiOther host with accounting rightiAnd j ≠ i, executing a cycle, and executing the service transformation and distribution tasks of each host of the array honeypot.
And (8) after the single ore excavation period is finished, entering the next round of circulation, continuing to select the accounting right host, selecting a new host to serve as a cooperative control task in the new period, and generating and sending the specific conversion information.
The basic steps of the array honeypot cooperative control method based on the block chain are described in detail above. According to the array honey pot cooperative control method under the scheme, a P2P array honey pot system network architecture is constructed, an Ethernet workshop platform is used for executing mining operation, a bookkeeping right host in a period interval is obtained, generation of a conversion information instruction is executed, and other hosts receive the instruction to perform actual service conversion, so that cooperative control of all honey pot service hosts in an array is achieved. The combination of the block chain Ether workshop platform and the honey pot system aims to ensure the normal operation of the internal service host cluster of the array honey pot system.

Claims (4)

1. An array honeypot cooperative control method based on a block chain is characterized by comprising the following steps:
(1) under an Ether shop platform, a creating block file is utilized to build a private chain formed by n hosts in honey pots in an array, namely, priChain ═ host0,host2,…,hostn-1In which host0Denotes the 0 th host, host2Indicating host 2n-1Represents the n-1 st host computer;
(2) in n hosts, an array honeypot system with an active defense function is constructed, namely honArray { sys0,sys2,…,sysn-1Wherein sys0Represents a single honeypot system, sys, deployed by the 0 th host2Represents a single honeypot system, sys, deployed by a 2 nd hostn-1Representing a single honeypot system deployed by the (n-1) th host;
(3) deploying an intelligent contract which accords with the decentralized business logic of the array honeypot system on the priChain;
(4) creating Etherhouse account ═ { ac0,ac2,…,acn-1Where ac is0To representEther house account, ac, of host computer 02Etherhouse account, ac representing host 2n-1Representing an Ether house account for the (n-1) th host, each host performing a mine excavation;
(5) account ac for mining successiCorresponding service hostiBy the other n-1 hosts host in the private chain of the array honeypotjVerifying authenticity of the product, wherein j is not equal to i;
(6) array honeypot system host receiving mining success instructioniThe method is responsible for changing specific service information distribution tasks in the mining time interval T, and realizes the sys of the array honeypot system through the Ether workshop platform interfaceiThe information transmission of (2);
(7) after a period of time T, a new round of mining is performed, selecting a host different from the hostiOther host with accounting rightjAnd j ≠ i, executing the loop steps from (5) to (7) and executing the service transformation distribution task of each host of the array honeypot.
2. The method as claimed in claim 1, wherein before building the private chain by using the founder file, a JSON type lightweight data exchange file containing block chain initialization information needs to be subjected to data adjustment, that is, an internal difficulty parameter is modified, and the mining interval T is within a reasonable range by adjusting the difficulty value, so that a transformation cycle of an internal service host of the array honeypot system is in a defense optimal stage.
3. The method as claimed in claim 1 or 2, wherein the method comprises establishing a peer-to-peer P2P network architecture between nodes when constructing the array honeypot system, the architecture ensuring the role equality of all hosts within the array, that is, each host acts as both a communication server and a communication client to realize topology peer-to-peer interworking with the ethernet platform.
4. The array honeypot cooperative control method based on the block chain as claimed in claim 3, comprising the steps of sending a transformation instruction to other array hosts in a honeypot system host which succeeds in mining, ensuring information confidentiality by using an RSA asymmetric encryption mechanism, implementing RSA encryption by an instruction sender, transmitting encrypted ciphertext data, implementing RSA decryption by an instruction receiver, obtaining readable plaintext information of a specific transformation instruction, recording specific service access time and port information by the honeypot system host which succeeds in mining, storing the information into a private chain by using a web3J interface, and taking the access record data as digital evidence of attack initiated by an attacker due to non-tamper-property of data in the chain.
CN201810329244.2A 2018-04-13 2018-04-13 Array honeypot cooperative control method based on block chain Active CN108521426B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810329244.2A CN108521426B (en) 2018-04-13 2018-04-13 Array honeypot cooperative control method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810329244.2A CN108521426B (en) 2018-04-13 2018-04-13 Array honeypot cooperative control method based on block chain

Publications (2)

Publication Number Publication Date
CN108521426A CN108521426A (en) 2018-09-11
CN108521426B true CN108521426B (en) 2020-09-01

Family

ID=63432514

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810329244.2A Active CN108521426B (en) 2018-04-13 2018-04-13 Array honeypot cooperative control method based on block chain

Country Status (1)

Country Link
CN (1) CN108521426B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109493027A (en) * 2018-11-19 2019-03-19 众安信息技术服务有限公司 A kind of method and device realized across chain transactional operation
CN109472162B (en) * 2018-11-21 2022-03-08 北京齐乐无穷文化科技有限公司 Block chain encryption and decryption method based on game software
CN110324313B (en) * 2019-05-23 2022-12-13 平安科技(深圳)有限公司 Honeypot system-based malicious user identification method and related equipment
CN110650128B (en) * 2019-09-17 2020-09-11 西安电子科技大学 System and method for detecting digital currency stealing attack of Etheng
CN113098835A (en) * 2020-01-08 2021-07-09 北京奇虎科技有限公司 Honeypot implementation method based on block chain, honeypot client and honeypot system
CN111683084B (en) * 2020-06-05 2022-05-10 广州大学 Intelligent contract intrusion detection method and device, terminal equipment and storage medium
CN111800407B (en) * 2020-06-30 2022-12-02 京东科技信息技术有限公司 Network attack defense method and device, electronic equipment and storage medium
CN111953671B (en) * 2020-07-31 2022-08-26 中国工商银行股份有限公司 Dynamic honey net data processing method and system based on block chain
CN111835872B (en) * 2020-09-14 2020-12-01 江苏开博科技有限公司 Method for realizing decentralized distributed process daemon based on ad hoc network technology
CN114218809B (en) * 2021-12-29 2022-06-03 中国科学技术大学 Automatic and formal protocol modeling method and system for Ether house intelligent contract
CN116931844B (en) * 2023-09-18 2024-02-23 北京云尚汇信息技术有限责任公司 Data storage method and device based on multi-block subchain in block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106951307A (en) * 2017-03-06 2017-07-14 钱德君 A kind of intelligent contract virtual machine realization method
CN107103098A (en) * 2017-05-12 2017-08-29 曾建伟 A kind of block chain net type database comprising intelligent contract and method of work
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107819749A (en) * 2017-10-26 2018-03-20 平安科技(深圳)有限公司 Block catenary system and transaction data processing method based on ether mill

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2980002A1 (en) * 2015-03-20 2016-09-29 Rivetz Corp. Automated attestation of device integrity using the block chain
US9960920B2 (en) * 2016-01-26 2018-05-01 Stampery Inc. Systems and methods for certification of data units and/or certification verification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106951307A (en) * 2017-03-06 2017-07-14 钱德君 A kind of intelligent contract virtual machine realization method
CN107103098A (en) * 2017-05-12 2017-08-29 曾建伟 A kind of block chain net type database comprising intelligent contract and method of work
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107819749A (en) * 2017-10-26 2018-03-20 平安科技(深圳)有限公司 Block catenary system and transaction data processing method based on ether mill

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
分布式蜜罐系统的设计与实现;肖军粥,刘广祎;《计算机工程与设计》;20071203;全文 *
基于动态阵列蜜罐的协同式网络防御研究;李婕;《万方》;20120731;全文 *
基于区块链技术的网络DDoS联合防御方法研究;陈旭;《网络安全技术与应用》;20171205;全文 *
基于区块链的应用系统开发方法研究;蔡维德,郁莲;《软件学报》;20170705;全文 *
蜜罐先知型半分布式P2P Botnet的构建及检测方法;谢静,谭良;《计算机工程与应用》;20111231;全文 *

Also Published As

Publication number Publication date
CN108521426A (en) 2018-09-11

Similar Documents

Publication Publication Date Title
CN108521426B (en) Array honeypot cooperative control method based on block chain
CN109450856B (en) Block chain-based data link information flow control system and method
CN109241087B (en) Data processing method and terminal of alliance chain
US11190525B2 (en) Blockchain system and permission management method thereof
CN110580414A (en) private data query method and device based on block chain account
CN109525397B (en) Block chain and method for SDN network flow rule security guarantee
CN113407977B (en) Cross-chain extension method and system based on aggregated signature
CN110430235B (en) Method, apparatus, storage medium and computing device for cross-chain transmission of authenticatable messages
CN103561004A (en) Cooperative type active defense system based on honey nets
CN108429762B (en) Dynamic honeypot defense method based on service role transformation
CN110580411A (en) permission query configuration method and device based on intelligent contract
CN115550078B (en) Method and system for fusing scheduling and response of dynamic resource pool
CN114826766B (en) Block chain cross-chain based security verifiable service providing method and system
Urmila et al. A comparitive study of blockchain applications for enhancing internet of things security
US9202038B1 (en) Risk based authentication
Sinha et al. Blockchain-based communication and data security framework for IoT-enabled micro solar inverters
CN114071462B (en) Unmanned aerial vehicle group satellite navigation defense decoy method
CN117478302B (en) Block chain-based privacy node identity verification method and device
CN103648092B (en) The two-layer Sensor Network Skyline inquiry systems and method of secret protection
CN114465730A (en) Internet of things equipment mutual authentication method and device based on block chain technology
Kant et al. Blockchain–A Deployment Mechanism for IoT Based Security
CN115883646A (en) Cross-chaining method, system, storage medium and server
Hopper Protecting Tor from botnet abuse in the long term
Feng et al. Security analysis of block withholding attacks in blockchain
US20220021690A1 (en) Method and apparatus for attesting physical attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant