蜜罐技术在僵尸网络(botnet)的防御和检测中扮演着重要的角色.攻击者可能会利用已有的基于蜜罐防御技术的漏洞,即防御者配置蜜罐要担当一定的责任,不允许蜜罐参与真实的攻击,进而构建出可以躲避蜜罐的botnet.针对这一问题,提出了攻击者利用认证sensor组建的蜜罐先知型半分布式P2P botnet,针对此类bother,提出了用高交互性蜜罐和低交互性蜜罐相结合的双重蜜罐检测技术,并与传统蜜罐技术做了比较.理论分析表明,该检测方法能够有效地弥补蜜罐防御技术的漏洞,提高了蜜罐先知型半分布式P2P hornet的检出率.%The honeypot technology plays an important role in detecting and defending botnet. The existing honeypot technologies have a serious vulnerability,that is the defender has the responsibility to prevent honeypot from attacking in configuring.An attacker may make use of the sensor authenticators to build a bornet which can avoid the honeypot. For such botnet, the proposed honeypot-prescient Semi-Distributed P2P botnet has been given. A double-honeypot detection method has been presented,which combines highly interactive honeypot with low-interaction honeypot to detect this botnet, this method has bern analysed compared with traditional honeypot technology. The experiment result shows that the detection method can effectively close the vulnerability of honeypot defense technology,and improve the detection rate of honeypot-prescient Semi-Distributed P2P botnet.
展开▼
