CHoney:一个面向Cisco路由器攻击捕获的新型蜜罐

doi:10.13190/j.jbupt.2015.05.008

北京邮电大学学报 ›› 2015, Vol. 38 ›› Issue (5): 47-53.doi: 10.13190/j.jbupt.2015.05.008

CHoney:一个面向Cisco路由器攻击捕获的新型蜜罐

刘胜利, 彭飞, 武东英, 邹睿, 肖达

信息工程大学数学工程与先进计算国家重点实验室, 郑州 450000

收稿日期:2015-01-14 出版日期:2015-10-28 发布日期:2015-10-28
作者简介:刘胜利(1973—),男,副教授;彭飞(1989—),男,硕士生,E-mail:pengdaxian1011@126.com.
基金资助:
国家科技支撑计划基金项目(2012BAH47B01);上海市科研计划项目(13DZ1108800);国家自然科学基金项目(61271252)

CHoney: a New Honeypot for Capturing Attacks Against Cisco Routers

LIU Sheng-li, PENG Fei, WU Dong-ying, ZOU Rui, XIAO Da

State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou 450000, China

Received:2015-01-14 Online:2015-10-28 Published:2015-10-28

摘要/Abstract

摘要：

从提升网络安全性的目的出发,设计实现了一个Cisco路由器蜜罐CHoney,用于检测针对Cisco路由器的攻击. CHoney使用函数监控和数据追踪等方法来收集攻击者的信息,并根据攻击者不同的敏感操作分别设定报警规则. 经过实验测试发现,CHoney可以及时捕获针对Cisco路由器的攻击,并支持对攻击过程的分析和攻击代码的提取. 实验结果表明,CHoney对于Cisco路由器的攻击检测是有效的,可以有效的提升网络的安全性.

关键词: Cisco路由器, 蜜罐, 网络安全, 攻击检测, CHoney

Abstract:

For purpose of improving cyber security, a honeypot named CHoney used to detect attacks against Cisco routers was designed and implemented. CHoney uses function monitoring and data tracking to collect information about attackers. It sets up alarm rules based on different sensitive operations of attackers. Experiment shows that CHoney can promptly capture attacks against Cisco routers, support analysis of attack process and extraction of attack code. CHoney is effective in detecting the attacks against cisco routers, and improves the cyber security through experiment.

Key words: cisco router, honeypot, cyper security, attack detection, CHoney

中图分类号:

TP309.08

刘胜利, 彭飞, 武东英, 邹睿, 肖达. CHoney:一个面向Cisco路由器攻击捕获的新型蜜罐[J]. 北京邮电大学学报, 2015, 38(5): 47-53.

LIU Sheng-li, PENG Fei, WU Dong-ying, ZOU Rui, XIAO Da. CHoney: a New Honeypot for Capturing Attacks Against Cisco Routers[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(5): 47-53.

参考文献

[1] IDC. IDC's worldwide quarterly ethernet switch and router tracker shows record ethernet switch market size, weaker router market[EB/OL]. (2014-12-03)[2015-01-10].http://www.idc.com/getdoc.jsp?containerId=prUS25266314.

[2] Linder F. Design and Software Vulnerability in Embedded System[EB/OL]. (2003-04-25)[2014-08-19]https://www.blackhat.com/presentations/bh-usa-03/bh-Fed-03-fx.pdf.

[3] Lynn M. The holy grail: Cisco IOS shellcode and exploitation techn iques[EB/OL]. (2005)http://cryptome.org/lynn-cisco.pdf.

[4] Muniz S, Ortega A. Fuzzing and debugging Cisco IOS[EB/OL]. (2005-11-12)[2014-10-14]. http://www.pdfpedia.com/download/13758/fuzzing-and-debugging-cisoc-ios-blackhat-europe-2011-pdf.html.

[5] Li F, Zhang L, Chen D. Vulnerability mining of Cisco router based on fuzzing[C]//2^nd International Conference on Systems and Informatics (ICSAI), 2014 IEEE. Shanghai:IEEE Press, 2014: 649-653.

[6] Nakibly G, Sosnovich A, Menahem E, et al. OSPF vulnerability to persistent poisoning attacks: a systematic analysis[C]//Proceedings of the 30^th Annual Computer Security Applications Conference. 2014 ACM. New York:ACM Press 2014: 336-345.

[7] Linder F. Developments in Cisco IOS forensics [EB/OL]. (2009-08-14)[2013-03-10].http://www. blackhat.com/presentions/bn-usa-08/Linder/BH_US_08_Linder_Developments_in_IOS_Froensics.pdf.

[8] 陈立根,刘胜利,高翔等. 一种基于动态污点分析的Cisco IOS漏洞攻击检测方法[J]. 小型微型计算机系统,2014,35(08):1798-1802.

[9] Kaushik P, Jain A. DroidCheck: android malware detection by behavioral techniques and honeypot[J]. International Journal of Computer Science and Mobile Computing(IJCSMC), 2015, 4(4):829-834.

[10] 诸葛建伟, 韩心慧, 周勇林,等. HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器[J]. 通信学报, 2007, 28(12):8-13.

[11] Levchenko K, Pitsillidis A, Chachra N, et al. Click trajectories: End-to-end analysis of the spam value chain[C]//2011 IEEE Symposium on Security and Privacy (SP). 2011 IEEE. Berkeley: IEEE Press, 2011: 431-446.

[12] Mohammed M, Chan H A, Ventura N, et al. An automated signature generation approach for polymorphic worms using principal component analysis[J]. Int'l Journal for Information Security Research (IJISR), 2011, 1(1): 45-52.

[13] Dynamips project[EB/OL]. 2007. http://www.ip flow.utc.fr/index.php/Cisco_7200_Simulator.

[14] Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[EB/OL]. 2005. http://web.eecs.umich edu/~mahlke/courses/583f12/reading/newsome-ndss05.pdf.

[15] Guilfanov I. IDA fast library identification and recognition technology(FLIRT technology): in-depth[EB/OL]. (2012-02-27)[2012-03-11]. http://www.hex-rays,com/products/ida/tech/flirt/in_depth.shtml, 2012.

[16] Erdélyi G. IDAPython: User scripting for a complex application[D]. EVTEK:University of Applied Sciences, 2008.

CHoney:一个面向Cisco路由器攻击捕获的新型蜜罐

CHoney: a New Honeypot for Capturing Attacks Against Cisco Routers

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	石子成, 李新, 唐颖, 黄善国. 基于全光模式匹配的光包过滤系统[J]. 北京邮电大学学报, 2022, 45(3): 96-101.
[2]	杨宏宇, 袁海航, 张良. 一种基于主机重要度的网络主机节点风险评估方法[J]. 北京邮电大学学报, 2022, 45(2): 16-21.
[3]	唐宏伟, 冯圣中, 赵晓芳. TOChain:一种高性能虚拟网络安全服务功能链[J]. 北京邮电大学学报, 2018, 41(1): 70-80.
[4]	李旭, 鲍京京, 刘颖. 编队通信安全中的黑洞问题[J]. 北京邮电大学学报, 2016, 39(1): 12-17.
[5]	白媛, 王倩, 贾其兰, 张会兵. 一种高效安全的EPS AKA协议[J]. 北京邮电大学学报, 2015, 38(s1): 10-14.
[6]	刘敬, 谷利泽, 钮心忻, 杨义先, 李忠献. 基于神经网络和遗传算法的网络安全事件分析方法[J]. 北京邮电大学学报, 2015, 38(2): 50-54.
[7]	付钰, 陈永强, 吴晓平, 宋衍. 基于随机博弈模型的网络攻防策略选取[J]. 北京邮电大学学报, 2014, 37(s1): 35-39.
[8]	陈永强, 吴晓平, 付钰, 宋衍. 基于随机博弈与网络熵的网络安全性评估[J]. 北京邮电大学学报, 2014, 37(s1): 92-96.
[9]	钟尚勤徐国胜姚文斌杨义先. 基于主机安全组划分的网络安全性分析 [J]. 北京邮电大学学报, 2012, 35(1): 19-23.
[10]	龙门,夏靖波,张子阳,郭戎潇. 节点相关的隐马尔可夫模型的网络安全评估[J]. 北京邮电大学学报, 2010, 33(6): 121-124.
[11]	秦华旺戴跃伟王执铨. 入侵容忍系统的安全态势评估[J]. 北京邮电大学学报, 2009, 32(2): 57-61.
[12]	陈天平乔向东郑连清. 图论在网络安全威胁态势分析中的应用[J]. 北京邮电大学学报, 2009, 32(1): 113-117.
[13]	辛阳1, 高雪松2, 高程1, 杨义先1. 改进安全套接层协议性能的安全系统设计[J]. 北京邮电大学学报, 2007, 30(6): 89-93.
[14]	王平，方滨兴，云晓春. 基于分割的蠕虫传播抑制方法研究[J]. 北京邮电大学学报, 2006, 29(5): 24-27.
[15]	杨武, 方滨兴, 云晓春, 张宏莉, 胡铭曾. 一种高性能分布式入侵检测系统的研究与实现[J]. 北京邮电大学学报, 2004, 27(4): 83-86.