网络欺骗技术综述

贾召鹏; 方滨兴; 刘潮歌; 刘奇旭; 林建宝

doi:10.11959/j.issn.1000-436x.2017281

您当前的位置：

首页 >

文章列表页 >

网络欺骗技术综述

综述 | 更新时间：2024-06-05

- 网络欺骗技术综述
- Survey on cyber deception
- 通信学报 2017年38卷第12期页码：128-143
- 作者机构：
  
  1. 北京邮电大学网络空间安全学院，北京 100876
  2. 中国科学院信息工程研究所，北京 100093
  3. 广州大学网络空间先进技术研究院，广东广州 510006
  4. 电子科技大学广东电子信息工程研究院，广东东莞 523808
  5. 中国科学院大学网络空间安全学院，北京 100049
- 作者简介：
  
  [ "贾召鹏（1988-），男，河北邢台人，北京邮电大学博士生，主要研究方向为网络安全、网络欺骗。" ]
  [ "方滨兴（1960-），男，江西万年人，中国工程院院士，广州大学教授，主要研究方向为计算机体系结构、计算机网络与信息安全。" ]
  [ "刘潮歌（1986-），男，吉林长春人，中国科学院信息工程研究所助理研究员、博士生，主要研究方向为Web安全、网络欺骗、追踪溯源。" ]
  [ "刘奇旭（1984-），男，江苏徐州人，博士，中国科学院信息工程研究所副研究员，中国科学院大学副教授，主要研究方向为网络攻防技术、网络安全评测。" ]
  [ "林建宝（1992-），男，山东威海人，北京邮电大学硕士生，主要研究方向为网络安全、网络欺骗。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0801604);东莞市引进创新科研团队计划基金资助项目(201636000100038);中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室基金资助项目
- DOI：10.11959/j.issn.1000-436x.2017281
  中图分类号： TP393
- 网络出版日期：2017-12，
  
  纸质出版日期：2017-12-25
- 稿件说明：
移动端阅览
贾召鹏, 方滨兴, 刘潮歌, 等. 网络欺骗技术综述[J]. 通信学报, 2017,38(12):128-143.

Zhao-peng JIA, Bin-xing FANG, Chao-ge LIU, et al. Survey on cyber deception[J]. Journal on communications, 2017, 38(12): 128-143.
贾召鹏, 方滨兴, 刘潮歌, 等. 网络欺骗技术综述[J]. 通信学报, 2017,38(12):128-143. DOI： 10.11959/j.issn.1000-436x.2017281.

Zhao-peng JIA, Bin-xing FANG, Chao-ge LIU, et al. Survey on cyber deception[J]. Journal on communications, 2017, 38(12): 128-143. DOI： 10.11959/j.issn.1000-436x.2017281.

摘要

网络攻防不对称是当前网络安全面临的核心问题之一。基于欺骗的防御技术是防御方为改变这种不对称格局而引入的一种新思路，其核心思想是通过干扰攻击者的认知以促使攻击者采取有利于防御方的行动，从而记录攻击者的活动与方法、增加其实施攻击的代价、降低其攻击成功的概率。首先，对网络欺骗进行形式化定义并依据欺骗环境构建方法将其划分为4种。同时，将网络欺骗的发展历程概括为3个阶段，分析各个阶段特点。然后，提出网络欺骗的层次化模型并对已有研究成果进行介绍。最后，对网络欺骗对抗手段进行分析与总结并介绍网络欺骗技术发展趋势。

Abstract

The asymmetric situation of network attacks and defenses is one of the key issues of current network security.Cyber deception was a revolutionary technology introduced by defenders to alter the asymmetric situation.By thwarting an attacker's cognitive processes，defenders can mislead attackers，hence causing them to take specific actions that aid network security defenses.In this way，defenders can log attackers'behavior and method，increase cost for the attackers to launch a successful attack，as well as reduce the probability of an attacker's success.Cyber deception formally and classify cyber deception into four classes was defined.Then，the cyber deceptions’development was divided into three stages，and each stage’s character was decided.Next，a hierarchical model to describe the existing work was proposed.At last，the countermeasures in cyber deception and the development trends in this field was discussed.

关键词

Keywords

references

蔡桂林 , 王宝生 , 王天佐 , 等 . 移动目标防御技术研究进展 [J ] . 计算机研究与发展 , 2016 , 53 ( 5 ): 968 - 987 .

CAI G L , WANG B S , WANG T Z , et al . Research and development of moving target defense technology [J ] . Journal of Computer Research and Development , 2016 , 53 ( 5 ): 375 - 378

ZHUANG R , ZHANG S , DELOACH S A , et al . Simulation-based approaches to studying effectiveness of moving-target network defense [C ] // National Symposium on Moving Target Research . 2012 . 1 - 12

JAJODIA S , SUBRAHMANLAN V S , SWARUP V , et al . Cyber deception [M ] . Springer , 2016 .

CANALI D , BALZAROTTI D . Behind the scenes of online attacks:an analysis of exploitation behaviors on the Web [C ] // 20th Annual Network ＆ Distributed System Security Symposium (NDSS 2013) . 2013 .

JUELS A , RIVEST R L . Honeywords:making password-cracking detectable [C ] // 2013 ACM SIGSAC conference on Computer ＆communications security . 2013 : 145 - 160 .

ARAUJO F , HAMLEN K W , BIEDERMANN S , et al . From patches to honey-patches:Lightweight attacker misdirection,deception,and disinformation [C ] // The 2014 ACM SIGSAC Conference on Computer and Communications Security . 2014 : 942 - 953 .

KAPRAVELOS A , GRIER C , CHACHRA N , et al . Hulk:Eliciting malicious behavior in browser extensions [C ] // The 23rd Usenix Security Symposium . 2014 .

GUPTA P , SRINIVASAN B , BALASUBRAMANIYAN V , et al . Phoneypot:data-driven understanding of telephony threats [C ] // 2015 Network and Distributed System Security(NDSS)Symposium . 2015 .

URIAS V E , STOUT W M , LIN H W . Gathering threat intelligence through computer network deception [C ] // 2016 IEEE Symposium on Technologies for Homeland Security(HST) . 2016 : 1 - 6 .

TAN K L G . Confronting cyberterrorism with cyber deception [D ] . Monterey,California:Naval Postgraduate School , 2003 .

JONES J H J , LASKEY K B . Using Bayesian attack detection models to drive cyber deception [C ] // The Eleventh UAI Conference on Bayesian Modeling Applications Workshop . 2014 : 60 - 69 .

刘宝旭 , 许榕生 . 主动型安全防护措施-陷阱网络的研究与设计 [J ] . 计算机工程 , 2002 , 28 ( 12 ): 9 - 11 .

LIU B X , XU R S . Study and design of the proactive security protecting measure-honeynet [J ] . Computer Engineering , 2002 , 28 ( 12 ): 9 - 11

刘宝旭 , 曹爱娟 , 许榕生 . 陷阱网络技术综述 [J ] . 网络安全技术与应用 , 2003 ,( 01 ): 65 - 69 .

LIU B X , CAO A J , XU R S . Summary of the honeynet technology [J ] . Net Security Technologies And Application , 2003 ,( 01 ): 65 - 69 .

曹爱娟 , 刘宝旭 , 许榕生 . 网络陷阱与诱捕防御技术综述 [J ] . 计算机工程 , 2004 ,( 09 ): 1 - 3 .

CAO A J , LIU B X , XU R S . Summary of the honeynet and entrapment defense technology [J ] . Computer Engineering , 2004 ,( 09 ): 1 - 3 .

程杰仁 , 殷建平 , 刘运 , 等 . 蜜罐及蜜网技术研究进展 [J ] . 计算机研究与发展 , 2008 , 45 ( S1 ): 375 - 378 .

CHENG J R , YIN J P , LIU Y , et al . Advances in the honeypot and honeynet technologies [J ] . Journal of Computer Research and Development , 2008 , 45 ( S1 ): 375 - 378

诸葛建伟 , 唐勇 , 韩心慧 , 等 . 蜜罐技术研究与应用进展 [J ] . 软件学报 , 2013 , 24 ( 04 ): 825 - 842 .

ZHUGE J W , TANG Y , HAN X H , et al . Honeypot technology research and application [J ] . Journal of Software , 2013 , 24 ( 4 ): 825 - 842 .

WHALEY B . Toward a general theory of deception [J ] . The Journal of Strategic Studies , 1982 , 5 ( 1 ): 178 - 192 .

韩枫 . 军事欺骗行为仿真研究 [D ] . 郑州:解放军信息工程大学 , 2006 .

HAN F . Research on emulate of the military deception [D ] . Zhengzhou:Information Engineering University , 2006

YUILL J J . Defensive computer-security deception operations:processes,principles and techniques [D ] . North Carolina:North Carolina State University , 2006 .

ALMESHEKAH M H , SPAFFORD E H . Cyber Security Deception [M ] // Cyber Deception . 2016 : 25 - 52 .

ANTONATOS S , AKRITIDIS P , MARKATOS E P , et al . Defending against hitlist worms using network address space randomization [J ] . Computer Networks , 2007 , 51 ( 12 ): 3471 - 3490 .

AL-SHAER E . Toward network configuration randomization for moving target defense [M ] // Moving Target Defense . 2011 : 153 - 159 .

ROWE N C , DUONG B T , CUSTY E J . Fake honeypots:a defensive tactic for cyberspace [C ] // 2006 IEEE Information Assurance Workshop . 2006 : 223 - 230 .

MURPHY S , MCDONALD T , MILLS R . An application of deception in cyberspace:operating system obfuscation [C ] // 5th International Conference on Information Warfare and Security . 2010 .

SPITZNER L . The honeynet project:trapping the hackers [J ] . IEEE Security＆Privacy , 2003 , 99 ( 2 ): 15 - 23 .

诸葛建伟 , 韩心慧 , 周勇林 , 等 . HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器 [J ] . 通信学报 , 2007 ,( 12 ): 8 - 13 .

ZHUGE J W , HAN X H , ZHOU Y L , et al . HoneyBow:an automated malware collection tool based on the high-interaction honeypot principle [J ] . Journal on Communications , 2007 , 28 ( 12 ): 8 - 13

YUILL J , ZAPPE M , DENNING D , et al . Honeyfiles:deceptive files for intrusion detection [C ] // Information Assurance Workshop . 2004 : 116 - 122 .

COHEN F . A note on the role of deception in information protection [J ] . Computers＆Security , 1998 , 17 ( 6 ): 483 - 506 .

STOLL C P . The cuckoo’s egg:tracing a spy through the maze of computer espionage [M ] . Doubleday . 1989 .

CHESWICK B , . An evening with Berferd in which a cracker is Lured,Endured,and Studied [C ] // The Winter 1992 USENIX Conference . 1992 : 163 - 174 .

KIM G H , SPAFFORD E H . Experiences with tripwire:using integrity checkers for intrusion detection [R ] . Purdue University,Department of Computer Sciences , 1994 .

COHEN F . A mathematical structure of simple defensive network deceptions [J ] . Computers＆Security , 2000 , 19 ( 6 ): 520 - 528 .

SPITZNER L . Honeypots:tracking hackers [M ] . Addison-Wesley Reading , 2003 .

DAGON D , QIN X , GU G , et al . Honeystat:local worm detection using honeypots [C ] // International Workshop on Recent Advances in Intrusion Detection . 2004 : 39 - 58 .

CRANDALL J R , WU S F , CHONG F T . Experiences using minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities [C ] // International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment . 2005 : 32 - 50 .

KREIBICH C , CROWCROFT J . Honeycomb:creating intrusion detection signatures using honeypots [J ] . ACM SIGCOMM computer communication review , 2004 , 34 ( 1 ): 51 - 56 .

SCHRYEN G , . An e-mail honeypot addressing spammers' behavior in collecting and applying addresses [C ] // 6th Annual IEEE Systems,Man and Cypernetics Information Assurance Workshop . 2005 : 37 - 41 .

SCHRYEN G . The impact that placing email addresses on the Internet has on the receipt of spam:an empirical analysis [J ] . Computers ＆Security , 2007 , 26 ( 5 ): 361 - 372 .

WANG Y M , BECK D , JIANG X , et al . Automated Web patrol with strider honeymonkeys [C ] // The 2006 Network and Distributed System Security Symposium . 2006 : 35 - 49 .

BAECHER P , KOETTER M , HOLZ T , et al . The nepenthes platform:An efficient approach to collect malware [C ] // 9th International Symposium on Recent Advances in Intrusion Detection . Hamburg,GERMANY , 2006 . 165 - 184 .

PORTOKALIDIS G , SLOWINSKA A , BOS H . Argos:an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation [C ] // The 2006 EuroSys Conference . 2006 : 15 - 27 .

NEWSOME J , SONG D . Dynamic taint analysis for automatic detection,analysis,and signaturegeneration of exploits on commodity software [C ] // The 12th Annual Network and Distributed System Security Symposium . 2005 .

HOLZ T , RAYNAL F . Detecting honeypots and other suspicious environments [C ] // 6th Annual IEEE Systems,Man and Cypernetics Information Assurance Workshop . 2005 : 29 - 36 .

ROWE N C , CUSTY E J , DUONG B T . Defending cyberspace with fake honeypots [J ] . Journal of Computers , 2007 , 2 ( 2 ): 25 - 36 .

ZHAO Z , LIU F , GONG D . An SDN-based fingerprint hopping method to prevent fingerprinting attacks [J ] . Security and Communication Networks , 2017 .

DISSO J P , JONES K , BAILEY S . A plausible solution to scada security honeypot systems [C ] // 2013 Eighth International Conference on Broadband and Wireless Computing,Communication and Applications(BWCCA) . 2013 : 443 - 448 .

PROVOS N , . Honeyd-a virtual honeypot daemon [C ] // 10th DFN-CERT Workshop . 2003 .

ARTAIL H , SAFA H , SRAJ M , et al . A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks [J ] . Computers＆Security , 2006 , 25 ( 4 ): 274 - 288 .

BORDERS K , FALK L , PRAKASH A . OpenFire:using deception to reduce network attacks [C ] // 3rd International Conference o Security and Privacy in Communication Networks and Workshops . 2007 : 224 - 233 .

RRUSHI J L , . NIC displays to thwart malware attacks mounted from within the OS [C ] // Computers＆Security . 2016 : 6159 - 6171 .

ROBERTSON S , ALEXANDER S , MICALLEF J , et al . CINDAM:customized information networks for deception and attack mitigation [C ] // IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops,Massachusetts Inst Technol . 2015 : 114 - 119 .

WANG K , CHEN X , ZHU Y . Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks [J ] . Plos One , 2017 , 12 ( 5 ):e0177111.

BORDERS K , ZHAO X , PRAKASH A . Siren:catching evasive malware [C ] // 2006 IEEE Symposium on Security and Privacy (S＆P'06) . 2006 .

WHITE J . Creating personally identifiable honeytokens [M ] . Innovations and Advances in Computer Sciences and Engineering.Springer . 2010 : 227 - 232 .

WHITE J , PANDA B . Implementing PII honeytokens to mitigate against the threat of malicous insiders [C ] // 2009 IEEE International Conference on Intelligence and Security Informatics . 2009 :233.

CHAKRAVARTY S , PORTOKALIDIS G , POLYCHRONAKIS M , et al . Detecting traffic snooping in Tor using decoys [C ] // International Workshop on Recent Advances in Intrusion Detection . 2011 : 222 - 241 .

AKIYAMA M , YAGI T , HARIU T , et al . HoneyCirculator:distributing credential honeytoken for introspection of web-based attack cycle [J ] . International Journal of Information Security , 2017 : 1 - 17 .

ZHAO L , MANNAN M . Explicit authentication response considered harmful [C ] // The 2013 New security paradigms workshop(NSPW'13) . 2013 : 77 - 86 .

JOHN J P , YU F , XIE Y , et al . Heat-seeking honeypots:design and experience [C ] // The 20th International Conference on World Wide Web . 2011 : 207 - 216 .

MPHAGO B , BAGWASI O , PHOFUETSILE B , et al . Deception in dynamic Web application honeypots:case of glastopf [C ] // The International Conference on Security and Management (SAM) . 2015 :104.

ISHIKAWA T , SAKURAI K . Parameter manipulation attack prevention and detection by using web application deception proxy [C ] // The 11th International Conference on Ubiquitous Information Management and Communication . 2017 :74.

THOMPSON M , MENDOLLA M , MUGGLER M , et al . Dynamic application rotation environment for moving target defense [C ] // 2016 Resilience Week . 2016 .

VALLI C , RABADIA P , WOODWARD A . Patterns and patter-an investigation into SSH activity using kippo honeypots [C ] // The 11th Australian Digital Forensics Conference . 2013 : 141 - 149 .

HES R , KOMISARCZUK P , STEENSON R , et al . The capture-HPC client architecture [R ] . Technical report,Victoria University of Wellington , 2009 .

NAZARIO J , . PhoneyC:a virtual client honeypot [C ] // The 2nd USENIX Conference on Large-scale Exploits and Emergent Threats:Botnets,Spyware,Worms,and More . 2009 : 1 - 8 .

TAKATA Y , AKIYAMA M , YAGI T , et al . MineSpider:extracting hidden URLs behind evasive drive-by download attacks [J ] . Ieice Transactions on Information＆Systems , 2016 , E99.D ( 4 ): 860 - 872 .

HUTCHINS E M , CLOPPERT M J , AMIN R M . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains [J ] . Leading Issues in Information Warfare＆Security Research , 2011 ,180.

CHEN X , ANDERSEN J , MAO Z M , et al . Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware [C ] // 2008 IEEE International Conference on Dependable Systems＆Networks With FTCS＆DCC . 2008 : 177 - 186 .

DORNSEIF M , HOLZ T , KLEIN C N . Nosebreak-attacking honeynets [C ] // 5th Annual IEEE Information Assurance Workshop . 2004 : 123 - 129 .

FU X , YU W , CHENG D , et al . On recognizing virtual honeypots and countermeasures [C ] // 2nd IEEE International Symposium on Depenable,Autonomic and Secure Computing . 2006 : 211 - 218 .

DEFIBAUGH-CHAVEZ P , VEERAGHATTAM R , KANNAPPA M , et al . Network based detection of virtual environments and low interaction honeypots [C ] // 7th Annual IEEE Information Assurance Workshop . 2006 : 283 - 289 .

KRAWETZ N . Anti-honeypot technology [J ] . IEEE Security＆Privacy , 2004 , 2 ( 1 ): 76 - 79 .

ZOU C C , CUNNINGHAM R . Honeypot-aware advanced botnet construction and maintenance [C ] // International Conference on Dependable Systems and Networks(DSN'06) . 2006 : 199 - 208 .

QUYNH N A , TAKEFUJI Y . Towards an invisible honeypot monitoring system [C ] // 11th Australasian Conference on Information Security and Privacy . Melbourne,AUSTRALIA , 2006 : 111 - 122 .

JIANG X , WANG X . “Out-of-the-box”monitoring of VM-based high-interaction honeypots [C ] // International Workshop on Recent Advances in Intrusion Detection . 2007 : 198 - 218 .

ANTONATOS S , ANAGNOSTAKIS K , MARKATOS E . Honey@home:a new approach to large-scale threat monitoring [C ] // 5th ACM Workshop on Recurring Malcode . 2007 : 38 - 45 .

石乐义 , 李婕 , 刘昕 , 等 . 基于动态阵列蜜罐的协同网络防御策略研究 [J ] . 通信学报 , 2012 ,( 11 ): 159 - 164 .

SHI L Y , LI J , LIU X , et al . Research on dynamic array honeypot for collaborative network defense strategy [J ] . Journal on Communications , 2012 , 33 ( 11 ): 159 - 164 .

郭军权 , 诸葛建伟 , 孙东红 , 等 . Spampot:基于分布式蜜罐的垃圾邮件捕获系统 [J ] . 计算机研究与发展 , 2014 , 51 ( 5 ): 1071 - 1080 .

GUO J Q , ZHUGE J W , SUN D H , et al . Spampot:a spam CAPTURE system based on distributed honeypot [J ] . Journal of Computer Research＆Development , 2014 , 51 ( 5 ): 1071 - 1080

WANG C Y , JHAO Y L , WANG C S , et al . The bilateral communication-based dynamic extensible honeypot [C ] // 49th Annual International Carnahan Conference on Security Technology (ICCST) . 2015 : 263 - 268 .

浏览量

3994

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于对比学习的图神经网络后门攻击防御方法

物联网安全研究综述：威胁、检测与防御

基于对抗样本的网络欺骗流量生成方法

基于多阶段网络欺骗博弈的主动防御研究

云计算中基于SAPA的DoS攻击防御方法