| With the increasing development of cyberspace,the security requirements of cyberspace are getting higher and higher.Under the temptation of huge profits,cyber attack technologies are developing rapidly and abnormally.At the same time,cyber defense technologies appear to be stretched and lack effective technical means Theoretical basis to trace the source of cyber threat events.Based on a new type of honeypot system—accompanying trapping system,this paper studies traceability analysis technology to provide active protection and threat elimination capabilities for cyberspace security.The main content and structure of the article consists of three parts:1)Propose an accompanying trapping systemBased on the active protection concept of honeypot system,an accompanying trapping system is proposed.The system clarifies the concept of accompanying trapping and proposes guidelines for system design.The network topology,honeypot design,business scenario simulation,control center of accompanying trapping,Network traffic diversion and threat elimination have proposed implementation ideas,which have a good guiding role in the realization of the accompanying trapping system.2)Propose a set of accompanying trapping traceability analysis system frameworkIn order to realize the active protection ability of real business systems,a set of accompanying trapping traceability analysis system is proposed.Its value lies in the ability to trace external threats and realize the ability of accompanying trapping systems to eliminate external threats.The system architecture of the accompanying trapping traceability analysis system is designed,and the functional composition is described.Finally,the workflow of the accompanying trapping traceability analysis system is described.3)Develop a set of threat intelligence correlation analysis systemIn order to effectively solve the problems of interruption of traceability clues,limited threat intelligence,and difficulty in reading and comprehension of intelligence information in the process of tracing and tracing external threats,break through the shackles of traceability analysis of APT organizations,and further improve traceability analysis capabilities,and developed a set of threat intelligence correlation analysis system.Constructing a network threat intelligence knowledge graph,proposing four correlation analysis algorithms,and performing correlation analysis on threat behaviors in the system deployment unit,and finally realizing the traceability of the suspected APT organization white elephant,which verifies the active protection of the content of this research in the real cyberspace Effectiveness and practicality of ability. |
PDF Full Text Request