[go: up one dir, main page]

CN115348105A - Honeynet-based verification method, device, storage medium and equipment - Google Patents

Honeynet-based verification method, device, storage medium and equipment Download PDF

Info

Publication number
CN115348105A
CN115348105A CN202211049360.1A CN202211049360A CN115348105A CN 115348105 A CN115348105 A CN 115348105A CN 202211049360 A CN202211049360 A CN 202211049360A CN 115348105 A CN115348105 A CN 115348105A
Authority
CN
China
Prior art keywords
user
user information
honeynet
result
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211049360.1A
Other languages
Chinese (zh)
Inventor
李月婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202211049360.1A priority Critical patent/CN115348105A/en
Publication of CN115348105A publication Critical patent/CN115348105A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a verification method, a verification device, a storage medium and verification equipment based on a honey net, which can be applied to the field of network security, wherein when a transaction request sent by a user is received, the honey net is used for identifying the transaction request to obtain an identification result, and whether the identification result is an abnormal result is judged; if the identification result is not an abnormal result, acquiring the identity information of the user from the information base, and verifying the user information by using the identity information; when the user information passes the verification, performing auxiliary authentication on the user information by using an auxiliary authentication mode; when the user information passes the auxiliary authentication, the corresponding transaction is completed according to the transaction request, compared with the prior art, the user information is verified again by using an auxiliary authentication mode, the user information is prevented from being stolen by a third party, and the safety of a service system is improved.

Description

基于蜜网的校验方法、装置、存储介质及设备Honeynet-based verification method, device, storage medium and equipment

技术领域technical field

本申请涉及网络安全领域,尤其涉及一种基于蜜网的校验方法、装置、存储介质及设备。The present application relates to the field of network security, in particular to a honeynet-based verification method, device, storage medium and equipment.

背景技术Background technique

银行产品受众范围广泛,不同群体的系统部署存在较大的差异,例如银行内部和受众群体网络的差异,在不同网络之间传输数据极易受到黑客的攻击,因此对网络安全的防御显得尤为重要。Banking products have a wide range of audiences, and there are large differences in the deployment of different groups of systems, such as differences within the bank and the audience network. Data transmitted between different networks is extremely vulnerable to hacker attacks, so the defense of network security is particularly important .

目前,通过用户输入有效的用户信息,对用户的信息进行校验,检验通过则生成会话标识符(SessionID),再对SessionID进行校验,若校验通过用户则可以进入业务系统,只要SessionID有效,用户可以不用重复输入密码就能进入其他业务系统。At present, the user enters valid user information to verify the user's information. If the verification passes, a session identifier (SessionID) is generated, and then the SessionID is verified. If the verification passes, the user can enter the business system, as long as the SessionID is valid. , users can enter other business systems without repeatedly entering passwords.

由于只对用户输入的用户信息进行校验,用户一旦泄露了信息,将会导致用户身份被第三方冒用而登录各个业务系统进行非法操作的风险。Since only the user information entered by the user is verified, once the user leaks the information, there will be a risk that the user identity will be fraudulently used by a third party to log in to various business systems for illegal operations.

发明内容Contents of the invention

本申请提供了一种基于蜜网的校验方法、装置、存储介质及设备,目的在于避免用户信息被第三方盗用,提高业务系统的安全性。The present application provides a honeynet-based verification method, device, storage medium and equipment, with the purpose of preventing user information from being embezzled by a third party and improving the security of a business system.

为了实现上述目的,本申请提供了以下技术方案:In order to achieve the above object, the application provides the following technical solutions:

一种基于蜜网的校验方法,包括:A verification method based on a honeynet, comprising:

当接收到用户发送的交易请求时,利用蜜网对所述交易请求进行识别,得到识别结果,并判断所述识别结果是否为异常结果;其中,所述交易请求中至少包括所述用户信息;所述蜜网由多台蜜罐主机、防火墙预先构建;When a transaction request sent by a user is received, the honeynet is used to identify the transaction request, obtain a recognition result, and judge whether the recognition result is an abnormal result; wherein, the transaction request includes at least the user information; The honeynet is pre-built by multiple honeypot hosts and firewalls;

若所述识别结果不为所述异常结果,从信息库中获取所述用户的身份信息,利用所述身份信息对所述用户信息进行校验;If the identification result is not the abnormal result, obtain the identity information of the user from the information database, and use the identity information to verify the user information;

当所述用户信息校验通过时,利用辅助认证方式对所述用户信息进行辅助认证;When the verification of the user information is passed, perform auxiliary authentication on the user information by means of auxiliary authentication;

当所述用户信息通过辅助认证时,根据所述交易请求完成相应的交易。When the user information passes the auxiliary authentication, the corresponding transaction is completed according to the transaction request.

可选的,所述并判断所述识别结果是否为异常结果之后,还包括:Optionally, after determining whether the identification result is an abnormal result, it also includes:

若所述识别结果为所述异常结果,利用所述蜜网对所述异常结果进行分析,得到分析结果,并依据所述分析结果对参数进行调节,以使所述蜜网精确捕获数据。If the recognition result is the abnormal result, the honeynet is used to analyze the abnormal result to obtain an analysis result, and parameters are adjusted according to the analysis result, so that the honeynet can accurately capture data.

可选的,还包括:Optionally, also include:

当所述用户信息校验未通过时,则向所述用户发送交易失败的提示。When the user information verification fails, a transaction failure prompt is sent to the user.

可选的,还包括:Optionally, also include:

当所述用户信息未通过辅助认证时,则向所述用户发送交易失败的提示。When the user information fails the auxiliary authentication, a transaction failure prompt is sent to the user.

一种基于蜜网的校验装置,包括:A verification device based on a honeynet, comprising:

识别单元,用于当接收到用户发送的交易请求时,利用蜜网对所述交易请求进行识别,得到识别结果,并判断所述识别结果是否为异常结果;其中,所述交易请求中至少包括所述用户信息;所述蜜网由多台蜜罐主机、防火墙预先构建;The identifying unit is configured to, when receiving a transaction request sent by a user, use a honeynet to identify the transaction request, obtain an identification result, and judge whether the identification result is an abnormal result; wherein, the transaction request includes at least The user information; the honeynet is pre-built by multiple honeypot hosts and firewalls;

校验单元,用于若所述识别结果不为所述异常结果,从信息库中获取所述用户的身份信息,利用所述身份信息对所述用户信息进行校验;A verification unit, configured to obtain the identity information of the user from the information database if the identification result is not the abnormal result, and use the identity information to verify the user information;

认证单元,用于当所述用户信息校验通过时,利用辅助认证方式对所述用户信息进行辅助认证;An authentication unit, configured to use an auxiliary authentication method to perform auxiliary authentication on the user information when the user information is verified to pass;

交易单元,用于当所述用户信息通过辅助认证时,根据所述交易请求完成相应的交易。A transaction unit, configured to complete a corresponding transaction according to the transaction request when the user information passes the auxiliary authentication.

可选的,还包括:Optionally, also include:

若所述识别结果为所述异常结果,利用所述蜜网对所述异常结果进行分析,得到分析结果,并依据所述分析结果对参数进行调节,以使所述蜜网精确捕获数据。If the recognition result is the abnormal result, the honeynet is used to analyze the abnormal result to obtain an analysis result, and parameters are adjusted according to the analysis result, so that the honeynet can accurately capture data.

可选的,还包括:Optionally, also include:

当所述用户信息校验未通过时,则向所述用户发送交易失败的提示。When the user information verification fails, a transaction failure prompt is sent to the user.

可选的,还包括:Optionally, also include:

当所述用户信息未通过辅助认证时,则向所述用户发送交易失败的提示。When the user information fails the auxiliary authentication, a transaction failure prompt is sent to the user.

一种计算机可读存储介质,其特征在于,所述计算机可读存储介质包括存储的程序,其中,所述程序执行所述的基于蜜网的校验方法。A computer-readable storage medium, characterized in that the computer-readable storage medium includes a stored program, wherein the program executes the honeynet-based verification method.

一种基于蜜网的校验设备,其特征在于,包括:处理器、存储器和总线;所述处理器与所述存储器通过所述总线连接;A honeynet-based verification device, characterized in that it includes: a processor, a memory, and a bus; the processor and the memory are connected through the bus;

所述存储器用于存储程序,所述处理器用于运行程序,其中,所述程序运行时执行所述的基于蜜网的校验方法。The memory is used to store a program, and the processor is used to run the program, wherein the honeynet-based verification method is executed when the program runs.

本申请提供的技术方案,当接收到用户发送的交易请求时,利用蜜网对交易请求进行识别,得到识别结果,并判断识别结果是否为异常结果;若识别结果不为异常结果,从信息库中获取用户的身份信息,利用身份信息对用户信息进行校验;当用户信息校验通过时,利用辅助认证方式对用户信息进行辅助认证;当用户信息通过辅助认证时,根据交易请求完成相应的交易,与现有技术相比,利用辅助认证方式对用户信息进行再次校验,避免用户信息被第三方盗用,提高业务系统的安全性。In the technical solution provided by this application, when a transaction request sent by a user is received, the honeynet is used to identify the transaction request, obtain the recognition result, and judge whether the recognition result is an abnormal result; if the recognition result is not an abnormal result, the Obtain the user's identity information in the process, and use the identity information to verify the user information; when the user information verification is passed, use the auxiliary authentication method to perform auxiliary authentication on the user information; when the user information passes the auxiliary authentication, complete the corresponding transaction according to the transaction request Compared with the existing technology, the transaction uses the auxiliary authentication method to re-verify the user information to prevent the user information from being embezzled by a third party and improve the security of the business system.

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present application. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本申请实施例提供的一种基于蜜网的校验方法的流程图;Fig. 1 is a flow chart of a verification method based on a honeynet provided by an embodiment of the present application;

图2为本申请实施例提供的另一种基于蜜网的校验方法的流程图;Fig. 2 is the flow chart of another kind of verification method based on honeynet that the embodiment of the present application provides;

图3为本申请实施例提供的一种基于蜜网的校验装置的架构示意图;FIG. 3 is a schematic structural diagram of a verification device based on a honeynet provided in an embodiment of the present application;

图4为本申请实施例提供的一种基于蜜网的校验设备的架构示意图;FIG. 4 is a schematic structural diagram of a honeynet-based verification device provided in an embodiment of the present application;

图5为本申请实施例提供的一种蜜网的架构示意图。FIG. 5 is a schematic diagram of a honeynet architecture provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

需要说明的是,本发明提供的基于蜜网的校验方法、装置、存储介质及设备可应用于网络安全领域。上述仅为示例,并不对本发明提供的基于蜜网的校验方法、装置、存储介质及设备的应用领域进行限定。It should be noted that the honeynet-based verification method, device, storage medium and equipment provided by the present invention can be applied in the field of network security. The above is only an example, and does not limit the application fields of the honeynet-based verification method, device, storage medium and equipment provided by the present invention.

本文使用的术语“包括”及其变形是开放性包括,即“包括但不限于”。术语“基于”是“至少部分地基于”。术语“一个实施例”表示“至少一个实施例”;术语“另一实施例”表示“至少一个另外的实施例”;术语“一些实施例”表示“至少一些实施例”。其他术语的相关定义将在下文描述中给出。As used herein, the term "comprise" and its variations are open-ended, ie "including but not limited to". The term "based on" is "based at least in part on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one further embodiment"; the term "some embodiments" means "at least some embodiments." Relevant definitions of other terms will be given in the description below.

需要注意,本公开中提及的“第一”、“第二”等概念仅用于对不同的装置、模块或单元进行区分,并非用于限定这些装置、模块或单元所执行的功能的顺序或者相互依存关系。It should be noted that concepts such as "first" and "second" mentioned in this disclosure are only used to distinguish different devices, modules or units, and are not used to limit the sequence of functions performed by these devices, modules or units or interdependence.

需要注意,本公开中提及的“一个”、“多个”的修饰是示意性而非限制性的,本领域技术人员应当理解,除非在上下文另有明确指出,否则应该理解为“一个或多个”。It should be noted that the modifications of "one" and "multiple" mentioned in the present disclosure are illustrative and not restrictive, and those skilled in the art should understand that unless the context clearly indicates otherwise, it should be understood as "one or more" Multiple".

如图1所示,为本申请实施例提供的一种基于蜜网的校验方法的流程图,包括:As shown in Figure 1, a flow chart of a honeynet-based verification method provided by the embodiment of the present application includes:

S101:当接收到用户发送的交易请求时,利用蜜网对交易请求进行识别,得到识别结果,并判断识别结果是否为异常结果。S101: When receiving the transaction request sent by the user, use the honeynet to identify the transaction request, obtain the identification result, and judge whether the identification result is an abnormal result.

若识别结果为异常结果,则执行S102,否则执行S103。If the recognition result is an abnormal result, execute S102, otherwise execute S103.

其中,交易请求中至少包括用户信息,用户信息至少包括用户名以及与用户名对应的密码,异常结果包括:非正常交易请求(例如交易伪造、跨站访问、交易重发等)。Among them, the transaction request includes at least user information, and the user information includes at least a user name and a password corresponding to the user name, and abnormal results include: abnormal transaction requests (such as transaction forgery, cross-site access, transaction resending, etc.).

需要说明的是,蜜网由多台蜜罐主机、防火墙预先构建,利用蜜网(如图5所示)对交易请求进行识别,由于蜜网具有真实的欺骗网络环境,诱导黑客进行攻击,将黑客拦截在蜜网中,阻止了黑客对用户账户的攻击从而规避风险。It should be noted that the honeynet is pre-built by multiple honeypot hosts and firewalls, and uses the honeynet (as shown in Figure 5) to identify transaction requests. Since the honeynet has a real deceptive network environment, hackers are induced to attack, and the Hackers are intercepted in the honeynet, preventing hackers from attacking user accounts and avoiding risks.

具体的,假设接收到用户发送的购买电器的交易请求,利用蜜网对用户发送的购买电器的交易请求进行识别,得到识别结果,判断识别结果是否为异常结果,可以看出,用户发送的购买电器的交易请求为正常交易请求,为此,继续执行S103。Specifically, assuming that the transaction request for purchasing electrical appliances sent by the user is received, the honeynet is used to identify the transaction request for purchasing electrical appliances sent by the user, and the identification result is obtained, and it is judged whether the identification result is an abnormal result. It can be seen that the purchase The transaction request of the electrical appliance is a normal transaction request, therefore, continue to execute S103.

需要强调的是,利用蜜网对交易请求进行识别的具体实现方式,为本领域人员公知的常识,这里不再赘述。What needs to be emphasized is that the specific implementation of using the honeynet to identify the transaction request is common knowledge known to those skilled in the art, and will not be repeated here.

S102:利用蜜网对异常结果进行分析,得到分析结果,并依据分析结果对参数进行调节,以使蜜网精确捕获数据。S102: Use the honeynet to analyze the abnormal result, obtain the analysis result, and adjust the parameters according to the analysis result, so that the honeynet can accurately capture data.

其中,分析结果至少包括发送交易请求的IP地址。Wherein, the analysis result at least includes the IP address sending the transaction request.

可选的,利用蜜网对异常结果进行分析,得到分析结果(例如得到交易请求的IP地址),依据IP地址对蜜网的参数(例如监控频率等)进行调节,以使蜜网对IP地址所属的地区进行重点监控,从而获取到攻击者的信息。Optionally, use the honeynet to analyze the abnormal results, obtain the analysis results (for example, obtain the IP address of the transaction request), and adjust the parameters of the honeynet (such as monitoring frequency, etc.) The area to which it belongs is focused on monitoring, so as to obtain information about the attacker.

需要说明的是,利用蜜网对异常结果进行分析的具体实现方式,为本领域人员公知的常识,这里不再赘述。It should be noted that the specific implementation manner of analyzing abnormal results by using the honeynet is common knowledge known to those skilled in the art, and will not be repeated here.

S103:从信息库中获取用户的身份信息,利用身份信息对用户信息进行校验。S103: Obtain the user's identity information from the information database, and use the identity information to verify the user information.

其中,身份信息至少包括用户账号、与用户账号对应的密码。Wherein, the identity information includes at least a user account and a password corresponding to the user account.

需要说明的是,从信息库中获取用户的身份信息,将身份信息与用户信息进行比对,在身份信息与用户信息一致的情况下,确定用户信息通过校验,若身份信息与用户信息不一致,确定用户信息未通过校验,不能执行与交易请求对应的交易操作。It should be noted that the user's identity information is obtained from the information database, and the identity information is compared with the user information. If the identity information is consistent with the user information, it is determined that the user information has passed the verification. If the identity information is inconsistent with the user information , it is determined that the user information has not passed the verification, and the transaction operation corresponding to the transaction request cannot be performed.

可选的,可通过身份认证协议对用户信息进行校验,身份认证协议包括但不限于:Kerberos、Oauth、SAML2.0等协议。Optionally, user information can be verified through an identity authentication protocol, which includes but is not limited to: Kerberos, Oauth, SAML2.0 and other protocols.

具体的,假设用户信息为:用户账号(例如张三)、与用户账号对应的密码(123456789),从信息库中获取与用户对应的身份信息为:用户账号(张三)、与用户账号对应的密码(123456789),可以看出,身份信息与用户信息一致,为此,继续执行S104。Specifically, assuming that the user information is: user account (such as Zhang San), and the password corresponding to the user account (123456789), the identity information corresponding to the user obtained from the information database is: user account (Zhang San), corresponding to the user account password (123456789), it can be seen that the identity information is consistent with the user information, so continue to execute S104.

S104:当用户信息校验通过时,利用辅助认证方式对用户信息进行辅助认证。S104: When the verification of the user information is passed, perform auxiliary authentication on the user information in an auxiliary authentication manner.

在执行S104之后,继续执行S106和S107中的任意一项。After executing S104, continue to execute any one of S106 and S107.

其中,辅助认证方式包括但不限于为:人脸、声纹、短信、虹膜。Among them, auxiliary authentication methods include but are not limited to: face, voiceprint, SMS, and iris.

具体的,假设辅助认证方式为人脸认证,当用户信息校验通过时,利用人脸认证对用户信息进行辅助认证,将采集到的用户的人脸图像与数据库中获取到的人脸图像进行比对,比对一致则通过辅助认证,比对不一致则未通过。Specifically, assuming that the auxiliary authentication method is face authentication, when the user information verification is passed, use face authentication to perform auxiliary authentication on user information, and compare the collected user's face image with the face image obtained in the database. Yes, if the comparison is consistent, the auxiliary certification will be passed, and if the comparison is inconsistent, it will not be passed.

需要说明的是,利用辅助认证对用户信息进行辅助认证,能够减少用户信息伪造的风险,避免用户信息被盗用之后造成损失。It should be noted that using auxiliary authentication to perform auxiliary authentication on user information can reduce the risk of user information forgery and avoid losses caused by user information being stolen.

S105:当用户信息校验未通过时,则向用户发送交易失败的提示。S105: When the user information verification fails, send a transaction failure prompt to the user.

其中,当用户信息与身份信息不一致时,则用户信息校验未通过,则向用户发送交易失败的提示。Wherein, when the user information is inconsistent with the identity information, the verification of the user information fails, and a prompt of transaction failure is sent to the user.

具体的,假设用户账号(例如张三)、与账号对应的密码(12345),从信息库中获取与用户对应的身份信息为:用户账号(张三)、与用户账号对应的密码(12389),可以看出,身份信息与用户信息不一致,用户信息校验未通过,则向用户发送交易失败的提示。Specifically, assuming a user account (such as Zhang San) and a password corresponding to the account (12345), the identity information corresponding to the user obtained from the information base is: the user account (Zhang San), the password corresponding to the user account (12389) , it can be seen that the identity information is inconsistent with the user information, and if the user information verification fails, a transaction failure prompt will be sent to the user.

S106:当用户信息通过辅助认证时,根据交易请求完成相应的交易。S106: When the user information passes the auxiliary authentication, complete the corresponding transaction according to the transaction request.

S107:当用户信息未通过辅助认证时,则向用户发送交易失败的提示。S107: When the user information fails the auxiliary authentication, send a transaction failure prompt to the user.

其中,利用辅助认证方式对用户信息进行辅助认证,而用户信息未通过辅助认证时,向用户发送交易失败的提示。Wherein, the auxiliary authentication method is used to perform auxiliary authentication on the user information, and when the user information fails the auxiliary authentication, a transaction failure prompt is sent to the user.

综上所述,当接收到用户发送的交易请求时,利用蜜网对交易请求进行识别,得到识别结果,并判断识别结果是否为异常结果;若识别结果不为异常结果,从信息库中获取用户的身份信息,利用身份信息对用户信息进行校验;当用户信息校验通过时,利用辅助认证方式对用户信息进行辅助认证;当用户信息通过辅助认证时,根据交易请求完成相应的交易,与现有技术相比,利用辅助认证方式对用户信息进行再次校验,避免用户信息被第三方盗用,提高业务系统的安全性。To sum up, when a transaction request sent by a user is received, the honeynet is used to identify the transaction request, obtain the recognition result, and judge whether the recognition result is an abnormal result; if the recognition result is not an abnormal result, obtain it from the information base The user's identity information is used to verify the user information; when the user information is verified, the user information is assisted by the auxiliary authentication method; when the user information passes the auxiliary authentication, the corresponding transaction is completed according to the transaction request. Compared with the prior art, the user information is verified again by using the auxiliary authentication method, which prevents the user information from being embezzled by a third party and improves the security of the business system.

如图2所示,为本申请实施例提供的另一种基于蜜网的校验方法的流程图,包括:As shown in Figure 2, it is a flow chart of another honeynet-based verification method provided by the embodiment of the present application, including:

S201:当接收到用户发送的交易请求时,利用蜜网对交易请求进行识别,得到识别结果,并判断识别结果是否为异常结果。S201: When receiving the transaction request sent by the user, use the honeynet to identify the transaction request, obtain the identification result, and judge whether the identification result is an abnormal result.

其中,交易请求中至少包括用户信息;蜜网由多台蜜罐主机、防火墙预先构建。Among them, the transaction request includes at least user information; the honeynet is pre-built by multiple honeypot hosts and firewalls.

S202:若识别结果不为异常结果,从信息库中获取用户的身份信息,利用身份信息对用户信息进行校验。S202: If the recognition result is not an abnormal result, acquire the user's identity information from the information database, and use the identity information to verify the user information.

S203:当用户信息校验通过时,利用辅助认证方式对用户信息进行辅助认证。S203: When the verification of the user information is passed, perform auxiliary authentication on the user information in an auxiliary authentication manner.

S204:当用户信息通过辅助认证时,根据交易请求完成相应的交易。S204: When the user information passes the auxiliary authentication, complete the corresponding transaction according to the transaction request.

综上所述,当接收到用户发送的交易请求时,利用蜜网对交易请求进行识别,得到识别结果,并判断识别结果是否为异常结果;若识别结果不为异常结果,从信息库中获取用户的身份信息,利用身份信息对用户信息进行校验;当用户信息校验通过时,利用辅助认证方式对用户信息进行辅助认证;当用户信息通过辅助认证时,根据交易请求完成相应的交易,与现有技术相比,利用辅助认证方式对用户信息进行再次校验,避免用户信息被第三方盗用,提高业务系统的安全性。To sum up, when a transaction request sent by a user is received, the honeynet is used to identify the transaction request, obtain the recognition result, and judge whether the recognition result is an abnormal result; if the recognition result is not an abnormal result, obtain it from the information base The user's identity information is used to verify the user information; when the user information is verified, the user information is assisted by the auxiliary authentication method; when the user information passes the auxiliary authentication, the corresponding transaction is completed according to the transaction request. Compared with the prior art, the user information is verified again by using the auxiliary authentication method, which prevents the user information from being embezzled by a third party and improves the security of the business system.

需要说明的是,本发明提供的基于蜜网的校验方法可用于人工智能领域、区块链领域、分布式领域、云计算领域、大数据领域、物联网领域、移动互联领域、网络安全领域、芯片领域、虚拟现实领域、增强现实领域、全息技术领域、量子计算领域、量子通信领域、量子测量领域、数字孪生领域或金融领域。上述仅为示例,并不对本发明提供的基于蜜网的校验方法的应用领域进行限定。It should be noted that the honeynet-based verification method provided by the present invention can be used in the fields of artificial intelligence, blockchain, distributed, cloud computing, big data, Internet of Things, mobile Internet, and network security. , chip field, virtual reality field, augmented reality field, holographic technology field, quantum computing field, quantum communication field, quantum measurement field, digital twin field or financial field. The above is only an example, and does not limit the application field of the verification method based on the honeynet provided by the present invention.

本发明提供的基于蜜网的校验方法可用于金融领域或其他领域,例如,可用于金融领域中的交易应用场景。其他领域为除金融领域之外的任意领域,例如,网络安全领域。上述仅为示例,并不对本发明提供的基于蜜网的校验方法的应用领域进行限定。The honeynet-based verification method provided by the present invention can be used in the financial field or other fields, for example, it can be used in transaction application scenarios in the financial field. The other fields are arbitrary fields other than the financial field, for example, the network security field. The above is only an example, and does not limit the application field of the verification method based on the honeynet provided by the present invention.

如图3所示,为本申请实施例提供的另一种基于蜜网的校验装置的架构示意图,包括:As shown in Figure 3, it is a schematic diagram of the architecture of another honeynet-based verification device provided in the embodiment of the present application, including:

识别单元100,用于当接收到用户发送的交易请求时,利用蜜网对交易请求进行识别,得到识别结果,并判断识别结果是否为异常结果;其中,交易请求中至少包括用户信息;蜜网由多台蜜罐主机、防火墙预先构建。The identification unit 100 is configured to use the honeynet to identify the transaction request when receiving the transaction request sent by the user, obtain the identification result, and judge whether the identification result is an abnormal result; wherein, the transaction request includes at least user information; the honeynet It is pre-built by multiple honeypot hosts and firewalls.

识别单元100,还用于若识别结果为异常结果,利用蜜网对异常结果进行分析,得到分析结果,并依据分析结果对参数进行调节,以使蜜网精确捕获数据。The identification unit 100 is further configured to use the honeynet to analyze the abnormal result to obtain the analysis result if the identification result is an abnormal result, and adjust the parameters according to the analysis result so that the honeynet can accurately capture data.

校验单元200,用于若识别结果不为异常结果,从信息库中获取用户的身份信息,利用身份信息对用户信息进行校验。The verification unit 200 is configured to obtain the user's identity information from the information database if the recognition result is not an abnormal result, and use the identity information to verify the user information.

认证单元300,用于当用户信息校验通过时,利用辅助认证方式对用户信息进行辅助认证。The authentication unit 300 is configured to perform auxiliary authentication on user information in an auxiliary authentication manner when the user information is verified and passed.

认证单元300,还用于当用户信息校验未通过时,则向用户发送交易失败的提示。The authentication unit 300 is further configured to send a transaction failure prompt to the user when the user information verification fails.

交易单元400,用于当用户信息通过辅助认证时,根据交易请求完成相应的交易。The transaction unit 400 is configured to complete the corresponding transaction according to the transaction request when the user information passes the supplementary authentication.

交易单元400,还用于当用户信息未通过辅助认证时,则向用户发送交易失败的提示。The transaction unit 400 is further configured to send a transaction failure prompt to the user when the user information fails the supplementary authentication.

综上所述,当接收到用户发送的交易请求时,利用蜜网对交易请求进行识别,得到识别结果,并判断识别结果是否为异常结果;若识别结果不为异常结果,从信息库中获取用户的身份信息,利用身份信息对用户信息进行校验;当用户信息校验通过时,利用辅助认证方式对用户信息进行辅助认证;当用户信息通过辅助认证时,根据交易请求完成相应的交易,与现有技术相比,利用辅助认证方式对用户信息进行再次校验,避免用户信息被第三方盗用,提高业务系统的安全性。To sum up, when a transaction request sent by a user is received, the honeynet is used to identify the transaction request, obtain the recognition result, and judge whether the recognition result is an abnormal result; if the recognition result is not an abnormal result, obtain it from the information base The user's identity information is used to verify the user information; when the user information is verified, the user information is assisted by the auxiliary authentication method; when the user information passes the auxiliary authentication, the corresponding transaction is completed according to the transaction request. Compared with the prior art, the user information is verified again by using the auxiliary authentication method, which prevents the user information from being embezzled by a third party and improves the security of the business system.

本申请还提供了一种计算机可读存储介质,计算机可读存储介质包括存储的程序,其中,程序执行上述本申请提供的基于蜜网的校验方法。The present application also provides a computer-readable storage medium, and the computer-readable storage medium includes a stored program, wherein the program executes the honeynet-based verification method provided in the present application.

如图4所示,本申请还提供了一种基于蜜网的校验设备,包括:处理器401、存储器402和总线403。处理器401与存储器402通过总线403连接,存储器402用于存储程序,处理器401用于运行程序,其中,程序运行时执行上述本申请提供的基于蜜网的校验方法,包括如下步骤:As shown in FIG. 4 , the present application also provides a verification device based on a honeynet, including: a processor 401 , a memory 402 and a bus 403 . The processor 401 and the memory 402 are connected through the bus 403, the memory 402 is used to store the program, and the processor 401 is used to run the program, wherein, when the program is running, the verification method based on the honeynet provided by the above-mentioned application is executed, including the following steps:

当接收到用户发送的交易请求时,利用蜜网对所述交易请求进行识别,得到识别结果,并判断所述识别结果是否为异常结果;其中,所述交易请求中至少包括所述用户信息;所述蜜网由多台蜜罐主机、防火墙预先构建;When a transaction request sent by a user is received, the honeynet is used to identify the transaction request, obtain a recognition result, and judge whether the recognition result is an abnormal result; wherein, the transaction request includes at least the user information; The honeynet is pre-built by multiple honeypot hosts and firewalls;

若所述识别结果不为所述异常结果,从信息库中获取所述用户的身份信息,利用所述身份信息对所述用户信息进行校验;If the identification result is not the abnormal result, obtain the identity information of the user from the information database, and use the identity information to verify the user information;

当所述用户信息校验通过时,利用辅助认证方式对所述用户信息进行辅助认证;When the verification of the user information is passed, perform auxiliary authentication on the user information by means of auxiliary authentication;

当所述用户信息通过辅助认证时,根据所述交易请求完成相应的交易。When the user information passes the auxiliary authentication, the corresponding transaction is completed according to the transaction request.

可选的,所述并判断所述识别结果是否为异常结果之后,还包括:Optionally, after determining whether the identification result is an abnormal result, it also includes:

若所述识别结果为所述异常结果,利用所述蜜网对所述异常结果进行分析,得到分析结果,并依据所述分析结果对参数进行调节,以使所述蜜网精确捕获数据。If the recognition result is the abnormal result, the honeynet is used to analyze the abnormal result to obtain an analysis result, and parameters are adjusted according to the analysis result, so that the honeynet can accurately capture data.

可选的,还包括:Optionally, also include:

当所述用户信息校验未通过时,则向所述用户发送交易失败的提示。When the user information verification fails, a transaction failure prompt is sent to the user.

可选的,还包括:Optionally, also include:

当所述用户信息未通过辅助认证时,则向所述用户发送交易失败的提示。When the user information fails the auxiliary authentication, a transaction failure prompt is sent to the user.

尽管已经采用特定于结构特征和/或方法逻辑动作的语言描述了本主题,但是应当理解所附权利要求书中所限定的主题未必局限于上面描述的特定特征或动作。相反,上面所描述的特定特征和动作仅仅是实现权利要求书的示例形式。Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are merely example forms of implementing the claims.

虽然在上面论述中包含了若干具体实现细节,但是这些不应当被解释为对本公开的范围的限制。在单独的实施例的上下文中描述的某些特征还可以组合地实现在单个实施例中。相反地,在单个实施例的上下文中描述的各种特征也可以单独地或以任何合适的子组合的方式实现在多个实施例中。While several specific implementation details are contained in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.

以上描述仅为本公开的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本公开中所涉及的公开范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离上述公开构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其它技术方案。例如上述特征与本公开中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above description is only a preferred embodiment of the present disclosure and an illustration of the applied technical principle. Those skilled in the art should understand that the disclosure scope involved in this disclosure is not limited to the technical solution formed by the specific combination of the above-mentioned technical features, but also covers the technical solutions formed by the above-mentioned technical features or Other technical solutions formed by any combination of equivalent features. For example, a technical solution formed by replacing the above-mentioned features with (but not limited to) technical features with similar functions disclosed in this disclosure.

本申请实施例方法所述的功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算设备可读取存储介质中。基于这样的理解,本申请实施例对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该软件产品存储在一个存储介质中,包括若干指令用以使得一台计算设备(可以是个人计算机,服务器,移动计算设备或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the functions described in the methods of the embodiments of the present application are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computing device-readable storage medium. Based on this understanding, the part of the embodiment of the present application that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, the software product is stored in a storage medium, and includes several instructions to make a A computing device (which may be a personal computer, a server, a mobile computing device or a network device, etc.) executes all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes. .

本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same or similar parts of each embodiment can be referred to each other.

对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本申请。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本申请的精神或范围的情况下,在其它实施例中实现。因此,本申请将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the application. Therefore, the present application will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1.一种基于蜜网的校验方法,其特征在于,包括:1. A verification method based on honeynet, is characterized in that, comprises: 当接收到用户发送的交易请求时,利用蜜网对所述交易请求进行识别,得到识别结果,并判断所述识别结果是否为异常结果;其中,所述交易请求中至少包括所述用户信息;所述蜜网由多台蜜罐主机、防火墙预先构建;When a transaction request sent by a user is received, the honeynet is used to identify the transaction request, obtain a recognition result, and judge whether the recognition result is an abnormal result; wherein, the transaction request includes at least the user information; The honeynet is pre-built by multiple honeypot hosts and firewalls; 若所述识别结果不为所述异常结果,从信息库中获取所述用户的身份信息,利用所述身份信息对所述用户信息进行校验;If the identification result is not the abnormal result, obtain the identity information of the user from the information database, and use the identity information to verify the user information; 当所述用户信息校验通过时,利用辅助认证方式对所述用户信息进行辅助认证;When the verification of the user information is passed, perform auxiliary authentication on the user information by means of auxiliary authentication; 当所述用户信息通过辅助认证时,根据所述交易请求完成相应的交易。When the user information passes the auxiliary authentication, the corresponding transaction is completed according to the transaction request. 2.根据权利要求1所述的方法,其特征在于,所述并判断所述识别结果是否为异常结果之后,还包括:2. The method according to claim 1, wherein after said and judging whether the recognition result is an abnormal result, further comprising: 若所述识别结果为所述异常结果,利用所述蜜网对所述异常结果进行分析,得到分析结果,并依据所述分析结果对参数进行调节,以使所述蜜网精确捕获数据。If the recognition result is the abnormal result, the honeynet is used to analyze the abnormal result to obtain an analysis result, and parameters are adjusted according to the analysis result, so that the honeynet can accurately capture data. 3.根据权利要求1所述的方法,其特征在于,还包括:3. The method according to claim 1, further comprising: 当所述用户信息校验未通过时,则向所述用户发送交易失败的提示。When the user information verification fails, a transaction failure prompt is sent to the user. 4.根据权利要求1所述的方法,其特征在于,还包括:4. The method according to claim 1, further comprising: 当所述用户信息未通过辅助认证时,则向所述用户发送交易失败的提示。When the user information fails the auxiliary authentication, a transaction failure prompt is sent to the user. 5.一种基于蜜网的校验装置,其特征在于,包括:5. A verification device based on a honeynet, characterized in that, comprising: 识别单元,用于当接收到用户发送的交易请求时,利用蜜网对所述交易请求进行识别,得到识别结果,并判断所述识别结果是否为异常结果;其中,所述交易请求中至少包括所述用户信息;所述蜜网由多台蜜罐主机、防火墙预先构建;The identifying unit is configured to, when receiving a transaction request sent by a user, use a honeynet to identify the transaction request, obtain an identification result, and judge whether the identification result is an abnormal result; wherein, the transaction request includes at least The user information; the honeynet is pre-built by multiple honeypot hosts and firewalls; 校验单元,用于若所述识别结果不为所述异常结果,从信息库中获取所述用户的身份信息,利用所述身份信息对所述用户信息进行校验;A verification unit, configured to obtain the identity information of the user from the information database if the identification result is not the abnormal result, and use the identity information to verify the user information; 认证单元,用于当所述用户信息校验通过时,利用辅助认证方式对所述用户信息进行辅助认证;An authentication unit, configured to use an auxiliary authentication method to perform auxiliary authentication on the user information when the user information is verified to pass; 交易单元,用于当所述用户信息通过辅助认证时,根据所述交易请求完成相应的交易。A transaction unit, configured to complete a corresponding transaction according to the transaction request when the user information passes the auxiliary authentication. 6.根据权利要求5所述的装置,其特征在于,还包括:6. The device according to claim 5, further comprising: 若所述识别结果为所述异常结果,利用所述蜜网对所述异常结果进行分析,得到分析结果,并依据所述分析结果对参数进行调节,以使所述蜜网精确捕获数据。If the recognition result is the abnormal result, the honeynet is used to analyze the abnormal result to obtain an analysis result, and parameters are adjusted according to the analysis result, so that the honeynet can accurately capture data. 7.根据权利要求5所述的装置,其特征在于,还包括:7. The device according to claim 5, further comprising: 当所述用户信息校验未通过时,则向所述用户发送交易失败的提示。When the user information verification fails, a transaction failure prompt is sent to the user. 8.根据权利要求5所述的装置,其特征在于,还包括:8. The device according to claim 5, further comprising: 当所述用户信息未通过辅助认证时,则向所述用户发送交易失败的提示。When the user information fails the auxiliary authentication, a transaction failure prompt is sent to the user. 9.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质包括存储的程序,其中,所述程序执行权利要求1-4任一所述的基于蜜网的校验方法。9. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored program, wherein the program executes the honeynet-based verification method according to any one of claims 1-4. 10.一种基于蜜网的校验设备,其特征在于,包括:处理器、存储器和总线;所述处理器与所述存储器通过所述总线连接;10. A verification device based on a honeynet, comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus; 所述存储器用于存储程序,所述处理器用于运行程序,其中,所述程序运行时执行权利要求1-4任一所述的基于蜜网的校验方法。The memory is used to store a program, and the processor is used to run the program, wherein, when the program is running, the honeynet-based verification method described in any one of claims 1-4 is executed.
CN202211049360.1A 2022-08-30 2022-08-30 Honeynet-based verification method, device, storage medium and equipment Pending CN115348105A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211049360.1A CN115348105A (en) 2022-08-30 2022-08-30 Honeynet-based verification method, device, storage medium and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211049360.1A CN115348105A (en) 2022-08-30 2022-08-30 Honeynet-based verification method, device, storage medium and equipment

Publications (1)

Publication Number Publication Date
CN115348105A true CN115348105A (en) 2022-11-15

Family

ID=83954657

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211049360.1A Pending CN115348105A (en) 2022-08-30 2022-08-30 Honeynet-based verification method, device, storage medium and equipment

Country Status (1)

Country Link
CN (1) CN115348105A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110691097A (en) * 2019-10-18 2020-01-14 河海大学 A system of industrial control honeypot based on hpfeeds protocol and its working method
CN112398858A (en) * 2020-11-17 2021-02-23 江苏云柜网络技术有限公司 Method and system for real-name identity authentication of courier
US20210067553A1 (en) * 2019-09-04 2021-03-04 Oracle International Corporation Honeypots for infrastructure-as-a-service security
CN113901499A (en) * 2021-10-18 2022-01-07 北京八分量信息科技有限公司 A zero-trust access authority control system and method based on trusted computing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210067553A1 (en) * 2019-09-04 2021-03-04 Oracle International Corporation Honeypots for infrastructure-as-a-service security
CN110691097A (en) * 2019-10-18 2020-01-14 河海大学 A system of industrial control honeypot based on hpfeeds protocol and its working method
CN112398858A (en) * 2020-11-17 2021-02-23 江苏云柜网络技术有限公司 Method and system for real-name identity authentication of courier
CN113901499A (en) * 2021-10-18 2022-01-07 北京八分量信息科技有限公司 A zero-trust access authority control system and method based on trusted computing

Similar Documents

Publication Publication Date Title
US20210194883A1 (en) Systems and methods for adaptive step-up authentication
US8156335B2 (en) IP address secure multi-channel authentication for online transactions
US8214890B2 (en) Login authentication using a trusted device
US8978125B2 (en) Identity controlled data center
CN108880822B (en) An identity authentication method, device, system, and an intelligent wireless device
CN114598540A (en) Access control system, method, device and storage medium
US9311485B2 (en) Device reputation management
RU2634174C1 (en) System and method of bank transaction execution
CN107196972B (en) A kind of authentication method and system, terminal and server
CN107809438A (en) A kind of network authentication method, system and its user agent device used
CN104837159B (en) Android platform OAuth agreements misapply safety detection method
US12155680B2 (en) Methods of monitoring and protecting access to online services
WO2016188335A1 (en) Access control method, apparatus and system for user data
JP2017016674A (en) Illegal access detection and processing system, device, method, and computer readable recording medium
US20170026184A1 (en) Detection of fraudulent digital certificates
CN111147447A (en) Data protection method and system
US11177958B2 (en) Protection of authentication tokens
KR101583698B1 (en) Authentication system and method for device attempting connection
CN207442908U (en) A network identity authentication device and a login device
CN115314217B (en) Cross-multi-access edge computing system login method and device
CN114915534B (en) Trust enhancement-oriented network deployment architecture and network access method thereof
CN113343278B (en) Login request verification method and device for preventing CSRF attack
CN115348105A (en) Honeynet-based verification method, device, storage medium and equipment
US9781158B1 (en) Integrated paronymous network address detection
CN111064731A (en) Identification method and identification device for access authority of browser request and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination