CN102685147A - Mobile communication honeypot capturing system and implementation method thereof - Google Patents
Mobile communication honeypot capturing system and implementation method thereof Download PDFInfo
- Publication number
- CN102685147A CN102685147A CN2012101752124A CN201210175212A CN102685147A CN 102685147 A CN102685147 A CN 102685147A CN 2012101752124 A CN2012101752124 A CN 2012101752124A CN 201210175212 A CN201210175212 A CN 201210175212A CN 102685147 A CN102685147 A CN 102685147A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- mobile communication
- communication
- radio link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a mobile communication honeypot capturing system comprising a mobile communication terminal, a wireless link access module, a data capturing module and an application process central module, wherein the mobile communication terminal is communicated with the wireless link access module through a wireless channel link; and the data capturing module is connected with the application process central module through a server-side communication interface module. The invention further discloses an implementation method of the mobile communication honeypot capturing system; the mobile communication honeypot capturing system and the implementation method are independent of hardware equipment and system platforms of a mobile communication terminal and have universality; in addition, the communication behavior is monitored on the wireless link without occupying terminal resources.
Description
Technical field
The invention belongs to the radio network technique field, relate to a kind of honey jar capture systems and its implementation, specifically is that a kind of artificial antenna inserts honey jar capture systems and its implementation that environment is monitored to the communication of mobile terminal behavior.
Background technology
The world today, the mobile communication technology fast development, its superiority runs through the every aspect of life.When it brought convenience to us, also communication had caused threat to user's security.Be accompanied by popularizing of smart mobile phone, its multitask switching efficiently and wireless networking capabilities are loved by the people, but inevitably, also improved greatly by the possibility of virus attack.To this phenomenon, the someone proposed terminal protection, core net set up, based on the solutions such as mobile phone protection of base station.In the solution of terminal protection, though on the market security protection software to mobile phone viruses is arranged now, because of it all is rooted in certain hardware device, so flexibility is lower, resources occupation rate is big; Because of it is difficult to satisfy diversified cell phone system, versatility is poor, so market prospects remain to be considered; Because of it lacks the function of safety protection of Radio Link, so viral intercepting and capturing rate is low.The scheme of setting up in core net, core net associated nets source device layout difficulty, the characteristics that cost is high make this scheme have limitation.In scheme based on the protection of the mobile phone of base station, the base station very flexible, portable low, it is not enough that this scheme is existed.
The honey jar technology that adopts in the network safety prevention provides new thinking for the mobile communication security protection.The honey jar technology is former to be a kind of secure resources that can surveyed, attack even be broken and divulge a secret by the hacker.It is through luring hacker attacks into, and then collects evidence and hacker's attack is analyzed, and under the prerequisite of hiding real server address, implements security protection.
Really, be difficult to be solved always, influenced cellphone subscriber's communication support thus greatly to the information security issue of mobile communication.The mobile communication honey jar capture systems that the artificial antenna access environment that the present invention proposes carries out the portable terminal behavior monitoring can finely address this problem.The present invention is the basis with the honey jar technology, and this technology is applied on the Radio Link, and behavior is monitored, analyzed to communications of Mobile Terminals, excavates potential safety hazard, optimizes protective environment.Simultaneously, this device layout is simple, easy to implement, in future must the information of significantly reducing steal, safety problem such as loss, and rationally carry out in business activity, aspect such as personal information security protection plays very important effect.
Summary of the invention
The object of the present invention is to provide a kind of mobile communication honey jar capture systems; Be that a kind of artificial antenna inserts the method that environment is monitored to the communication of mobile terminal behavior; Come effectively to excavate potential safety hazard with this; Optimize protective environment, thereby improve the system safety protective capacities greatly, overcome in the mobile communication shortcomings such as existing safety prevention measure virus intercepting and capturing rate is low, very flexible.
Another object of the present invention is to provide a kind of implementation method of mobile communication honey jar capture systems.
The technical scheme that the present invention adopts is: a kind of mobile communication honey jar capture systems comprises mobile communication terminal, Radio Link AM access module, data capture module and application processes center module;
Said mobile communication terminal and Radio Link AM access module communicate through the wireless channel link;
Said data capture module is connected through the server end communication interface modules with the application processes center module.
As preferably, said Radio Link AM access module comprises radio-frequency module, baseband module, protocol stack module, gateway module, and said radio-frequency module receives aerial signal, sends into baseband module after the processing; Handle from the baseband module sense data during transmission, launch through antenna; Baseband module mainly be responsible for to the correlation reception data modulate, demodulation; Protocol stack module is resolved the frame that receives from baseband module according to mobile communication standard, delivers to data capture module; Broadcasting the corresponding command during transmission, artificial antenna inserts environment, is caught by Radio Link AM access module with the control cellphone information; Gateway module is differentiated the network type that inserts according to the data type that receives, and carries out alternately with real communication environment.
This Radio Link AM access module mainly is responsible under wireless environment, building access network, simulates the access environment of true base station, lures that mobile phone communicates by letter with it into, catches related data.Radio Link AM access module can be one or more, with the range of signal that will catch relevant.
As preferably, said data capture module is intercepted and captured mutual data between protocol stack module and the gateway module, and is sent to upper layer application processing center module.
This data capture module has been accomplished the work that is connected between Radio Link AM access module and application processes center module.
As preferably, said application processes center module comprises server end communication interface modules, communication behavior monitoring modular, back-end data library module, human-computer interaction module; Said server end communication interface modules is connected with data capture module, realizes Data Receiving and sends control information; Communication behavior monitoring modular invoking server end communication interface modules obtains the data after data capture module is handled, and content is wherein analyzed, scanned and compares with background data base, detects known virus and attack in the Content of Communication; Simultaneously, call human-computer interaction module and send related data,, excavate new potential safety hazard, thereby upgrade, optimize background data base through following the tracks of, monitor, analyze its communication behavior to portable terminal; The back-end data library module is realized malicious act comparison and real-time update function; Human-computer interaction module calling communication behavior monitoring module shows monitoring result; Invoking server end communication interface modules sends control information and controls Radio Link AM access module, realizes informing mobile communication terminal behavior monitoring result, assists the relevant malicious communication behavioral function of behavior monitoring module tracks.
The implementation method of above-mentioned mobile communication honey jar capture systems may further comprise the steps:
1) Radio Link AM access module initialization, broadcasting contains the radio signal of system parameters, waits for that mobile communication terminal connects access;
2) mobile communication terminal initialization, the scanning communication network according to the signal parameter that receives, sends connection request to it, carries out to insert and prepares;
3) Radio Link AM access module is configured management to self environment, sends signal to mobile communication terminal, allows to insert, and is its distribution related communication resource;
4) after the communication successful connection was set up, portable terminal was to Radio Link AM access module reported data;
5) the original communication data of Radio Link AM access module to receiving are carried out sequence of operations such as procotol parsing, with wireless environment that is virtually reality like reality, realize information interaction;
6) data capture module is intercepted and captured in the Radio Link AM access module mutual data between protocol stack submodule and gateway submodule, and it is handled and form executable file, is sent to the application processes center module;
7) the communication behavior monitoring modular in the processing center module is according to the fileinfo that receives, and comprehensive utilization back-end data database data communicates behavior monitoring, adds new malicious act to database simultaneously;
8) regulator of this monitoring system can be known the system safety state of portable terminal and inform the portable terminal monitoring result through human-computer interaction module at any time, realizes the function of safety protection of radio link layer.
Beneficial effect:The present invention is through broadcast radio signal, and artificial antenna inserts environment, lures that mobile communication terminal inserts monitoring device, the monitoring, analysis and the record that carry out the malicious communication behavior after treatment at radio link layer into.In the process that portable terminal communicates, no matter whether virus exists, and the transmission of information must be passed through Radio Link; The present invention makes full use of this characteristics; Combine the thought of honey jar technology simultaneously, the honey jar capture systems is applied to Radio Link, excavate potential safety hazard; Optimize protective environment, thereby improve the system safety protective capacities greatly.Existing security protection system all need be rooted in certain fixed platform; And security protection process of the present invention is at Radio Link but not mobile communication terminal carries out; Break away from the constraint of particular platform, thereby alleviated the load of portable terminal, reduced resources occupation rate; Reduce drain on manpower and material resources, strengthened versatility.In addition, layout of the present invention is simple, easy to implement, cost is low, flexibility is high.
Description of drawings
Fig. 1 is the operation principle sketch map of mobile communication honey jar acquisition equipment of the present invention;
Wherein have: first mobile communication terminal 101, second mobile communication terminal 102, Radio Link AM access module 103, RF front-end module 104; Baseband module 105, protocol stack module 106, gateway module 107; Data capture module 108, application processes center module 109, communication behavior monitoring modular 110; Human-computer interaction module 111, server end communication interface 112, back-end data library module 113.
Fig. 2 is a mobile communication honey jar catching method schematic flow diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is described further:
As shown in Figure 1; This honey jar capture systems comprises a Radio Link AM access module 103 and is placed near first mobile communication terminal 101, second mobile communication terminal 102 user of wireless network access base station (promptly through) the actual communication process under the artificial antenna environment.Data capture module 108 arrives application processes center 109 to transfer of data through wire message way after intercepting note and GPRS (GPRS, General Packet Radio Service) data.Be implemented in the inner data intercept of communication network like this, then data sent to the application processes center and further handle, finally realize the monitoring of communication behavior.
Radio Link AM access module 103 of the present invention is embedded devices, and its assembly radio-frequency module 104, baseband module 105 realize that on the FPGA platform protocol stack module 106, gateway module 107 move on the X86 platform.Its effect is to be placed near first mobile communication terminal 101 or second mobile communication terminal 102; Artificial antenna inserts environment; Catch the communication data that passes through the Radio Link access base station by radio-frequency front-end 104; Send into baseband module 105 after the processing and carry out demodulation, and give X86 platform the frame after the demodulation; The data of reading after the modulation from baseband module 105 during transmission are handled, and launch through antenna.106 pairs of frames that receive of protocol stack module carry out signalling analysis, obtain international mobile subscriber identity (IMSI, International Mobile Subscriber Identity) number and Content of Communication; Broadcast different command to mobile phone during transmission, whether insert Radio Link AM access module 103 with the control mobile phone.Gateway module 107 main being responsible for according to the data type that receives; Differentiating the network that inserts is global system for mobile communications (GSM; Global System for Mobile Communications) core net or the Internet carry out with real communication environment alternately.Wherein first mobile communication terminal 101, second mobile communication terminal 102 differ, and establish a capital will be in the coverage of same Radio Link AM access module 103, as long as there is one can lure access into to the portable terminal under its coverage near the Radio Link AM access module 103.
Application processes center module 109 communicates behavior monitoring after receiving the resolution data of catching through server communication port one 12, and compares with background data base 113, detects known virus and attack in the Content of Communication.In addition, in testing process, excavate new potential safety hazard, thereby upgrade, optimize background data base through data interaction.The regulator of this detection system can be known the system safety state of portable terminal and inform portable terminal behavior monitoring result through human-computer interaction module at any time simultaneously, realizes the function of safety protection of radio link layer.
As shown in Figure 2, concrete workflow of the present invention may further comprise the steps:
Step 201: initialization is carried out in Radio Link AM access module, waits for that mobile communication terminal connects to insert, and this moment, mobile communication terminal was placed in the network that Radio Link AM access module covered;
Step 202: the mobile communication terminal initialization also detects network signal; Accept the broadcast singal in the network; Strong and weak according to the signal that obtains, confirm Radio Link AM access module, initiatively send connection request to it; Allow the back to set up Radio Link with Radio Link AM access module and be connected, both sides realize proper communication.
Step 203: said AM access module is built access network under wireless environment, and the protocol stack in this module carries out sequence of operations such as procotol parsing to receiving original communication data, with wireless environment that is virtually reality like reality, realizes information interaction;
Here, said protocol stack can be gsm protocol stack or GPRS protocol stack.
Step 204: mutual data between protocol stack submodule and gateway submodule in the AM access module of data capture module intercepting and capturing Radio Link, it is handled and forms executable file, be sent to the application processes center module;
Step 205: the upper layer application processing center receives the data of uploading through the server terminal communication interface.Here, said data can be short message content or GPRS data.
Step 206~207: the communication behavior monitoring modular in the application processes center module is analyzed, is scanned and compare with background data base content wherein according to the fileinfo that receives, and detects known virus and attack in the Content of Communication; Simultaneously, call human-computer interaction module and send related data,, excavate new potential safety hazard, and upgrade, optimize background data base through following the tracks of, monitor, analyze its communication behavior to portable terminal.
Step 208: the regulator of this honey jar capture systems is known the system safety state of portable terminal at any time and is informed portable terminal behavior monitoring result through the human-computer interaction module on the x86 platform, realizes the function of safety protection of radio link layer.
Should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention, can also make some improvement and retouching, these improvement and retouching also should be regarded as protection scope of the present invention.The all available prior art of each part not clear and definite in the present embodiment realizes.
Claims (5)
1. a mobile communication honey jar capture systems is characterized in that: comprise mobile communication terminal, Radio Link AM access module, data capture module and application processes center module;
Said mobile communication terminal and Radio Link AM access module communicate through the wireless channel link;
Said data capture module is connected through the server end communication interface modules with the application processes center module.
2. a kind of mobile communication honey jar capture systems according to claim 1; It is characterized in that: said Radio Link AM access module comprises radio-frequency module, baseband module, protocol stack module, gateway module; Said radio-frequency module receives aerial signal, sends into baseband module after the processing; Handle from the baseband module sense data during transmission, launch through antenna; Baseband module mainly be responsible for to the correlation reception data modulate, demodulation; Protocol stack module is resolved the frame that receives from baseband module according to mobile communication standard, delivers to data capture module; Broadcasting the corresponding command during transmission, artificial antenna inserts environment, is caught by Radio Link AM access module with the control cellphone information; Gateway module is differentiated the network type that inserts according to the data type that receives, and carries out alternately with real communication environment.
3. a kind of mobile communication honey jar capture systems according to claim 1 is characterized in that: said data capture module is intercepted and captured mutual data between protocol stack module and the gateway module, and is sent to upper layer application processing center module.
4. a kind of mobile communication honey jar capture systems according to claim 1, it is characterized in that: said application processes center module comprises server end communication interface modules, communication behavior monitoring modular, back-end data library module, human-computer interaction module; Said server end communication interface modules is connected with data capture module, realizes Data Receiving and sends control information; Communication behavior monitoring modular invoking server end communication interface modules obtains the data after data capture module is handled, and content is wherein analyzed, scanned and compares with background data base, detects known virus and attack in the Content of Communication; Simultaneously, call human-computer interaction module and send related data,, excavate new potential safety hazard, thereby upgrade, optimize background data base through following the tracks of, monitor, analyze its communication behavior to portable terminal; The back-end data library module is realized malicious act comparison and real-time update function; Human-computer interaction module calling communication behavior monitoring module shows monitoring result; Invoking server end communication interface modules sends control information and controls Radio Link AM access module, realizes informing mobile communication terminal behavior monitoring result, assists the relevant malicious communication behavioral function of behavior monitoring module tracks.
5. the implementation method of the said mobile communication honey jar of claim 1 capture systems is characterized in that: may further comprise the steps:
Radio Link AM access module initialization, broadcasting contains the radio signal of system parameters, waits for that mobile communication terminal connects access;
The mobile communication terminal initialization, the scanning communication network according to the signal parameter that receives, sends connection request to it, carries out to insert and prepares;
Radio Link AM access module is configured management to self environment, sends signal to mobile communication terminal, allows to insert, and is its distribution related communication resource;
After the communication successful connection was set up, portable terminal was to Radio Link AM access module reported data;
The original communication data of Radio Link AM access module to receiving are carried out sequence of operations such as procotol parsing, with wireless environment that is virtually reality like reality, realize information interaction;
Executable file is handled and formed to mutual data between protocol stack submodule and gateway submodule to it in the AM access module of data capture module intercepting and capturing Radio Link, is sent to the application processes center module;
Communication behavior monitoring modular in the processing center module is according to the fileinfo that receives, and comprehensive utilization back-end data database data communicates behavior monitoring, adds new malicious act to database simultaneously;
The regulator of this monitoring system can be known the system safety state of portable terminal and inform the portable terminal monitoring result through human-computer interaction module at any time, realizes the function of safety protection of radio link layer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210175212.4A CN102685147B (en) | 2012-05-31 | 2012-05-31 | Mobile communication honeypot capturing system and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210175212.4A CN102685147B (en) | 2012-05-31 | 2012-05-31 | Mobile communication honeypot capturing system and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102685147A true CN102685147A (en) | 2012-09-19 |
| CN102685147B CN102685147B (en) | 2015-04-15 |
Family
ID=46816510
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210175212.4A Expired - Fee Related CN102685147B (en) | 2012-05-31 | 2012-05-31 | Mobile communication honeypot capturing system and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102685147B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980423A (en) * | 2014-11-26 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Advanced persistent threat trapping system and method |
| CN105656839A (en) * | 2014-11-11 | 2016-06-08 | 江苏威盾网络科技有限公司 | System and method for security protection of mobile terminal based on encryption technology |
| CN105743878A (en) * | 2014-12-30 | 2016-07-06 | 瞻博网络公司 | Dynamic service handling using a honeypot |
| CN107644161A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Safety detecting method, device and the equipment of sample |
| CN108366088A (en) * | 2017-12-28 | 2018-08-03 | 广州华夏职业学院 | A kind of information security early warning system for Instructing network |
| CN110475227A (en) * | 2019-07-26 | 2019-11-19 | 上海帆一尚行科技有限公司 | The method, apparatus of car networking protecting information safety, system, electronic equipment |
| CN110875904A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Method for realizing attack processing, honeypot deployment method, honeypot deployment medium and honeypot deployment device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080086776A1 (en) * | 2006-10-06 | 2008-04-10 | George Tuvell | System and method of malware sample collection on mobile networks |
| US20090144823A1 (en) * | 2006-03-27 | 2009-06-04 | Gerardo Lamastra | Method and System for Mobile Network Security, Related Network and Computer Program Product |
| CN101873556A (en) * | 2010-06-24 | 2010-10-27 | 北京安天电子设备有限公司 | Honeypot capture system for malicious information in communication network |
-
2012
- 2012-05-31 CN CN201210175212.4A patent/CN102685147B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090144823A1 (en) * | 2006-03-27 | 2009-06-04 | Gerardo Lamastra | Method and System for Mobile Network Security, Related Network and Computer Program Product |
| US20080086776A1 (en) * | 2006-10-06 | 2008-04-10 | George Tuvell | System and method of malware sample collection on mobile networks |
| CN101873556A (en) * | 2010-06-24 | 2010-10-27 | 北京安天电子设备有限公司 | Honeypot capture system for malicious information in communication network |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105656839A (en) * | 2014-11-11 | 2016-06-08 | 江苏威盾网络科技有限公司 | System and method for security protection of mobile terminal based on encryption technology |
| CN104980423A (en) * | 2014-11-26 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Advanced persistent threat trapping system and method |
| CN105743878A (en) * | 2014-12-30 | 2016-07-06 | 瞻博网络公司 | Dynamic service handling using a honeypot |
| CN105743878B (en) * | 2014-12-30 | 2021-08-13 | 瞻博网络公司 | Dynamic service handling using honeypots |
| CN107644161A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Safety detecting method, device and the equipment of sample |
| CN108366088A (en) * | 2017-12-28 | 2018-08-03 | 广州华夏职业学院 | A kind of information security early warning system for Instructing network |
| CN110875904A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Method for realizing attack processing, honeypot deployment method, honeypot deployment medium and honeypot deployment device |
| CN110475227A (en) * | 2019-07-26 | 2019-11-19 | 上海帆一尚行科技有限公司 | The method, apparatus of car networking protecting information safety, system, electronic equipment |
| CN110475227B (en) * | 2019-07-26 | 2022-03-22 | 上海帆一尚行科技有限公司 | Method, device and system for protecting information security of Internet of vehicles and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102685147B (en) | 2015-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102685147B (en) | Mobile communication honeypot capturing system and implementation method thereof | |
| CN101136801B (en) | Network fault detecting method | |
| CN113206814B (en) | Network event processing method and device and readable storage medium | |
| CN107094293A (en) | A kind of device and method for obtaining WiFi terminal real MAC address | |
| CN103167618B (en) | A kind of centralized base band resource pool management system based on RAN framework and method | |
| CN104320782A (en) | WiFi signal blocking system and method | |
| CN103369482B (en) | The equipment of a kind of mobile terminal short message supervision and method | |
| CN104683965A (en) | Interception method and equipment for spam short messages of pseudo base station | |
| CN104581731A (en) | Determining method and system for mobile phone terminal hijack process by pseudo base station | |
| CN105578440B (en) | The transmission method and device of instant messaging business heartbeat packet in LTE system | |
| CN109246690A (en) | Method for network access, device, storage medium and processor | |
| CN102523577B (en) | Application service update method and device | |
| CN101778364A (en) | System and method for discovering and governing behaviors of copying SIM cards of mobile phones by adopting forced login | |
| CN106973396A (en) | Capture systems and method under a kind of mobile phone black state | |
| CN104980509B (en) | The data transmission method without fixed public network IP based on wireless data transmission terminal | |
| CN103634365A (en) | Third party application platform in wireless access network and communication method thereof | |
| CN110087321B (en) | Method and device for triggering terminal session, computer equipment and storage medium | |
| CN101827359A (en) | System and method for discovering and handling illegally copied SIM cards | |
| CN112770263B (en) | Indoor Lora communication system and method | |
| CN108600969A (en) | A kind of method and system of LTE network lower-pilot short message and speech message | |
| CN109104718A (en) | A kind of switching method and system of mobile network | |
| CN112469028A (en) | Method for processing remote number changing by subscriber identification module | |
| GB2607915A (en) | A method and system for authenticating a base station | |
| CN108156607A (en) | Frequency priority information processing method and system and relevant device | |
| KR101253615B1 (en) | Security system on 3g wcdma networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150415 Termination date: 20180531 |