人工智能驱动的智能蜜罐体系架构与关键技术研究
Research on the Architecture and Key Technologies of AI-Driven Smart Honeypot Systems
DOI: 10.12677/airr.2026.152039, PDF,   
作者: 闫 彬:永信至诚科技集团股份有限公司,北京;陈一洋:北京五一嘉峪科技有限公司,北京
关键词: 人工智能智能蜜罐ATT&CK框架威胁分析主动防御Artificial Intelligence Intelligent Honeypot ATT&CK Framework Threat Analysis Active Defense
摘要: 为了提升蜜罐系统应对高级持续性威胁的智能化水平,本文构建了一种人工智能驱动的智能蜜罐体系架构,研究内容涵盖蜜网场景智能生成、蜜网运维智能响应、威胁数据智能分析推理与溯源等关键技术方向,方法上结合大语言模型、图神经网络与强化学习技术,并引入ATT&CK框架对攻击行为进行建模。研究结果表明,该架构可显著增强蜜罐系统的拟真性、自主响应能力与威胁识别效率。研究具有推动蜜罐从被动诱导向主动智能演进的现实意义,为网络空间主动防御提供了技术支撑与理论依据。
Abstract: To enhance the intelligence of honeypot systems in countering advanced persistent threats, this paper constructs an AI-driven intelligent honeypot architecture. The research covers key technical directions such as intelligent generation of honeynet scenarios, intelligent operational response of honeynets, intelligent analysis and reasoning of threat data, and traceability. Methodologically, it integrates large language models, graph neural networks, and reinforcement learning techniques, while introducing the ATT&CK framework to model attack behaviors. The results demonstrate that this architecture significantly improves the realism, autonomous response capability, and threat identification efficiency of honeypot systems. The study holds practical significance in advancing honeypots from passive detection to active intelligence, providing technical support and theoretical foundations for proactive cyber defense.
文章引用:闫彬, 陈一洋. 人工智能驱动的智能蜜罐体系架构与关键技术研究[J]. 人工智能与机器人研究, 2026, 15(2): 403-410. https://doi.org/10.12677/airr.2026.152039

参考文献

[1] Ding, W., Zhang, Z., Martínez, L., Huang, Y., Cao, Z., Liu, J., et al. (2025) New Trends of Adversarial Machine Learning for Data Fusion and Intelligent System. Information Fusion, 114, Article 102683. [Google Scholar] [CrossRef
[2] Song, W., Frakes, D. and Dasi, L.P. (2024) Active Machine Learning for Pre-Procedural Prediction of Time-Varying Boundary Condition after Fontan Procedure Using Generative Adversarial Networks. Annals of Biomedical Engineering, 53, 217-229. [Google Scholar] [CrossRef] [PubMed]
[3] Sayed, A., Alshathri, S. and Hemdan, E.E. (2024) Conditional Generative Adversarial Networks with Optimized Machine Learning for Fault Detection of Triplex Pump in Industrial Digital Twin. Processes, 12, Article 2357. [Google Scholar] [CrossRef
[4] Vadillo, J., Santana, R. and Lozano, J.A. (2024) Adversarial Attacks in Explainable Machine Learning: A Survey of Threats against Models and Humans. WIREs Data Mining and Knowledge Discovery, 15, e1567. [Google Scholar] [CrossRef
[5] Hong, J., Kim, H., Oh, S., Im, Y., Jeong, H., Kim, H., et al. (2024) Combating Phishing and Script-Based Attacks: A Novel Machine Learning Framework for Improved Client-Side Security. The Journal of Supercomputing, 81, Article No. 69. [Google Scholar] [CrossRef
[6] Li, G., Shao, X., Wang, P., Ma, X., Li, H. and Ye, H. (2024) Anti-Machine-Learning-Attack Strong PUF Design Based on Multi-Path Delay Selection Strategy. Microelectronics Journal, 153, Article 106434. [Google Scholar] [CrossRef
[7] Kumar, P., Yadav, P. and Singh, V. (2024) Exploring Steel Fiber Integration in Dry Lean Concrete: Predictive Analysis of Compressive Strength and Performance via Machine Learning. Asian Journal of Civil Engineering, 26, 263-271. [Google Scholar] [CrossRef
[8] Kotenko, I.V., Saenko, I.B., Lauta, O.S., Vasilev, N.A. and Sadovnikov, V.E. (2024) Approach to Detecting Attacks against Machine Learning Systems with a Generative Adversarial Network. Pattern Recognition and Image Analysis, 34, 589-596. [Google Scholar] [CrossRef
[9] 李华瑞, 李文博, 李铮, 等. 基于生成对抗网络与度量学习的数据驱动频率安全评估[J]. 电力系统保护与控制, 2024, 52(18): 101-111.
[10] 张涛. 基于对抗机器学习的工业控制网络欺骗攻击行为检测系统设计[J]. 计算机测量与控制, 2024, 32(10): 298-304.
[11] 张翼, 程小曼, 管冬平. 基于对抗机器学习的网络入侵特征选择研究[J]. 电子设计工程, 2024, 32(18): 173-176+181.
[12] 林巍, 廖丽娟. 基于连续扰动生成方法的可持续对抗训练(英文) [J]. 信息技术与电子工程前沿, 2024, 25(4): 527-540.
[13] 冯光升, 蒋舜鹏, 胡先浪, 等. 面向物联网的入侵检测技术研究新进展[J]. 信息网络安全, 2024, 24(2): 167-178.
[14] 潘宇恒, 廖思贤, 杨朝俊, 等. 面向网络入侵检测的对抗攻击系统[J]. 电脑知识与技术, 2024, 20(4): 100-102.
[15] Prathapani, A., Santhanam, L. and Agrawal, D.P. (2013) Detection of Blackhole Attack in a Wireless Mesh Network Using Intelligent Honeypot Agents. The Journal of Supercomputing, 64, 777-804. [Google Scholar] [CrossRef
[16] 杨文焕, 武辉林, 王云丽, 等. 一种基于蜜罐的智能防御系统设计与应用[J]. 科技风, 2024(24): 1-3.
[17] 卜钰. 浅析工业蜜罐技术在工业互联网场景下应用[J]. 自动化博览, 2023, 40(8): 36-39.
[18] 冀甜甜, 方滨兴, 崔翔, 等. CADetector: 跨家族的各项异性合约蜜罐检测[J]. 计算机学报, 2022, 45(4): 877-895.
[19] 孙利民, 潘志文, 吕世超, 等. 智能制造场景下工业互联网安全风险与对策[J]. 信息通信技术与政策, 2021, 47(8): 24-29.
[20] 游建舟, 吕世超, 孙玉砚, 等. 物联网蜜罐综述[J]. 信息安全学报, 2020, 5(4): 138-156.

为你推荐