蜜罐技术是一种欺骗入侵者以达到采集黑客攻击方法和保护真实主机目标的诱骗技术,它的核心价值在于被探测、被攻击或者被威胁,以此达到对这些攻击活动的检测与分析,从而了解攻击者的目的、攻击手段甚至于心理习惯,最终实现从观察攻击者的行为中学习到深层次的信息保护的方法。在蜜罐技术的应用过程中,最为关键的一点就是蜜罐系统对攻击者所具有的迷惑性。从蜜罐系统特有的系统特征、硬件特征以及网络特征出发,分析各种蜜罐系统或者虚拟机系统中可能存在的一些可识别的特性,提出一些识别方案并针对部分方法进行了编程识别,希望能够引起安全行业的重视,能够推动蜜罐技术的发展。 Honeypot technology is a trick to deceive the intruder in order to capture hacker attacks and protect the real target of the deceptive technology, its core value is to be detected, attacked or threatened in order to achieve detection and analysis of these attacks, So as to understand the purpose of the attacker, the means of attack and even the psychological habit. Finally, the method of learning the deep information protection from the observation of the attacker’s behavior is realized. The most crucial point in the application of honeypot technology is the confusion that honeypot systems have on attackers. Based on the unique system features, hardware features and network characteristics of honeysuckle system, this paper analyzes some possible identifiable features of honeypots and virtual machine systems, proposes some identification schemes and identifies some of the methods, and hopes Can cause safety industry attention, can promote the development of honeypot technology.