蜜罐系统在入侵检测系统中的研究与设计

介绍了入侵检测系统以及它的固有缺点，给出了蜜罐系统(Honeypot)的定义、工作方式。着重介绍它相对于入侵检测中系统固有缺点的价值以及蜜罐系统的实现模型和关键技术。该技术能够简单、高效地检测入侵行为以及对入侵过程进行记录和监控。     

基于Honeypot的网络入侵行为捕获

NIDS在检测网络入侵行为时面临的难题是错报、漏报和数据整合,Honeypot很好地解决了这几个问题,是NIDS的有益补充。论文分析探讨了基于Honeypot的网络入侵行为检测、捕获、预警的相关技术,在此基础上给出一个基于Honeypot的网络入侵行为捕获模型。实验证明了这个模型在捕获网络入侵行为过程中的有效性和适用性。     

浅析网络安全中入侵诱骗技术Honeypot系统的应用

文章对入侵诱骗技术进行了简要的介绍,对Honeypot系统从分类、优缺点、设计原则、设计方法等方面进行了论述,并对设计的Honeypot系统进行了具体网络的应用。     

网络入侵检测技术研究(上)

入侵检测是近几年发展起来的新型网络安全策略。它实现了网络系统安全的动态检测和监控。文章介绍了入侵检测系统的体系结构和检测方法，指出了入侵检测系统应具有的功能以及入侵检测系统的分类，分析了现有的入侵检测技术以及多种检测技术在入侵检测系统中的应用。     

网络入侵检测技术研究(下)

入侵检测是近几年发展起来的新型网络安全策略，它实现了网络系统安全的动态检测和监控。文章介绍了入侵检测系统的体系结构和检测方法，指出了入侵检测系统应具有的功能以及入侵检测系统的分类，分析了现有的入侵检测技术以及多种检测技术在入侵检测系统中的应用。     

基于数据挖掘和蜜罐的新型入侵检测系统研究

文中对基于数据挖掘和蜜罐技术的新型入侵检测系统进行了研究。简单介绍了入侵检测系统和蜜罐技术的概念及优缺点,及入侵检测系统和蜜罐系统的互补性。进而提出将其两者相结合的方案,分析其模型,并将数据挖掘技术融入其中,构成新型的入侵检测系统。该系统提高了蜜罐系统对资源的保护及对攻击数据的分析能力,有效的增强了入侵检测系统的防护能力。     

基于网络数据安全的入侵检测系统分析

基于网络数据的安全性,论述了入侵检测系统的基本概念。针对目前入侵检测系统中存在的问题,提出了两种新型的入侵检测系统的结构模型。     

基于规则的蜜罐脚本动态调用

如今互联网呈现出一种爆炸式发展的态势,与此同时互联网上的各种黑客攻击和病毒也泛滥开来。蜜罐技术（Honeypot）是一种对抗病毒的技术手段,它会主动吸引黑客和病毒的攻击,利用脚本虚拟出的主机服务与黑客和病毒交互。传统的蜜罐脚本调用需要修改蜜罐的配置文件,手动静态添加对应的脚本名。基于入侵检测系统规则的动态调用蜜罐脚本的方法无需手动配置,它可以自动识别攻击类型,根据不同的攻击调用不同的脚本,最后更新规则库。     

入侵检测技术的研究

入侵检测系统用于检测对计算机系统和网络的攻击。作为一种新型的信息系统安全机制,通过监控这些信息系统的使用情况,来检测信息系统的用户越权使用以及系统外部的入侵者利用系统的安全缺陷对系统进行入侵的企图。本文首先分析了入侵检测系统的主要模型及其实现技术,然后,对网络环境下基于代理机制的入侵检测模型及其主要实现技术进行了讨论。     

IDS——网络安全技术的新亮点

入侵检测系统是近年在国内出现的新型网络安全技术,但在国外,它却早已作为一个重要的安全技术在不断更新和完善,它之所以重要就是因为它可以弥补防火墙的不足,为网络安全提供实时的入侵检测及采取相应的防护手段,如记录证据用于跟踪和恢复、断开网络连接等。     

基于蜜罐技术的网络入侵研究

蜜罐是近几年发展起来的一种主动防御安全技术。文章首先综述了当前网络安全技术的应用和不足,分析了蜜罐技术的研究现状。提出了一个SNIBH入侵检测模型,设计并实现了数据捕获及分析等基本功能。分析收集的入侵者信息,从中提取入侵特征,以便提高入侵检测能力,使被动防御体系向主动的防御系统转化。     

入侵诱骗模型的建立与应用

网络攻击和入侵事件不断发生 ,给人们造成了巨大的损失 ,网络安全问题越来越来成为社会关注的热点。HoneyPot系统就是入侵诱骗技术中的一种 ,在网络安全中起着主动防御的作用。本文在分析了它的实现方式技术基础上 ,形式化的定义了入侵诱骗系统 ,提出了入侵诱骗的体系结构 ,并给出了一个入侵诱骗系统的实现模型。     

An Intrusion Detection System Model Based on Immune Principle and Performance Analysis

1　Introduction　 With the rapid development of Internet, network securityhas gotten the increasing focus of government, enterprise,even the individuals. But with the continuously spread ofnetwork application, attacks and destroys aiming at it in crease steadily also. Intrusion detection is a kind of networksecurity technique to detect any damage or attempt to tamperthe secrecy, integrality and usability of system. IntrusionDetection System (IDS) is an automated system for t…     

How to hook worms [computer network security]

This paper discusses the use of intrusion detection systems to protect against the various threats faced by computer systems by way of worms, viruses and other forms of attacks. Intrusion detection systems attempt to detect things that are wrong in a computer network or system. The main problems of these systems, however, are the many false alarms they produce, their lack of resistance to both malicious attacks and accidental failures, and the constant appearance of new attacks and vulnerabilities. IBM Zurich Research Laboratory has developed a system that specifically targets worms rather than trying to prevent all breaches of computer security. Called Billy Goat, the specialized worm detection system runs on a dedicated machine connected to the network and detects worm-infected machines anywhere in it. Billy Goat has been proven effective at detecting worm-infected machines in a network. It is currently used in several large corporate intranets, and it is normally able to detect infected machines within seconds of their becoming infected. Furthermore, not only is it able to detect the presence of a worm in the network, it can even provide the addresses of the infected machines. This makes it considerably easier to remedy the problem.     

基于数据挖掘技术的入侵检测系统

设计一个基于教据挖掘技术的入侵检测系统模型.该模型针对现有入侵检测系统在处理大量数据时,挖掘速度慢.自适应能力差的缺点.引入数据挖掘技术使其能从大量数据中发现入侵特征和模式.介绍其核心模块工作流程.实验结果表明该模型不仅能有效提高系统的检测速度,降低误报率,同时还能有效检测新的入侵行为.     

Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks

Nowadays, a commonly used wireless network (i.e., Wi-Fi) operates with the aid of a fixed infrastructure (i.e., an access point) to facilitate communication between nodes. The need for such a fixed supporting infrastructure limits the adaptability and usability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. Recent advancements in computer network introduced a new wireless network, known as a mobile ad hoc network (MANET), to overcome the limitations. Often referred as a peer to peer network, the network does not have any fixed topology, and through its multi hop routing facility, each node can function as a router, thus communication between nodes becomes available without the need of a supporting fixed router or an access point. However, these useful facilities come with big challenges, particularly with respect to providing security. A comprehensive analysis of attacks and existing security measures suggested that MANET are not immune to a colluding blackmail because such a network comprises autonomous and anonymous nodes. This paper addresses MANET security issues by proposing a novel intrusion detection system based upon a friendship concept, which could be used to complement existing prevention mechanisms that have been proposed to secure MANETs. Results obtained from the experiments proved that the proposed concepts are capable of minimising the problem currently faced in MANET intrusion detection system (IDS). Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in intrusion detection and response mechanisms can be eliminated.     

可回卷的自动入侵响应系统

本文描述了入侵响应回卷的形式化方法及其实现,然后建立了一个可回卷的自动入侵响应系统模型.该系统在检测到误报或入侵停止的情况下,采取响应回卷动作,从而消除了响应带来的负面影响,即响应代价.试验证明,响应回卷技术能较好地降低响应代价,从而以较低的代价换取相同的安全目标.     

基于模式匹配的告警关联

告警关联技术是入侵检测领域中一个新的发展方向，它对解决目前入侵检测系统存在的告警数量大、告警信息含量少、虚警数量大等问题具有十分重要的意义。文章介绍了在我们设计开发的分布式协同入侵检测系统（DACIDS）中通过对入侵行为模式的匹配而进行告警关联的方法。入侵行为模式是定义在时问基础上的一组谓词公式，其实质是通过时间限制联系在一起的入侵事件的集合。该方法在对大量告警进行关联的同时，对虚警的处理尤为有效。     

Novel intrusion prediction mechanism based on honeypot log similarity

The current network‐based intrusion detection systems have a very high rate of false alarms, and this phenomena results in significant efforts to gauge the threat level of the anomalous traffic. In this paper, we propose an intrusion detection mechanism based on honeypot log similarity analysis and data mining techniques to predict and block suspicious flows before attacks occur. With honeypot logs and association rule mining, our approach can reduce the false alarm problem of intrusion detection because only suspicious traffic would be present in the honeypots. The proposed mechanism can reduce human effort, and the entire system can operate automatically. The results of our experiments indicate that the honeypot prediction system is practical for protecting assets from attacks or misuse.