|
|||||
|
|
| 自适应分布式端口扫描检测方法 | |
| 引用本文: | 刘庭华,宋华,戴一奇. 自适应分布式端口扫描检测方法[J]. 计算机工程与设计, 2006, 27(9): 1521-1523 |
| 作者姓名: | 刘庭华 宋华 戴一奇 |
| 作者单位: | 清华大学,计算机科学与技术系,北京,100084;清华大学,计算机科学与技术系,北京,100084;清华大学,计算机科学与技术系,北京,100084 |
| 摘 要: | 简要介绍了端口扫描技术及其检测技术,设计并实现了一种自适应的分布式端口扫描检测方法.该方法通过对异常包的检测及分类计算异常值的总和,并结合网络流量,设定动态阈值,然后判断出扫描.这种方法能有效地检测到慢速扫描、随机化扫描和分布式扫描,并能检测出分布式拒绝服务(DD0S)攻击. |
| 关 键 词: | 端口扫描 端口扫描检测 分布式端口扫描检测 异常包 分布式拒绝服务 |
| 文章编号: | 1000-7024(2006)09-1521-03 |
| 收稿时间: | 2005-04-16 |
| 修稿时间: | 2005-04-16 |
Self-adaptive distributed detection method of port scan |
|
| LIU Ting-hua,SONG Hua,DAI Yi-qi. Self-adaptive distributed detection method of port scan[J]. Computer Engineering and Design, 2006, 27(9): 1521-1523 | |
| Authors: | LIU Ting-hua SONG Hua DAI Yi-qi |
| Affiliation: | Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China |
| Abstract: | Techniques of the port scan and its detection were introduced briefly.A new self-adaptive distributed detection method of port scan wasdesigned and implemented.By detecting anomalous packets and calculating the class's anomalysum value,it sets adynamic threshold combined with the network traffic,and then judges whether that is a scan.This method could detect slow scans,random scans and distributed scans effectively.And it could detect DDoS(distributed denial of service) attacks as well. |
| Keywords: | port scan port scan detection distributed detection ofport scan anomalous packet distributeddenial of service(DDoS) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! | |