| 主动检测网络扫描技术 |
| |
| 引用本文: | 单蓉胜,李小勇,李建华.主动检测网络扫描技术[J].计算机工程,2003,29(19):8-10. |
| |
| 作者姓名: | 单蓉胜 李小勇 李建华 |
| |
| 作者单位: | 上海交通大学电子工程系,上海,200030 |
| |
| 基金项目: | 国家“863”计划基金资助项目(2001AA140214) |
| |
| 摘 要: | 提出一种基于TCP端口和标志位异常检测的主动检测扫描技术。通过主动学习被保护网络提供的服务端口和TCP标志字段的分布特征,判断出每个到达数据包的异常性,检测各种基于TCP的扫描行为包括慢扫描和隐蔽扫描等多种系统扫描行为。测试表明,主动扫描技术具有很高检测率和较低的误报警率。
|
| 关 键 词: | 端口扫描 异常检测 网络安全 |
| 文章编号: | 1000-3428(2003)19-0008-03 |
Technology of Active Detect Network Scanning |
| |
| SHAN Rongsheng,LI Xiaoyong,Li Jianhua.Technology of Active Detect Network Scanning[J].Computer Engineering,2003,29(19):8-10. |
| |
| Authors: | SHAN Rongsheng LI Xiaoyong Li Jianhua |
| |
| Abstract: | This paper presents a new method, which is active detect network scans, based on TCP's port and flag's anomaly detection. Through actively leam the distribution of ports and flags of TCP packets that arrive at the protected network, people can compute the anomaly score of each TCP packet to detect various TCP scans including slow scans and stealthy scans. The experiment results show that the new technique has a high detect-rate and a low false-negative. |
| |
| Keywords: | Port scan Anomaly detection Network security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
