| 一种检测隐蔽扫描活动的模型 |
| |
| 引用本文: | 吴昊,蒋湘涛,王勇,刘刚常. 一种检测隐蔽扫描活动的模型[J]. 计算机工程, 2006, 32(24): 144-145 |
| |
| 作者姓名: | 吴昊 蒋湘涛 王勇 刘刚常 |
| |
| 作者单位: | 湖南大学计算机与通信学院,长沙,410082 |
| |
| 摘 要: | 针对现有隐蔽扫描检测技术的不足,提出了一种基于网络流量特征的端口扫描检测模型,它采用与大多数现有检测技术不同的方式,在检测过程中不仅基于单个报文,而且结合基于会话的方式,在去除掉各种干扰检测的“噪声”扫描活动后,检测慢扫描、分布式扫描等异常隐蔽的扫描活动。实验表明,该检测模型对检测各种隐蔽扫描活动具有较高的准确率和较低的漏报率。
|
| 关 键 词: | 端口扫描 噪声扫描 入侵检测 方差 |
| 文章编号: | 1000-3428(2006)24-0144-02 |
| 收稿时间: | 2005-11-30 |
| 修稿时间: | 2005-11-30 |
Model for Detecting Stealth-scan |
| |
| WU Hao,JIANG Xiangtao,WANG Yong,LIU Gangchang. Model for Detecting Stealth-scan[J]. Computer Engineering, 2006, 32(24): 144-145 |
| |
| Authors: | WU Hao JIANG Xiangtao WANG Yong LIU Gangchang |
| |
| Affiliation: | School of Computer and Communication, Hunan University, Changsha 410082 |
| |
| Abstract: | In view of existing stealth-scanning detection technology insufficiency, providing a new model based on characteristic of network’s traffic for detecting stealth-scan, it adopts a different way from most existing detection techniques. It not only checks packet individually, but also combines the way based on conversation, and removes various kinds of “noise” activity of scanning that interference detection to go. Primary experiment indicates that this detection model has higher rate of accuracy and lower rate of false negatives to various stealth-scan. |
| |
| Keywords: | Port scan Noise scan Intrusion detection Variance |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
