| Honeypot扫描检测系统的设计与实现 |
| |
| 引用本文: | 尹春梅,李明楚,马剑波.Honeypot扫描检测系统的设计与实现[J].计算机工程,2006,32(1):174-176. |
| |
| 作者姓名: | 尹春梅 李明楚 马剑波 |
| |
| 作者单位: | 天津大学电信学院计算机系,天津,300072 |
| |
| 基金项目: | 国家科技攻关项目;中国科学院资助项目 |
| |
| 摘 要: | 针对原有安全策略的被动局面和入侵检测系统的弱点,没计并实现了honeypot扫描检测系统,将主动防御的honeypot技术和被动防御的入侵检测相结合,设计了检测慢扫描的二维链表结构,引入了事件机制,并对已有的扫描检测方法进行了分析和改进,成为一种新的方法应用于现在的系统中。测试结果表明,该系统具有扫描预警,检测慢扫描和未知攻击的能力,误报率和漏报率都很低。
|
| 关 键 词: | 端口扫描 入侵检测系统 慢扫描 |
| 文章编号: | 10001-3428(2006)01-0174-03 |
| 收稿时间: | 2005-03-02 |
| 修稿时间: | 2005-03-02 |
Design and Implementation of Honeypot Scan Detection System |
| |
| YIN Chunmei,LI Mingchu,MA Jianbo.Design and Implementation of Honeypot Scan Detection System[J].Computer Engineering,2006,32(1):174-176. |
| |
| Authors: | YIN Chunmei LI Mingchu MA Jianbo |
| |
| Affiliation: | Department of Computer Science and Technology, School of Electronic Information Engineering, Tianjin University, Tianjin 300072 |
| |
| Abstract: | Computer security has been focused on passive defense strategies and intrusion detection system has its own security vulnerability. This paper designs and implements honeypot scan detection system, combines the active defense honeypot with passive defense intrusion detection, introduces a new 2-dimension link structure for slow scan and new event mechanism in the system, and solves some weaknesses in known techniques. The tests on this system in a typical network environment show that the system can provide early warning about scan, detecting slow scan and some new, attacks and has very low false positives and false negatives. |
| |
| Keywords: | Honeypot |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
