| 基于网络/主机副本法的诱骗系统的研究与实现 |
| |
| 引用本文: | 赖海明,张建忠. 基于网络/主机副本法的诱骗系统的研究与实现[J]. 计算机工程与设计, 2007, 28(9): 2008-2011 |
| |
| 作者姓名: | 赖海明 张建忠 |
| |
| 作者单位: | 南开大学计算机科学与技术系,天津,300071;南开大学计算机科学与技术系,天津,300071 |
| |
| 基金项目: | E-mail:laihaiming2000@hotmail.com |
| |
| 摘 要: | 分析比较了现有的网络诱骗技术及其优缺点,在采用网络/主机副本方案的基础上,提出了一种基于Limux动态进程共享库注射的数据捕获方法.系统主要分为诱骗客户端和服务器两个部分,客户端主要负责数据捕获和数据发送,服务器端将获得的数据存储并分类显示,显示方式包括命令行和图形界面.系统还采用了用户态-内核态通信、内核态发包、内核模块隐藏等技术.
|
| 关 键 词: | 网络/主机副本 网络诱骗 共享库注射 内核模块 netlink套接字 |
| 文章编号: | 1000-7024(2007)09-2008-04 |
| 修稿时间: | 2006-04-23 |
Research and implement of network deception system based on network/host copy |
| |
| LAI Hai-ming,ZHANG Jian-zhong. Research and implement of network deception system based on network/host copy[J]. Computer Engineering and Design, 2007, 28(9): 2008-2011 |
| |
| Authors: | LAI Hai-ming ZHANG Jian-zhong |
| |
| Affiliation: | Department of Computer Science and Technology, Nankai University, Tianjin 300071, China |
| |
| Abstract: | Current network deception technologies are analyzed and compared. On the basis of adopting network/host copy scheme, a kind of data captured method based on Linux dynamic process shared library injection is proposed. This system is divided into deception client and server. The client is responsible for capturing and sending data; the server will store and display them either on command line or on graphic UI. This system also adopts some technologies such as communications between user space and kernel space, sending package from kernel mode, kernel module hiding, etc. |
| |
| Keywords: | network/host copy network deception shared library injection kernel module neflink socket |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
