期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

模拟攻击测试方式的漏洞检测系统的设计与实现 被引量:4

Design and realization of vulnerability testing system by imitating attack
下载PDF
导出
摘要 扫描方式的漏洞检测工具往往因为无法得到目标系统的准确信息而无法准确判断目标系统的安全状况,而模拟攻击测试方法可以准确判断目标系统是否存在测试的漏洞。大部分新漏洞发布的同时也会发布相应的测试程序,但是测试程序参数的复杂多样造成了集成的困难,把参数分为DR(运行时决定的类型)、DL(运行时查表决定的类型)和DV(默认值参数)三种类型,利用XML在数据结构描述方面的灵活性解决了这个问题。介绍了一个利用XML描述测试程序接口参数的模拟攻击测试方式的漏洞检测系统。 Traditional network-based vulnerability scanners can't get very exact information of the target system, they can't identify all of the vulnerabilities in the target system. The way of imitating attack can test the vulnerability exactly. When most of the new vulnerabilities were put forward, the test programs of the vulnerabilities were given together, but the diversity of the parameters of the test program made it difficult to integrate all of the programs. The parameters were classified as DR, DL and DV, and then XML was used to describe the parameters, and a vulnerabilities testing system by imitating attack with XML describing parameters was implemented.
作者 杨阔朝 蒋凡
机构地区 中国科技大学计算机科学技术系
出处 《计算机应用》 CSCD 北大核心 2005年第7期1562-1564,1567,共4页 journal of Computer Applications
关键词 漏洞测试 模拟攻击 XML vulnerability testing imitating attack XML
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1ANDRESS M. Network vulnerability assessment management[EB/OL]. http://www. nwfusion. com/reviews/2004/110804rev. html.Network World, 2004 -08 - 11.
  • 2FRRMER D, VENEMA W. Improving the Security of Your Site by Breaking Into it [ EB/OL].http://www. porcupine. org/satan/admin-guide-to-cracking. html, 1993 - 12.
  • 3SATAN[EB/OL]. http://www.porcupine. org/satan/, 2004 -06.
  • 4LAYTON SR TP. Penetration Studies - A Technical Overview[EB/OL]. http://rr. sans. org/, 2002 - 05.
  • 5SARA[ EB/OL]. http://www-arc.com/sara/, 2004 -09.
  • 6Nmap[ EB/OL]. http://www. insecure.org, 2004 -06.
  • 7.Samba服务器call—trans20pen远程缓冲区溢出漏洞[EB/OL].http://www.nsfoeus. net/index. php?act = sec-bug&do = view&bugid =4652&keyword = Samba,2004-06.
  • 8.QPopper4.0.xQvsnprintf远程缓冲区溢出漏洞[EB/OL].http://www. nsfocus. net/index. php?act = sec-bug&do = view&bug-id = 4530&keyword = qpopper,2004-06.
  • 9.Sadmind漏洞[EB/OL].http://www. nsfocus. net/index.php?act =sec-bug&do = view&bug-id =5404&keyword = sadmind,2004-06.
  • 10CVE Homepage[ EB/OL]. http://cve. mitre. org/, 2004 -09.

同被引文献15

  • 1桂春梅,钟求喜,王怀民.基于UML的防火墙和入侵检测联动模型的研究[J].计算机工程与科学,2004,26(11):22-25. 被引量:10
  • 2方杰,许峰,黄皓.一种优化入侵检测系统的方案[J].计算机应用,2005,25(1):147-149. 被引量:12
  • 3赵现军,董明武.漏洞检测类产品核心指标浅析[J].网络安全技术与应用,2006(11):51-52. 被引量:2
  • 4杨柳,李祥和,田根业.防火墙与入侵检测的联动及其改进[J].信息工程大学学报,2007,8(3):364-367. 被引量:2
  • 5S F Bush,A B Kulkarri.Active Networks and Active Virtual Network Management Prediction:A Proactive Management Framework[M].[s.1.]:Kluwer Academic/Plenum Publishers,2001
  • 6D L Tennenhouse,J M Smith,W D Sineoskie,et al.A Survey of Active Networks Research[J].IEEE Communication Magazine,1997,35(1):80 -86.
  • 7V Galtier,K L Mills,Y Carlinet,et al.Expressing Meaningful Processing Requirements Among Heterogeneous Nodes in an Active Network[A].Proc 2nd int1 Workshop on Software and Performance[C].2000.
  • 8A B Kulkarni,G J Minden,R Hill,et al.Implementation of a Prototype Active Network[A].Proc OPENARCH98[C].1998.
  • 9M T Rose.The Simple Book:An Introduction to the Management of TCP/IP Based Internet[M].[s.1.]:Prentice-Hall,1997.
  • 10Y carlinet,V Galtier,K Mills,et al.Calibrating an Active Network Node[A].Proc 2nd Int1 Workshop on Active Middleware Services[C].2000.

引证文献4

二级引证文献9

计算机应用
2005年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部