摘要
针对现有端口扫描方法存在的缺陷,提出一种端口扫描检测的新方法。该方法充分利用受保护网段内各主机的特征,对可疑事件进行关联分析,不但可以检测现有工具都可以检测的扫描,而且对慢速扫描的检测也非常有效。
A new portscan detection method is presented to overcome the existing defects of current portscan metrods. In this method, the hosts' features in the protected network are fully used to conduct the associate analysis to all the suspicious events. This method can detect all the scans that are detected by current techniques,and is quite efficient in slow scan detect.
出处
《广西科学院学报》
2005年第4期247-248,251,共3页
Journal of Guangxi Academy of Sciences
基金
广西留学回国人员科学基金(桂科回0342001)
广西科技攻关项目(桂科攻033008-9)联合资助
关键词
端口扫描
检测
慢速
异常值
分析器
portscan, detection, slow speed, abnormity value, analyzer
