摘要
针对原有安全策略的被动局面和入侵检测系统的弱点,设计并实现了honeypot扫描检测系统,将主动防御的honeypot技术和被动防御的入侵检测相结合,设计了检测慢扫描的二维链表结构,引入了事件机制,并对已有的扫描检测方法进行了分析和改进,成为一种新的方法应用于现在的系统中。测试结果表明,该系统具有扫描预警,检测慢扫描和未知攻击的能力,误报率和漏报率都很低。
Computer security has been focused on passive defense strategies and intrusion detection system has its own security vulnerability. This paper designs and implements honeypot scan detection system, combines the active defense honeypot with passive defense intrusion detection, introduces a new 2-dimension link structure for slow scan and new event mechanism in the system, and solves some weaknesses in known techniques. The tests on this system in a typical network environment show that the system can provide early warning about scan, detecting slow scan and some new, attacks and has very low false positives and false negatives.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2006年第1期174-176,共3页
Computer Engineering
基金
国家"863"计划基金资助项目(2002AA142010)
国家自然科学基金资助项目(90412007)