摘要
针对当前防火墙和入侵检测系统不能够对未知攻击作出有效的判断,而造成信息误报和漏报的问题,提出了一种蜜罐系统结构,通过过滤掉已知攻击,在系统调用层,采用攻击签名机制,实现对未知攻击的检测和分析。
The current firewaU and intrusion detection system cannot effectively discern the unknown attacks, so it leads to false positives and negatives for the information. Therefore, a kind of honeypot system was proposed, by attack signature mechanism for detecting and analyzing unknown network attacks in system call level.
出处
《计算机应用》
CSCD
北大核心
2006年第10期2336-2337,共2页
journal of Computer Applications
基金
国防科工委国防基础科研项目(S0500B003)
关键词
蜜罐
入侵检测
未知攻击
代理
攻击签名
Honeypot
intrustion detection
unknown attack
proxy
attack signature
