摘要
提出了一种Windows环境下网络分流诱捕系统的设计和实现方法。它根据IDS规则库,利用Windows DDK网络驱动NDIS中间层技术实现网络流量的过滤和分流,为Honeypot收集大量非法流量,提高了Honeypot的效率,同时阻隔面向真实服务器的攻击流量,保护了真实服务器。
A traffic-analysis-based honeypot for Windows system is designed and implemented, Based on the library of IDS roles, the network driver of Windows DDK and NDIS middle-ware technology are used to realize filtering and diversion of network flow. This mechanism diverts the unauthorized flow from reaching the real server. In the meantime, it collects a vast amount of "hacking techniques" from the unauthorized flow to continuously adapt the system to the various "hacking techniques", It improves the efficiency of Honeypot and protects the real servers.
出处
《计算机工程》
CAS
CSCD
北大核心
2007年第2期136-138,共3页
Computer Engineering
基金
国家自然科学基金资助项目(60303026)