摘要
针对现有网络安全工具在入侵检测以及防护等方面的不足,提出了一个基于代理的分布式Honeynet模型DHMBA,并对其进行了形式化描述和分析。以此为基础设计和实现了基于DHMBA的分布式网络陷阱系统DHSBD。该系统通过分布在各子网中模拟网络的代理,将攻击重定向到伪装服务中,集中分析和监控攻击行为,扩大了系统的检测视野,降低了蜜罐引入的安全风险和部署维护的代价,减小了产品网络被攻击的概率,能有效地提高大规模网络的整体安全性。
Aimed to the shortcoming of the intrusion detection and prectection, a novel model DHMBA (distributed Honeynet model based on Agent) is presented. DHMBA is introduced and analyzed using formal. Based on DHMBA model, a prototype system DHSBD (distributed Honeynet system based on DHMBA) is designed and implemented. The access to redirector Agent that simulates virtual networks for remote surveillance of the unused address space are redirected to disguise Service that is a aggregation of Honeypots offering simulative or real services. The system permits for recording and analyzing the intruder' s activities and using the results to take administrative actions toward protecting the network. The detection scope is expanded and the potential risk of Honeypots and cost of the deployment and maintenance are reduced. It is able to reduce the probability of attacks on production computers and improve effectively entire safety of the network.
出处
《计算机工程与设计》
CSCD
北大核心
2008年第21期5427-5429,5460,共4页
Computer Engineering and Design
基金
国家自然科学基金项目(60603062)
公安部应用创新基金项目(2005YYCXHNST095号)
湖南省教育厅资助科研基金项目(07C718)
湖南省自然科学基金项目(06JJ3035)
湖南省高等学校科学研究优秀青年基金项目(07B017)
关键词
蜜罐
蜜网
入侵检测
取证
预警
Honeypot
Honeynet
intrusion detection
computer forensics
early detection
