摘要
面对越来越严重的网络安全问题,以隔断恶意主机的危害为目的,分析了目前恶意主机隔离方法的不足,提出并实现了一种支持联动的局域网主机隔离系统。该隔离系统通过与管理端和已授权的检测设备联动,得到要隔离的恶意主机IP,采用ARP伪装技术,阻断恶意主机与网关的通信,阻止危害向外扩散,从而达到隔离恶意主机的目的。实验结果表明,该系统隔离效果好,对局域网影响小。
Faced with increasingly serious issue of network security, focus on cutting offthe malicious host' s harm, to overcome the shortcomings of malicious host isolation technologies, a hosts quarantine system with cooperation support in LAN is proposed and implemented to quarantine local malicious hosts. The quarantine system can cooperate with the manager and the detection devices who is authorized. When obtaining the malicious host' s IPs, the quarantine system will immediately break up the communication between malicious hosts and the gateway using ARP masquerade technology. Thus the spreading of harm from the LAN to the outside network will be prevented. The results show that the quarantine effect is obvious and the quarantine system makes a minor impact on the LAN.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第18期4163-4166,4171,共5页
Computer Engineering and Design
基金
湖北省自然科学基金项目(2006ABA039)
湖北省教育厅科学研究计划基金项目(D200623002)
关键词
恶意主机
联动
ARP伪装
主机隔离
检测设备
malicious host
cooperation
ARP masquerade
hosts quarantine
detection devices