基于蜜罐技术的网络入侵检测系统协作模型的研究与实现

Research and Implement Based on Cooperation Model of Honeypot and Intrusion Detection System

针对当前互联网中传统的入侵检测系统无法对未知攻击作出有效判断,而造成信息误报和漏报的问题,从入侵检测和蜜罐的基本特点出发,提出了一种基于蜜罐技术的网络入侵检测系统协作模型,通过引诱黑客入侵,记录入侵过程,研究攻击者所使用的工具、攻击策略和方法等,提取出新的入侵规则,并实时添加到IDS规则库中,以提高IDS检测和识别未知攻击的能力,进一步提升网络的安全性能.

For the current internet,the traditional intrusion detection system can＇t judge an unknown attacker effectively,which leads to false positive or failure to report the information. From the intrusion detection and the basic characteristics of honeypot,a cooperation model of network intrusion detection system based on honeypot technology is put forward.By luring hackers＇ intrusion,the invasion process is recorded,and the tools,attack strategies and methods used by the attacker are researched to extract the invasion of new rules which are real-time added to the IDS rule base in order to improve IDS detection and identification of unknown attack capabilities and farther enhance network security.