基于蜜罐的入侵检测

针对计算机入侵检测技术中存在的检测率低而误报率、漏报率高的问题，提出了基于蜜罐的入侵检测系统模型。该模型将在被保护的网络系统上对流经的同络数据包进行实时监控，分析蜜罐检测到的入侵数据，提取特征属性并生成规则导入到八侵检测系统，实现了入侵检测技术、蜜罐技术与防火墙技术的联动，达到动态更新入侵检测系统规则，提高检测率的目的。实验结果表明，该系统模型不仅可以保护网络和主机不受已有攻击的威胁，还可以检测出未知的攻击，达到了预期效果。

For the problems of the low detection rate and high false negative rate and false positive in computer intrusion detection technology,this article puts forward an model- Intrusion Detection based on Honeypot. The model will be on the protected network system through the network packets in real-time monitoring,analysis honeypot intrusion detection to the data,extract features and generate rules of property imported into the intrusion detection system,and intrusion detection,honeypet Linkage with firewal） technology,）ntrusion detect）on system to dynamically update the rules to improve the detect）on rate goal.Expermental results show that the system model can not only protect the network and host from existing attacks,can detect unknown attacks,achieved the expected results.