期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于资源争夺特征的蜜罐检测方法 被引量:1

Honeypot Detection Method Based on Resource Contention Characteristics
原文传递
导出
摘要 针对现有蜜罐检测技术的特定性太强,通用性不足的缺点,通过研究分析不同蜜罐的工作原理,设计了一种基于资源争夺特征的蜜罐检测方法.它能够利用蜜罐之间普遍存在的资源争夺共性特征检测出各种不同的蜜罐系统,具有较好的通用性和准确性.通过设计并实施相应的实验方案,验证了这种方法的有效性. With the extensive use of the new proactive technologies--honeypots, a growing number of organiza- tions and individuals begin to study the honeypot detection technology. The honeypot detection is important to find the weakness of the honeypot and improve the honeypot technology. In this paper, we firstly study the currently available honeypot detection technology, and find that they are lack of universality. Apart from that, we propose a honeypot de- tection method based on resource contention characteristics which can detect a variety of honeypots. In addition, we perform an experiment to verify its effectiveness. At last, we point out the shortcomings and put forward the impro- ving direction of this detection method.
作者 郑晓芳 陈晶 陈建军 杜瑞颖 万志伟
机构地区 江西旅游商贸职业学院计算机学院 武汉大学计算机学院
出处 《武汉大学学报(理学版)》 CAS CSCD 北大核心 2013年第3期272-276,共5页 Journal of Wuhan University:Natural Science Edition
基金 国家自然科学基金项目(60903196 61272451) 国家重大专项(2010ZX03006-001-01) 江西省教育厅科研课题(GJJ10661)
关键词 蜜罐检测 资源争夺 共性特征 主动防御 honeypot detection resource contention common characteristics proactive defense
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Spitzner L. Honeypots (Definitions and Value of Hon- eypots) [ EB/OL]. [ 2012-02-03 ] http ://wwvc,. gov- ernmentsecurity, org/articles/zvhaPis-a-honeypot, ht- ml. 2007.
  • 2Parapets N. Anti-honeypot Technology[J]. IEEE Se- curity & Privacy,2008,2(1):76-79.
  • 3Frederick E E. Testing a Low-nteractionhoneypot Against Live Cyber Attackers [D]. Los Angeles: Uni-versity of California Los Angeles, 2011.
  • 4The Honey Project. Know Your Enemy-sebek[EB/ OL]. [2012 03-04]. http://www, honeynet, org/pa- pers/sebek, pd f . 2008-11.
  • 5朱一帅,吴礼发.基于Sebek的蜜罐识别机制研究[J].信息技术,2009,33(1):83-86. 被引量:7
  • 6Wang Ping, Wu Lei, Cunningham R,et al. Honeypot detection in advanced botnet attacks[J]. Information and Computer Security, 2010,1(4) :30 -51.
  • 7Lau B,Svajcer V. Measuring virtual machine detection in malware using DSD tracer[J]. Comput Viro, 2010, 6:181-195.
  • 8Robin S, Irvine C. Analysis of the Intel Pentium's ability to support a secure virtual machine monitor [C]//Proceedings of the 9th USENIX security Sym posium. Denver: USENIX Association,2009 : 187 -202.
  • 9Rutkowski J. Execution path analysis:Finding kernel based rootkits EB/OL]. E2012-03-04]. http://www. phrack, org/archievs/59/ p59 0:c13. 2008.
  • 10Smart M, Robert G, Jahanian F. Defeating TCP/IP stack Fingerprinting[ C]//Proceedings of the 9tt7 USENIX Security Symposium. Denver zUSENIX As sociation, 2011. 229-240.

二级参考文献12

  • 1KURT W.GNU/Linux编程指南[M].2版.张辉,译.北京:清华大学出版社,2005.
  • 2Niels Provos. A Virtual Honeypot Framework[ EB/OL]. http://www.citi. umich, edu/teehreports/reports/citi-tr-03-1, pdf, October 21,2003.
  • 3Lance Spitzner. Honeypots Definitions and Value of Honeypots [ EB/ OL]. http://www. tracking-hackers, com/, 2003.
  • 4Lance Spitzner. Honeypots Tracking Hackers [ J ]. Addison Wesley, 2002.
  • 5Neal Krawetz. Anti-Homeypot Technology[ J]. IEEE Security and privacy, 2004:76 - 79.
  • 6Thorsten Holz, Frederic Raynal. Defeating Honeypots: System Issues [EB/OL]. [2005 - 03 - 23]. http://www. securityfocus, com.
  • 7Thorsten Holz, Frederic Raynal Defeating Honeypots: Network Issues [EB/OL]. [2004 - 09]. http://www. securityfocus, com.
  • 8Domseif M, Holz T, Klein C. NoSEBrEak-Attacking Honeynets[C].Proceedings of 5th Annual IEEE information Assurance Workshop, 2004.
  • 9Raul Siles. Know Your Enemy: Sebek. A kernel based data capture tool[ EB/OL]. The Honeynet Project. November, 2003. http://www. honeynet, org/papers/sebek, pdf.
  • 10Sebek Homepage. The Honeynet Project[ EB/OL]. http://www. honeynet. org/tools/sebek/.

共引文献6

同被引文献3

引证文献1

二级引证文献2

武汉大学学报(理学版)
2013年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部