摘要
针对传统被动网络防御技术存在的攻击识别准确率低、误判率高、特征提取效率低等问题,提出了基于虚拟蜜罐的攻击特征提取方法和防御策略。在本地服务器网络中布置多个蜜罐,形成具有完整拓扑结构的防御密网,以提高对攻击数据样本的捕获能力;对网络攻击序列的特征提取,采用字符串全局联配方法判断攻击数据的性质和类别;为了提高特征提取效率,基于层级式比对方法提升算法的效率。实验结果表明,针对不同的攻击类型,密网技术可以获得更稳定的特征匹配结果和更高的安全防御指标值。
In view of the problems existing in traditional passive network defense technology,such as low accuracy,high error rate and low efficiency of feature extraction,an attack feature extraction method and defense strategy is proposed in this paper based on virtual honeypot.In the local server network,multiple honeypots are arranged to form a complete topology defense honey net,which improves the capture ability of attack data samples.In the aspect of feature extraction of network attack sequence,the character and category of attack data are judged by the global string matching method.In order to improve the efficiency of feature extraction,the algorithm is improved by hierarchical comparison.The experimental results show that honey net technology can obtain more stable feature matching results and higher security defense index values for different attack types.
作者
苏延平
SU Yanping(Minnan Institute of Technology,Quanzhou Fujian 362000,China)
出处
《重庆科技学院学报(自然科学版)》
CAS
2021年第5期102-106,112,共6页
Journal of Chongqing University of Science and Technology:Natural Sciences Edition
基金
2019年福建省中青年教师教育科研项目“基于Spark的蜜罐技术攻击特征提取与分析”(JAT190867)。
关键词
虚拟蜜罐
互联网攻击
特征提取
全局联配
virtual honeypot
internet attack
feature extraction
global alignment
