摘要
文章介绍了各种扫描技术,总结了已有的检测方法。在此基础上,文章提出了一种新的分布式的端口扫描检测方法。检测的传感器部分实现对异常包的检测,分析器部分通过将异常包分成不同的类,计算一个类的异常值的总和,然后判断出扫描。这种方法不仅可以检测出现有的各种扫描工具能够检测出的扫描,也能检测出它们不能检测出的扫描,例如分布式扫描,慢速扫描等等。
This paper introduces many of the portscan techniques,and discusses the detection tools in the real world.Then it presents a new distributed portscan detection method.The sensor detects the anomalous packets.The Analyzer groups the anomalous packets into different classes,calculates the class's anomaly sum value,and then judges if that is a scan.This method can detect not only all the scans that are detected by current techniques,but also slow scans and distributed scans that can't be detected by now.
出处
《计算机工程与应用》
CSCD
北大核心
2003年第8期163-166,共4页
Computer Engineering and Applications
