摘要：

针对现有隐蔽扫描检测技术的不足，提出了一种基于网络流量特征的端口扫描检测模型，它采用与大多数现有检测技术不同的方式，在检测过程中不仅基于单个报文，而且结合基于会话的方式，在去除掉各种干扰检测的“噪声”扫描活动后，检测慢扫描、分布式扫描等异常隐蔽的扫描活动。实验表明，该检测模型对检测各种隐蔽扫描活动具有较高的准确率和较低的漏报率。

关键词: 端口扫描, 噪声扫描, 入侵检测, 方差

Abstract:

In view of existing stealth-scanning detection technology insufficiency, providing a new model based on characteristic of network’s traffic for detecting stealth-scan, it adopts a different way from most existing detection techniques. It not only checks packet individually, but also combines the way based on conversation, and removes various kinds of “noise” activity of scanning that interference detection to go. Primary experiment indicates that this detection model has higher rate of accuracy and lower rate of false negatives to various stealth-scan.

Key words: Port scan, Noise scan, Intrusion detection, Variance