计算机工程 ›› 2007, Vol. 33 ›› Issue (02): 136-138.doi: 10.3969/j.issn.1000-3428.2007.02.047

• 安全技术 • 上一篇    下一篇

网络分流诱捕系统的设计和实现

韩俊杰,康 乐,刘胜利   

  1. (上海交通大学计算机科学与工程系,上海 200030)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-01-20 发布日期:2007-01-20

Design and Implementation of Traffic-analysis-based Honeypot System

HAN Junjie, KANG Le, LIU Shengli   

  1. (Dept. of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200030)
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-01-20 Published:2007-01-20

摘要: 提出了一种Windows环境下网络分流诱捕系统的设计和实现方法。它根据IDS规则库,利用Windows DDK网络驱动NDIS中间层技术实现网络流量的过滤和分流,为Honeypot收集大量非法流量,提高了Honeypot的效率,同时阻隔面向真实服务器的攻击流量,保护了真实服务器。

关键词: Honeypot, NDIS, 入侵检测

Abstract: A traffic-analysis-based honeypot for Windows system is designed and implemented. Based on the library of IDS rules, the network driver of Windows DDK and NDIS middle-ware technology are used to realize filtering and diversion of network flow. This mechanism diverts the unauthorized flow from reaching the real server. In the meantime, it collects a vast amount of “hacking techniques” from the unauthorized flow to continuously adapt the system to the various “hacking techniques”. It improves the efficiency of Honeypot and protects the real servers.

Key words: Honeypot, NDIS, IDS