作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (05): 143-145. doi: 10.3969/j.issn.1000-3428.2007.05.050

• 安全技术 • 上一篇    下一篇

基于Honeypot的可疑度模型

汪 洁,王建新   

  1. (中南大学信息科学与工程学院,长沙 410083)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-03-05 发布日期:2007-03-05

Anomaly Degree Model Based on Honeypot

WANG Jie, WANG Jianxin   

  1. (College of Information Science & Engineering, Central South University, Changsha 410083)
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-03-05 Published:2007-03-05

摘要: 提出了基于Honeypot系统的可疑度模型,它可以从外部访问主机中判断入侵主机。这个模型通过分析Honeypot系统里一段时间内发生的所有事件,对访问Honeypot系统的主机赋予一个可疑度的值。如果可疑度的值超过某一个阈值,则此访问者被认为是入侵者。采用了大量的模拟试验对模型进行了测试和分析,在特定的Honeypot系统内测试了模型的误判率,结果证明可疑度模型对于检测Honeypot系统里的入侵者是一个有效的方法。

关键词: 蜜灌, 可疑度模型, 入侵检测, 网络安全

Abstract: An anomaly degree model based on honeypot is proposed and it can distinguish intruders from hosts without hostility. This model gives anomaly values to the hosts who visit honeypot by analyzing all events of honeypot system in a period of time. If the anomaly values exceed a threshold, the visitor can be marked as an intruder. A great lot of simulative test cases are used to validate the model. False alarm rate of model is tested in a honeypot system. The results indicate that anomaly degree model is an effective method to detect intruders in honeypot system.

Key words: Honeypot, Anomaly degree model, Intrusion detection, Network security