Abstract: Computer security has been focused on passive defense strategies and intrusion detection system has its own security vulnerability. This paper designs and implements honeypot scan detection system, combines the active defense honeypot with passive defense intrusion detection, introduces a new 2-dimension link structure for slow scan and new event mechanism in the system, and solves some weaknesses in known techniques. The tests on this system in a typical network environment show that the system can provide early warning about scan, detecting slow scan and some new, attacks and has very low false positives and false negatives

Key words: Honeypot; Port-scan; Intrusion detection system; Slow scan

摘要： 针对原有安全策略的被动局面和入侵检测系统的弱点，设计并实现了honeypot 扫描检测系统，将主动防御的honeypot 技术和被动防御的入侵检测相结合，设计了检测慢扫描的二维链表结构，引入了事件机制，并对已有的扫描检测方法进行了分析和改进，成为一种新的方法应用于现在的系统中。测试结果表明，该系统具有扫描预警，检测慢扫描和未知攻击的能力，误报率和漏报率都很低。

关键词: Honeypot；端口扫描；入侵检测系统；慢扫描