用Honeypot改善NIDS性能

用Honeypot改善NIDS性能

刘小杨¹，房至一², 翟羽佳², 袁龙略²

1. 吉林大学软件学院, 长春 130012； 2. 吉林大学计算机科学与技术学院, 长春 130012

收稿日期:2005-06-20 修回日期:1900-01-01 出版日期:2006-01-26 发布日期:2006-01-26
通讯作者: 房至一

Performance Improvement of NIDS with Honeypot

LIU Xiao-yang¹, FANG Zhi-yi², ZHAI Yu-jia², YUAN Long-lue²

1. College of Software, Jilin University, Changchun 130012, China; 2. College of Computer Science and Technology, Jilin University, Changchun 130012, China

Received:2005-06-20 Revised:1900-01-01 Online:2006-01-26 Published:2006-01-26
Contact: FANG Zhi-yi

摘要/Abstract

摘要： 结合Honeypot和NIDS各自的特点, 根据信息系统的数据保密性需要, 构造Honeytoken诱饵数据, 扩展NIDS的安全应用层模块. 通过监视Honeytoken诱饵数据的访问情况, 实时追踪分析入侵者非法的入侵行为和入侵意图, 向系统发出警报, 使系统管理员完善对敏感数据的保密策略, 从而保证数据资源的安全性.

关键词: 蜜罐, 网络入侵检测系统, 数据保密性

Abstract: Combining the characteristics of Honeypot with those of NIDS, we constructed Honeytoken bait data according to data secrecy need of information system and expand NIDS security application module. Through monitoring Honeytoken bait data, tracking in real time and analysing invader’s illegal invasion behavior and invasion intention, send out the alarm to the system makes the system manager perfect the secrecy policy of the sensitivity data so as to guarantee the security of resources of the data.

Key words: Honeypot, NIDS, data secrecy

中图分类号:

TP393

刘小杨，房至一, 翟羽佳, 袁龙略. 用Honeypot改善NIDS性能[J]. J4, 2006, 44(01): 67-72.

LIU Xiao-yang, FANG Zhi-yi, ZHAI Yu-jia, YUAN Long-lue. Performance Improvement of NIDS with Honeypot[J]. J4, 2006, 44(01): 67-72.

[1]	肖玮,, 房至一, 王玮, 杨宏军. 一种适应负载特征的入侵检测方法[J]. J4, 2008, 46(04): 725-728.
[2]	库宇, 胡亮, 张晓晖. 一种基于代理和蜜罐技术的分布式入侵检测系统模型[J]. J4, 2007, 45(03): 399-404.