| 基于蜜罐的网络动态取证系统研究 |
| |
| 引用本文: | 杨青.基于蜜罐的网络动态取证系统研究[J].山东科学,2010,23(5):59-65. |
| |
| 作者姓名: | 杨青 |
| |
| 作者单位: | 山东警察学院 |
| |
| 基金项目: | 山东省教育厅高等学校科技计划项目,山东省软科学项目 |
| |
| 摘 要: | 针对计算机静态取证技术和常用的动态取证技术中存在的问题,提出了基于虚拟蜜罐的网络动态取证系统模型。该模型将在被保护子网上对流经的网络数据进行实时监控,编写程序对检测到的入侵进行报警,并通过修改iptables的nat表,利用重定向技术将检测到的入侵数据导入到蜜罐中进行记录,实现了入侵检测技术、蜜罐技术与防火墙技术的联动,达到实时动态取证的目的。实验结果表明,该系统不仅可以保护网络和主机不受攻击,还可以长时间的获取证据,并使得证据不受污染,达到了预期效果。
|
| 关 键 词: | 动态取证 入侵检测 重定向技术 蜜罐 |
| 收稿时间: | 2010-07-02 |
Research on a Honeypot Based Network Dynamic Forensics System |
| |
| YANG Qing.Research on a Honeypot Based Network Dynamic Forensics System[J].Shandong Science,2010,23(5):59-65. |
| |
| Authors: | YANG Qing |
| |
| Affiliation: | Shandong Police College |
| |
| Abstract: | This paper presents a honeypot based network dynamic forensics system in view of the negatives of computer static forensics and conventional dynamic forensics. This system can monitor the network data flow in a protected subnet, send an alarm when a an intrusion is detected, and input the intrusion data into a honeypot and record them with redirection technology. The system can help us dynamically acquire the intrusion evidences by the linkage of intrusion detection, firewall and honeypot. Experiments show that the system can not only avoid servers and networks from attacking but also persistently prevent intrusion evidence from being polluted, so we obtain the expected results. |
| |
| Keywords: | dynamic forensics intrusion detection redirection technology honeypot |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《山东科学》浏览原始摘要信息 |
|
点击此处可从《山东科学》下载全文 |
|
