| 网络攻击源追踪系统模型 |
| |
| 引用本文: | 谷大武,李小勇,陆海宁. 网络攻击源追踪系统模型[J]. 上海交通大学学报, 2003, 37(3): 411-415 |
| |
| 作者姓名: | 谷大武 李小勇 陆海宁 |
| |
| 作者单位: | 上海交通大学计算机科学与工程系,上海,200030 |
| |
| 基金项目: | 中国高技术研究发展 ( 863 )计划 ( 2 0 0 1AA14 40 61),上海市科技发展基金 ( 0 15 115 0 47)联合资助项目 |
| |
| 摘 要: | 入侵检测是识别网络攻击的主要手段,现有的入侵检测系统可以检测到大多数基于网络的攻击,但不能提供对真实攻击来源有有效追踪。据此,结合现有的入侵检测技术提出了网络攻击源追踪系统的模型,阐述了该系统的体系结构和各部分的主要功能,给出了利用相关性分析对攻击者的攻击路径进行回溯的基本思想,模拟结果表明,所提出的系统模型和相关性分析的思想是可行有效的。最后,从安全性,实用性和追踪精度等方面对系统可能存在的问题进行了分析。
|
| 关 键 词: | 入侵检测 攻击源追踪 网络监听 攻击签名 |
| 文章编号: | 1006-2467(2003)03-0411-05 |
| 修稿时间: | 2002-03-16 |
A Framework of Network Attacker-Tracing System |
| |
| GU Da wu,LI Xiao yong,LU Hai ning. A Framework of Network Attacker-Tracing System[J]. Journal of Shanghai Jiaotong University, 2003, 37(3): 411-415 |
| |
| Authors: | GU Da wu LI Xiao yong LU Hai ning |
| |
| Abstract: | Intrusion detection is a major technique of identifying the network attackers. The intrusion detection systems available can find the event of most network based attacks, but cannot judge the real locations of attackers. On the basis of the existing techniques, this paper presented a framework of network attacker tracing system. It then provided the system architecture and listed the principal functions. By using of the relevant analysis, it gave the basic idea of retracing the attackers' paths. The simulation result shows that the framework and idea are feasible and efficient. Finally, the potential problems of such system from various respects such as security, practicability and tracing precision, etc. were analyzed. |
| |
| Keywords: | intrusion detection attacker tracing network monitoring attack signature |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
