摘要
网络攻击工具和方法日趋复杂多样,典型的网络安全技术已无法满足对安全高度敏感的部门需求。笔者在讨论传统Honeypot(密罐技术)的基础上,采用与操作系统无关的Winpcap开发包,设计了一个基于Honeypot技术的信息安全系统。该Honeypot系统通过监控进程的隐蔽以及对事件数据库和关键配置文件的保护,提高了系统的隐蔽性与安全性。系统利用事件数据库记录所发生的攻击行为,使得该系统具有强大的资源监视功能和事后分析能力。
With the rapid development of Intemet, the tools and methods of network attacks become more and more complicated; the typical techniques of network security could not meet the requirements of sensitive departments. It is necessary to develop and design a new network security system to further improve the security of netowork information. A new information security system based on traditional ttoneypot adopting the independent operating-system library of Winpcap is designed. The system conceals the monitoring processes and protects the event database and the important configuration files, so that the security and concealment of the system could be greatly improved. An event database, which recorded all intrusions, gives the system powerful function for resource monitoring and analysis afterwards.
出处
《中国安全科学学报》
CAS
CSCD
2006年第7期118-121,共4页
China Safety Science Journal
