| 引用本文: |
-
葛志辉,李陶深.一种新的端口扫描检测方法[J].广西科学院学报,2005,(4):247-248,251. [点击复制]
- Ge Zhihui,Li Taoshen.An New Portscan Detection Method[J].Journal of Guangxi Academy of Sciences,2005,(4):247-248,251. [点击复制]
|
|
| 摘要: |
| 针对现有端口扫描方法存在的缺陷,提出一种端口扫描检测的新方法。该方法充分利用受保护网段内各主机的特征,对可疑事件进行关联分析,不但可以检测现有工具都可以检测的扫描,而且对慢速扫描的检测也非常有效。 |
| 关键词: 端口扫描 检测 慢速 异常值 分析器 |
| DOI: |
| 投稿时间:2005-06-09 |
| 基金项目:广西留学回国人员科学基金(桂科回0342001)和广西科技攻关项目(桂科攻033008-9)联合资助。 |
|
| An New Portscan Detection Method |
|
Ge Zhihui, Li Taoshen
|
| (School of Comp., Elec. and Info., Guangxi Univ., Nanning, Guangxi, 530004, China) |
| Abstract: |
| A new portscan detection method is presented to overcome the existing defects of current portscan metrods.In this method,the hosts' features in the protected network are fully used to conduct the associate analysis to all the suspicious events.This method can detect all the scans that are detected by current techniques,and is quite efficient in slow scan detect. |
| Key words: portscan detection slow speed abnormity value analyzer |
