欢迎您!东篱公司
退出
-
申报数据库
-
立项数据库
-
成果数据库
-
项目获奖数据库
中文摘要:
构建有效的扫描监测系统是早期检测和预警未知威胁的必要措施.利用网络中未使用IP地址空间构建扫描监测系统,具有检测准确、虚警率低等活动网络监测不可实现的优势,是一种非常有效的实现方式.针对利用未使用IP地址实际部署有效扫描监测系统缺乏理论指导这一现状,提出一种新的基于路由分布的扫描监测模型,用于解决针对特定目标的有效扫描监测系统设计部署以及实际有限部署资源检测效用评估问题.基于模型提出部署阈值的概念,描述相同检测率要求下扫描监测系统规模与扫描源扫描宽度之间最经济的匹配阁值.基于路由分布的扫描监测模型和部署闽值,可为设计与实际部署资源相匹配的监测系统部署方案以及制定合理的检测目标提供理论参考,避免原有凭经验的盲目部署.仿真实验结果与理论分析结论相一致.
英文摘要:
Constructing an effective scan monitoring system is a necessary step for early detection and warning of unknown threats. Scan monitoring systems constructed by routable unused IP addresses will be more effective than those deployed in active networks for their special advantages in identifying threats precisely which results in low false alarm rate. Nowadays systematic researches on how to deploy such an effective monitoring system are still missing. This paper presents a novel scan monitoring model based on BGP route distribution to answer two practical deployment questions. One is how to design and deploy an ideal target-specified scan monitoring system and the other is how to evaluate the detecting effectiveness of actual limited deploying resources. On the basis of the model, this paper puts forward a new concept of deployment threshold which describes the most economical matching value between the monitoring system's scale and the scanner's scanning width on the same detection probability demand. According to the model and the deployment threshold, an effective monitoring system can be designed and appropriate detecting targets can be proposed which match the practical deploying resources to avoid blind deployment as before. Simulation results are coincident with the theretical analyses.
同期刊论文项目
同项目期刊论文
位置: