计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (7): 139-143.

• 网络、通信与安全 • 上一篇    下一篇

一种新的蜜网模型—BRHNS

田俊峰 刘永立   

  1. 河北大学数学与计算机学院 河北大学数学与计算机学院
  • 收稿日期:2006-03-31 修回日期:1900-01-01 出版日期:2007-03-01 发布日期:2007-03-01
  • 通讯作者: 刘永立

A New Honeynets Model—BRHNS

  • Received:2006-03-31 Revised:1900-01-01 Online:2007-03-01 Published:2007-03-01

摘要: 在引入领域(Realm)概念的基础上,提出了一种新的蜜网模型—BRHNS(Based Realm Honeynets)。BRHNS模型利用Realm之间的协作性,提高了蜜网的工作效率,其中的入侵行为分析模块,用无监督聚类的方法对未知攻击的数据进行分类预处理,为以后提取入侵规则并将新的入侵规则添加到IDS规则库中打下了基础,进而提高了IDS的检测效率,降低了蜜网的工作量。通过交叉验证的方法进行实验,发现用无监督聚类算法能够很好地对攻击数据进行分类。

关键词: 网络安全, 诱捕, 蜜网, 领域, 数据分析

Abstract: Based on citing Realm, a new Honeynets Model—BRHNS is presented. BRHNS make use of cooperation between Realms, the efficiency of Honeynets is improved, In intrusion behavior analyse module, unknown attack data are classified by the unsupervised clustering, accordingly, prepared for extracting intrusion rules and adding the new rules to IDS rule-lib, consequently, the detection efficiency of IDS is improved and the workload of BRHNS is effectively reduced.. Have performed experiments through cross-validate, we found it was effective to classify the attack data by the unsupervised clustering.

Key words: Network Security, entrapment, Honeynets, Realm, data analyse