| As the increasing of network bandwidth and network being used in more and more industry,techniques of network attack are also beening imporoved,so information security in the network is being more and more important.It is necessary to know about attackers initiatively and change the flaw of passive defensive of network security system in order not to be disturbed by new attacks.Port scanning is the first step of network intrusion so as to get information about the goal hosts,so it is very important to detect port scanning in the area of network security.A honeypot is a resource whose value is in being attacked or compromised.Honeypot can attract attackers or divert an attacker from the real target in the area of network security. Getting information about attack and attack techniques in the honeypot's log files lays a foundation for analysing attackers, it is possible to take the initiative to explore new attacks, so honeypot can change the flaw of the passive of intrusion detection system to a certain extern.Because of the importance of port scanning detection and the initiative of honeypot,I present a point of view that detecting port scannings based on honeypot in this paper.In the environment of honeypot,a host captures packets sending to virtual hosts in the honeypot.While honeypot provides visitors with emulated services,port scanning is also being detected.In addition,it is difficult to set threshold values in the normal threshld method,so I design a probabilistic method based on the former probabilistic approaches.The method makes use of the source address,destinational address,destinational port of the captured packet,and especially characters that a scanner accesses more ports in one host or more hosts but onyle one port improves probabilistic approach to detect vertical and horizontal port scannings respectively. The method is real time and has broad sources of packets. |
PDF Full Text Request