有效扫描监测系统建模与部署
DOI:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

Supported by the National Natural Science Foundation of China under Grant No.90412010 (国家自然科学基金)


On Modeling and Deploying an Effective Scan Monitoring System
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    构建有效的扫描监测系统是早期检测和预警未知威胁的必要措施.利用网络中未使用IP地址空间构建扫描监测系统,具有检测准确、虚警率低等活动网络监测不可实现的优势,是一种非常有效的实现方式.针对利用未使用IP 地址实际部署有效扫描监测系统缺乏理论指导这一现状,提出一种新的基于路由分布的扫描监测模型,用于解决针对特定目标的有效扫描监测系统设计部署以及实际有限部署资源检测效用评估问题.基于模型提出部署阈值的概念,描述相同检测率要求下扫描监测系统规模与扫描源扫描宽度之间最经济的匹配阈值.基于路由分布的扫描监测模型和部署阈值,可为设计与实际部署资源相匹配的监测系统部署方案以及制定合理的检测目标提供理论参考,避免原有凭经验的盲目部署.仿真实验结果与理论分析结论相一致.

    Abstract:

    Constructing an effective scan monitoring system is a necessary step for early detection and warning of unknown threats. Scan monitoring systems constructed by routable unused IP addresses will be more effective than those deployed in active networks for their special advantages in identifying threats precisely which results in low false alarm rate. Nowadays systematic researches on how to deploy such an effective monitoring system are still missing. This paper presents a novel scan monitoring model based on BGP route distribution to answer two practical deployment questions. One is how to design and deploy an ideal target-specified scan monitoring system and theother is how to evaluate the detecting effectiveness of actual limited deploying resources. On the basis of the model,this paper puts forward a new concept of deployment threshold which describes the most economical matchingvalue between the monitoring system’s scale and the scanner’s scanning width on the same detection probabilitydemand. According to the model and the deployment threshold, an effective monitoring system can be designed and appropriate detecting targets can be proposed which match the practical deploying resources to avoid blinddeployment as before. Simulation results are coincident with the theretical analyses.

    参考文献
    相似文献
    引证文献
引用本文

马莉波,李星,张亮.有效扫描监测系统建模与部署.软件学报,2009,20(4):845-857

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2007-11-19
  • 最后修改日期:2008-04-07
  • 录用日期:
  • 在线发布日期:
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号