信息网络安全 ›› 2015, Vol. 15 ›› Issue (9): 231-235.doi: 10.3969/j.issn.1671-1122.2015.09.051

• 入选论文 • 上一篇    下一篇

基于IDS报警和rootkit的威胁溯源方法研究

夏坤鹏(), 谢正勇, 崔伟   

  1. 云南省公安厅网络安全保卫总队,云南昆明 650021
  • 收稿日期:2015-07-15 出版日期:2015-09-01 发布日期:2015-11-13
  • 作者简介:

    作者简介: 夏坤鹏(1988-),男,河南,硕士,主要研究方向:信息安全、等级保护、网络安全信息通报处置;谢正勇(1973-),男,湖南,硕士,主要研究方向:网络安全管控;崔伟(1961-),男,河北,本科,主要研究方向:信息安全、等级保护、网络安全信息通报处置、网络侦查谋略。

  • 基金资助:
    国家自然科学基金[61172072,61271308];北京市自然科学基金[4112045]

Research on Threat Traceback Method Based on IDS Alarms and Rootkit

Kun-peng XIA(), Zheng-yong XIE, Wei CUI   

  1. Yunnan Province Public Security Bureau Cyber Police Corps, Kunming Yunnan 650021, China
  • Received:2015-07-15 Online:2015-09-01 Published:2015-11-13

摘要:

随着互联网应用的普及和不断深入,网络威胁也给人们的工作和生活带来了重大挑战。为了应对这些挑战,给广大网民营造一个安全、可信的互联网环境,文章研究了威胁信息溯源问题,分析了现有威胁溯源方法存在的不足,从实践角度出发提出了一种基于入侵检测系统报警信息和rootkit的威胁溯源方案。文章设定了本方案的假设条件,分析了该方案的可行性,指出了方案面临的挑战。

关键词: 威胁溯源, 入侵检测, rootkit

Abstract:

With the popularization and development of Internet application, Internet-based network threat has posed a serious challenge to everyone’s work and life. In order to deal with this challenge as well as create a safe and trusted Internet environment for the cyber citizens, this paper reads up the problem of threat information traceback, analyzes the drawbacks of the existing method of threat traceback, proposes a threat traceback scheme which is based on the alarms of intrusion detection system and rootkit technology. This paper sets up the assumption of the scheme according to the fact when traceback threat, analyzes the feasibility, proposes the challenge.

Key words: threat traceback, intrusion detection, rootkit

中图分类号: