基于入侵诱骗技术的网络安全系统的研究与实现
摘要
随着计算机技术尤其是网络技术的发展,计算机系统已经从独立的主机发展到复杂的、互联的开放式的系统,这给人们在信息利用和资源共享上带来了便利,但是这种发展也带来了越来越多的网络安全问题。计算机安全的3大中心目标是保密性(Confidentiality)、完整性(Integritiy)、可用性(Availability)。长期以来,人们在实现这3大目标的过程中进行了不断的探索和研究。最早提出的是采用访问控制机制来保证系统安全的计算机安全模型,随后发展起来的是防火墙技术,这些技术降低了网络安全的隐患,但是以上的几种安全策略都是属于静态的安全防御技术,对网络环境下日新月异的攻击手段缺乏主动的反应,无法得知入侵者真正的入侵手段。
本课题研究入侵诱骗技术,从新的角度去解决网络安全问题,通过建立一个或多个陷阱网络,牵制和转移黑客的攻击,对黑客入侵方法进行技术分析,对网络入侵进行取证甚至对入侵者进行跟踪。
本课题针对湖南建材高等专科学校的校园网络环境,利用蜜罐技术和snort入侵检测软件建立一套入侵诱骗系统,并与湖南长沙博华科技有限公司的博华网龙千兆防火墙YG-FWS-NP和博华网龙入侵检测系统YG-IDS-S配合,共同搭建了校园网安全系统,实现了与其他技术更紧密的集成和协作。本系统具备了一定的早期预警和预测功能,Honeypot不仅能够检测出新的攻击趋势,还能捕获新的攻击工具。这些信息都可用作早期的预警。经过半年多的实际运行,证明该系统在校园网安全管理方面有较好的作用,特别是对防止内部攻击有较好的效果。
As the computer technology developing especially network ,Thecomputer system has developed involvedv, connected and opened systemfrom the unaid mainframe, That brings more expedience for people makeuse of message and resources in common ,But also brings more networksecurity problems.The three center destination of computer security isconfidentiality、integrity、availability.Since long time,in realizes in thisthree center destination process to carry on the exploration and theresearch.Most early proposes is uses the access control mechanism toguarantee the system security of computer security model,Afterwards thefirewall technology is developing, That reduced the hidden dager ofnetwork,but above of all is belongs to static thesafe defense technology, Itis lacks the initiative response for the network attack now, So it unable toknow the invasion method from the intruder.
This topic to reseach the intrusion deception technique, that solves thenetwork security problem by a new way, establishes one or many traps, todivert and to shift hacker's attack, Then to analysis the hacker's attack,we can tracing and getting the evidence.
This topic in view of the network environment of HUNAN BuildingMaterial college,using the HoneyPot technology and snort intrusiondetection software establish the intrusion deception technique system,With HuNan province ChangSha BoHua science company'sYG-FWS-NP and YG-IDS-S,build university network security system incommon, with other technology more tightly integrated and cooperateclosely came ture.This system have certain early warning and forecastfunction,HoneyPot not only check up new attack trends,also can catch thenew attack tool.These Messages were used for early warning.This systemhave actual operated half a year, have shown that had a positive effect inuniversity network security management, especially have a very goodeffect in prevent inside attack.
本课题研究入侵诱骗技术,从新的角度去解决网络安全问题,通过建立一个或多个陷阱网络,牵制和转移黑客的攻击,对黑客入侵方法进行技术分析,对网络入侵进行取证甚至对入侵者进行跟踪。
本课题针对湖南建材高等专科学校的校园网络环境,利用蜜罐技术和snort入侵检测软件建立一套入侵诱骗系统,并与湖南长沙博华科技有限公司的博华网龙千兆防火墙YG-FWS-NP和博华网龙入侵检测系统YG-IDS-S配合,共同搭建了校园网安全系统,实现了与其他技术更紧密的集成和协作。本系统具备了一定的早期预警和预测功能,Honeypot不仅能够检测出新的攻击趋势,还能捕获新的攻击工具。这些信息都可用作早期的预警。经过半年多的实际运行,证明该系统在校园网安全管理方面有较好的作用,特别是对防止内部攻击有较好的效果。
As the computer technology developing especially network ,Thecomputer system has developed involvedv, connected and opened systemfrom the unaid mainframe, That brings more expedience for people makeuse of message and resources in common ,But also brings more networksecurity problems.The three center destination of computer security isconfidentiality、integrity、availability.Since long time,in realizes in thisthree center destination process to carry on the exploration and theresearch.Most early proposes is uses the access control mechanism toguarantee the system security of computer security model,Afterwards thefirewall technology is developing, That reduced the hidden dager ofnetwork,but above of all is belongs to static thesafe defense technology, Itis lacks the initiative response for the network attack now, So it unable toknow the invasion method from the intruder.
This topic to reseach the intrusion deception technique, that solves thenetwork security problem by a new way, establishes one or many traps, todivert and to shift hacker's attack, Then to analysis the hacker's attack,we can tracing and getting the evidence.
This topic in view of the network environment of HUNAN BuildingMaterial college,using the HoneyPot technology and snort intrusiondetection software establish the intrusion deception technique system,With HuNan province ChangSha BoHua science company'sYG-FWS-NP and YG-IDS-S,build university network security system incommon, with other technology more tightly integrated and cooperateclosely came ture.This system have certain early warning and forecastfunction,HoneyPot not only check up new attack trends,also can catch thenew attack tool.These Messages were used for early warning.This systemhave actual operated half a year, have shown that had a positive effect inuniversity network security management, especially have a very goodeffect in prevent inside attack.
引文
1.石志国,薛为民,尹浩 计算机网络安全教程,清华大学出版社,2004.
2.黄肠,胡伟栋,陈克非.网络攻击与安全防护的分类研究[J],计算机工程,2002.
3.詹埏 陷阱系统的研究与设计[J],贵州工业大学学报(自然科学版),2004,33卷,6期,53-56
4.夏春和,吴震,赵勇等.入侵诱骗模型的研究与建立[J].计算机应用研究,2002,19(4):76-79
5.吴震 入侵诱骗技术中诱骗环境的研究与实现[J].计算机应用研究,2003,9(5):16-19
6. Liu Meilan, Information and Communication Security CCICS' 99. First Chinese Conference Inform, 2000年, 105页
7. Bill Cheswick. An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied. Proceedings of the Winter 1992 Usenix conference, 1992
8. Bill Cheswick, Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 1994
9. Fred Cohen. Internet Holes 1996 Internet Lightning Rods. Network Security Magazine
10. Fred Cohen. A Note on the Role of Deception in Information Protection. Computers and Security. 1998
11. Fred Cohen. A Mathematical Structureof Simple Defensive NetworkDeceptions[J], Computers and Security, 2000, (19): 520-528.
12. Lance Spitzner. Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community[J], Addison-Wesley, 2002.
13. Know Your Enemy: Honeynets-What a Honeynet is, its value, how it works, andrisklissues involved. Honeynet Project. November, 2003. Pages 3-12.
14.崔志磊,房岚,陶文林 一种全新的网络安全策略一蜜罐及其技术[J],计算机应用与软件,2004,21(2).
15.冯登国.计算机通信网络安全[M].北京:清华大学出版社,2001
16.闫怀志,胡昌振,谭惠民.网络攻防对抗策略选择模糊矩阵博弈方法[J].武汉大学学报(理学版)2004,50(S1):103-106
17.阮耀平 易江波.计算机系统入侵检测模型与方法[J].计算机工 程,1999,25(9):63—65
18.韩东海,王超,李群入侵检测系统实例剖析,清华大学出版社,2002.
19. Weilern. Honeypots for Distributed Denial of Serveice Eleventh IEEE International Workshops on Enableing Tachnologies:Infrastructure for Collaborative Enterp rises (WETICE' 02 )[C].109~113.
20. Clifford Stoll. Stalking the wily hacker[T], Communications of the ACM, 1988, 31(5):484-497.
21.The Artemis Project/狩猎女神项目组,柳亚鑫,吴智发,诸葛建伟基于Vmware的第三代虚拟Honeynet部署以及攻击实例分析
22. Lance Spitzner, Honeypots Definitions and Value of Honeypots, http://www.tra cking—hackers, com/papers/honeypots, html, 2003-05
23. Chen S, Internet draftdraft- ietf- cidf- data- formats-00. txt,1998年
24.Denning D E,IEEE Trans Software Eng,1987年,13卷,2期,222页
25.张文波,王成,于三明.浅析Linux系统的网络安全策略和措施[J],吉林师范大学学报,2003,2:63-65.
26.王璐,秦志光。业务蜜网技术与应用[J],计算机应用,2004,24(3).
27.杨奕.基于入侵诱骗技术的网络安全研究与实现[J],计算机应用研究,2004
28.蒋春芳.建模仿真在网络安全中的应用[J],网络安全技术与应用,2003.
29.刘美兰,信息和通信安全CCICS’99:第1届中国信息和通信安全学术会议论文集,2000年,105页
30.赵双红,刘寿强,夏娟.基于诱骗式蜜罐系统的设计与应用[J],计算机安全,2003.
31.印鉴,张钢,陈忆群.基于HONEYNET的网络入侵模式挖掘[J],计算机工程与应用,2004.
32.唐正军.网络入侵检测系统的设计与实现[M],电子工业出版社,2002.
33. Josephine Schwabel, Nick Rohring, Mike Hall, Eugene Schultz. "Lessons Learned" from Deploying a Honey Pot[J] , Information Security Bulletin, 2000, (12):23-29, 34.
34.黄鑫,申传宁,吴鲁加.网络安全技术教程—攻击与防范[M],中国电力出版社,2002.
35. Douglas B. Moran. Effective Deployment of Honeypots Against Internal and External Threats[J], Infor}ation Security Bulletin, 2000, (10):27-34.
36.张庆华.信息网络动态安全体系模型综述[J],计算机应用研究,2002,10:5—7.
37.Stephen Northcutt,Mark Cooper,Matt Fearnow,Karen Frederick,林琪译.人侵特征与分析[M],中国电力出版杜,2002.
38.刘宝旭,许榕生.主动型安全防护措施—网络陷阱的研究与设计[J],计算机工程,2002,(12).
39.刘宝旭,曹爱娟,许榕生.陷阱网络技术综述[J],网络安全技术与应用,2003(1):65-69.
40.梁知音Honeyd软件框架介绍,北京大学计算机科学技术研究所
41. Edward Amoroso. Intrusion Detection:An Introduction Surveillance, Correlation, Trace Back, Traps and Responses NetBooks, 1999. to Internet[M], Intrusion
42. Lance Spitzner. Honeypots: Tracking Hackers, Addison Wesley Professional, 2002.
43. Stuart McClure, Joel Scambray, and George Kurtz. Hacking Exposed 2nd Edition. Computing McGraw-hill, second edition, 2000.
44.姚晓宇,顾冠群一种基于主动网的安全防御系统[M],计算机工程与应用,2002,18(6):130-133.
45. Hervieux Michael, Lefeuvre Pascal, Meurisse Thomas. User-Mode-Linux as a Honeypot, 2003
46. Michael Sink, P. E.. The Use of Honeypots and Packet Sniffers for Intrusion Detection, 2001
47.James Stanger,Patrick T.Lane,钟日红,宋建才译.Linux黑客防范开放源代码安全指南[M],机械工业出版社,2002.
48. Cristine, HoepersKlaus, Steding-Jessen, Antonio Montes, Ph. D. Honeynets Applied to the CSIRT Scenario, 15th FIRST Annual Conference, 2003.
49. Fred Cohen. Internet Holes-Internet Lightning Rods[J], Network Security Magazine, 1996, http://all.net/journal/netsec/9607-2.html.
50. E Biermann, E Cloete, L M Venter. A comparison of Intrusion Detectionsystems[J]. Computers& Security. 2001: 20: 676~683
51. Honeypots Solution Soyou want to build your own honeypot. http://www.tracking-hackers.corn/solutions/
52. Honeynet Project: Know Your Enemy: Honeynets. http://www.honeynet.org
53. Kumar G. Classification and detection of computer intrusions[D]. Ph D thesis. Purdue University, 1995
54. Yarochkin Fyodor. A distributed instrusion detection system[EB/OL]. http://snortnet.scorpionsnet/snortnet.ps, 2004
55.喻飞,朱妙松,朱淼良等.入侵检测系统中特征匹配的改进[J].计算机工程与应用,2004,39(29):32-35
56.郭福顺,张学海,程退安等.Rete匹配算法在知识库机中的实现方案[J].小型微型计算机系统,1992,13(9):9-15
57.宋震,郭福顺,李莲治.IMPR:一种优于RETE算法的多模式/多对象匹配算法[J].小型微型计算机系统,2002,23(2):176-179
58.李仁发,李红,喻飞等.入侵检测系统中负载均衡研究与仿真[J].系统仿真学报,2004,16(7):1 444-1 449·78
59. Burges C J C. A Tutorial on Support Vector Machines for Pattern Recognition [J]. Data Mining and Knowledge Discorvery, 1998, 2 (2); 121 167
60. Vapnik V N. An Overview of Statistival Learning Theory [J]. IEEE Transactions on Neural Networks, 1999, 10(5): 988 999.
61. Hearst M A, Dumains S T, Osman E, et al. Support Vector Machines [J]. IEEE Intelligent Systems, 1998, 13 (4): 1828.
62. Srinivas Mukkamala, Guadalupe Janoski, Andrew Sung. Intrusion Detection: Support Vector Machines and Neural Networks.@cs.nmt.edu Department of Computer Science New Mexico Institute of Mining and Technology Socorro, New Mexico 87801, 2002.
63. Hu Wenjie. Robust Anomaly Detection Using Support Vector Machines. Department of Applied Science University of California, Davis wjhu@ucdabis, edu, 2004.
64. Support Vector Machines, Trends &Controversies, 1998, 7:18 28.
65. Sarandis Mitropoulos, Dimitrios Patsos, Christos Douligeris. On Incident Handling and Response:A state-of-t he-art approach, 2005.
66. Honeynet Project. Know Your Enemy: Honeynets[EB/OL].http://www.honeynet.org,2002.10
67. Zhang F, Safavi-Naini R, Susilo W. An Efficient Signature Scheme from Bilinear Pairings and Its Applications[C]. Proc. of Public Key Cryptography, Singapore. Springer-Verlag, 2004: 277.
68.熊华,郭世泽,慧勤.《网络安全一取证与蜜罐》.北京人民邮电出版社,2003.97-136页.
69. Lance Spitzner. Honeypots: Catching the Insider Threat. IEEE ComputerSociety. Dec 2003.
70. L. Spitzner. The Honeynet Project: Trapping the Hackers. Security and PrivacyMagazine. IEEE, Volume 1, Issue 2, 2003. Pages 15-23.
71.王春海.《虚拟机配置与应用完全手册》.人民邮电出版社.2003.6-32,240-245页.
72. Lance Spitzner. Honeypots-Definitions and Value of Honeypots, Oct 2001. http://www.enteract.com/}lspitz/honeypot,html.
73. Know Your Enemy: Defining Virtual Honeynets-Different types of VirtualHoneynets. Honeynet Project. January, 2003. Pages 1-3.
74.李江,张峰,秦志.Telnet和FTP协议下跟踪用户操作的一种方法.计算机应用.2003年08期.
2.黄肠,胡伟栋,陈克非.网络攻击与安全防护的分类研究[J],计算机工程,2002.
3.詹埏 陷阱系统的研究与设计[J],贵州工业大学学报(自然科学版),2004,33卷,6期,53-56
4.夏春和,吴震,赵勇等.入侵诱骗模型的研究与建立[J].计算机应用研究,2002,19(4):76-79
5.吴震 入侵诱骗技术中诱骗环境的研究与实现[J].计算机应用研究,2003,9(5):16-19
6. Liu Meilan, Information and Communication Security CCICS' 99. First Chinese Conference Inform, 2000年, 105页
7. Bill Cheswick. An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied. Proceedings of the Winter 1992 Usenix conference, 1992
8. Bill Cheswick, Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 1994
9. Fred Cohen. Internet Holes 1996 Internet Lightning Rods. Network Security Magazine
10. Fred Cohen. A Note on the Role of Deception in Information Protection. Computers and Security. 1998
11. Fred Cohen. A Mathematical Structureof Simple Defensive NetworkDeceptions[J], Computers and Security, 2000, (19): 520-528.
12. Lance Spitzner. Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community[J], Addison-Wesley, 2002.
13. Know Your Enemy: Honeynets-What a Honeynet is, its value, how it works, andrisklissues involved. Honeynet Project. November, 2003. Pages 3-12.
14.崔志磊,房岚,陶文林 一种全新的网络安全策略一蜜罐及其技术[J],计算机应用与软件,2004,21(2).
15.冯登国.计算机通信网络安全[M].北京:清华大学出版社,2001
16.闫怀志,胡昌振,谭惠民.网络攻防对抗策略选择模糊矩阵博弈方法[J].武汉大学学报(理学版)2004,50(S1):103-106
17.阮耀平 易江波.计算机系统入侵检测模型与方法[J].计算机工 程,1999,25(9):63—65
18.韩东海,王超,李群入侵检测系统实例剖析,清华大学出版社,2002.
19. Weilern. Honeypots for Distributed Denial of Serveice Eleventh IEEE International Workshops on Enableing Tachnologies:Infrastructure for Collaborative Enterp rises (WETICE' 02 )[C].109~113.
20. Clifford Stoll. Stalking the wily hacker[T], Communications of the ACM, 1988, 31(5):484-497.
21.The Artemis Project/狩猎女神项目组,柳亚鑫,吴智发,诸葛建伟基于Vmware的第三代虚拟Honeynet部署以及攻击实例分析
22. Lance Spitzner, Honeypots Definitions and Value of Honeypots, http://www.tra cking—hackers, com/papers/honeypots, html, 2003-05
23. Chen S, Internet draftdraft- ietf- cidf- data- formats-00. txt,1998年
24.Denning D E,IEEE Trans Software Eng,1987年,13卷,2期,222页
25.张文波,王成,于三明.浅析Linux系统的网络安全策略和措施[J],吉林师范大学学报,2003,2:63-65.
26.王璐,秦志光。业务蜜网技术与应用[J],计算机应用,2004,24(3).
27.杨奕.基于入侵诱骗技术的网络安全研究与实现[J],计算机应用研究,2004
28.蒋春芳.建模仿真在网络安全中的应用[J],网络安全技术与应用,2003.
29.刘美兰,信息和通信安全CCICS’99:第1届中国信息和通信安全学术会议论文集,2000年,105页
30.赵双红,刘寿强,夏娟.基于诱骗式蜜罐系统的设计与应用[J],计算机安全,2003.
31.印鉴,张钢,陈忆群.基于HONEYNET的网络入侵模式挖掘[J],计算机工程与应用,2004.
32.唐正军.网络入侵检测系统的设计与实现[M],电子工业出版社,2002.
33. Josephine Schwabel, Nick Rohring, Mike Hall, Eugene Schultz. "Lessons Learned" from Deploying a Honey Pot[J] , Information Security Bulletin, 2000, (12):23-29, 34.
34.黄鑫,申传宁,吴鲁加.网络安全技术教程—攻击与防范[M],中国电力出版社,2002.
35. Douglas B. Moran. Effective Deployment of Honeypots Against Internal and External Threats[J], Infor}ation Security Bulletin, 2000, (10):27-34.
36.张庆华.信息网络动态安全体系模型综述[J],计算机应用研究,2002,10:5—7.
37.Stephen Northcutt,Mark Cooper,Matt Fearnow,Karen Frederick,林琪译.人侵特征与分析[M],中国电力出版杜,2002.
38.刘宝旭,许榕生.主动型安全防护措施—网络陷阱的研究与设计[J],计算机工程,2002,(12).
39.刘宝旭,曹爱娟,许榕生.陷阱网络技术综述[J],网络安全技术与应用,2003(1):65-69.
40.梁知音Honeyd软件框架介绍,北京大学计算机科学技术研究所
41. Edward Amoroso. Intrusion Detection:An Introduction Surveillance, Correlation, Trace Back, Traps and Responses NetBooks, 1999. to Internet[M], Intrusion
42. Lance Spitzner. Honeypots: Tracking Hackers, Addison Wesley Professional, 2002.
43. Stuart McClure, Joel Scambray, and George Kurtz. Hacking Exposed 2nd Edition. Computing McGraw-hill, second edition, 2000.
44.姚晓宇,顾冠群一种基于主动网的安全防御系统[M],计算机工程与应用,2002,18(6):130-133.
45. Hervieux Michael, Lefeuvre Pascal, Meurisse Thomas. User-Mode-Linux as a Honeypot, 2003
46. Michael Sink, P. E.. The Use of Honeypots and Packet Sniffers for Intrusion Detection, 2001
47.James Stanger,Patrick T.Lane,钟日红,宋建才译.Linux黑客防范开放源代码安全指南[M],机械工业出版社,2002.
48. Cristine, HoepersKlaus, Steding-Jessen, Antonio Montes, Ph. D. Honeynets Applied to the CSIRT Scenario, 15th FIRST Annual Conference, 2003.
49. Fred Cohen. Internet Holes-Internet Lightning Rods[J], Network Security Magazine, 1996, http://all.net/journal/netsec/9607-2.html.
50. E Biermann, E Cloete, L M Venter. A comparison of Intrusion Detectionsystems[J]. Computers& Security. 2001: 20: 676~683
51. Honeypots Solution Soyou want to build your own honeypot. http://www.tracking-hackers.corn/solutions/
52. Honeynet Project: Know Your Enemy: Honeynets. http://www.honeynet.org
53. Kumar G. Classification and detection of computer intrusions[D]. Ph D thesis. Purdue University, 1995
54. Yarochkin Fyodor. A distributed instrusion detection system[EB/OL]. http://snortnet.scorpionsnet/snortnet.ps, 2004
55.喻飞,朱妙松,朱淼良等.入侵检测系统中特征匹配的改进[J].计算机工程与应用,2004,39(29):32-35
56.郭福顺,张学海,程退安等.Rete匹配算法在知识库机中的实现方案[J].小型微型计算机系统,1992,13(9):9-15
57.宋震,郭福顺,李莲治.IMPR:一种优于RETE算法的多模式/多对象匹配算法[J].小型微型计算机系统,2002,23(2):176-179
58.李仁发,李红,喻飞等.入侵检测系统中负载均衡研究与仿真[J].系统仿真学报,2004,16(7):1 444-1 449·78
59. Burges C J C. A Tutorial on Support Vector Machines for Pattern Recognition [J]. Data Mining and Knowledge Discorvery, 1998, 2 (2); 121 167
60. Vapnik V N. An Overview of Statistival Learning Theory [J]. IEEE Transactions on Neural Networks, 1999, 10(5): 988 999.
61. Hearst M A, Dumains S T, Osman E, et al. Support Vector Machines [J]. IEEE Intelligent Systems, 1998, 13 (4): 1828.
62. Srinivas Mukkamala, Guadalupe Janoski, Andrew Sung. Intrusion Detection: Support Vector Machines and Neural Networks.@cs.nmt.edu Department of Computer Science New Mexico Institute of Mining and Technology Socorro, New Mexico 87801, 2002.
63. Hu Wenjie. Robust Anomaly Detection Using Support Vector Machines. Department of Applied Science University of California, Davis wjhu@ucdabis, edu, 2004.
64. Support Vector Machines, Trends &Controversies, 1998, 7:18 28.
65. Sarandis Mitropoulos, Dimitrios Patsos, Christos Douligeris. On Incident Handling and Response:A state-of-t he-art approach, 2005.
66. Honeynet Project. Know Your Enemy: Honeynets[EB/OL].http://www.honeynet.org,2002.10
67. Zhang F, Safavi-Naini R, Susilo W. An Efficient Signature Scheme from Bilinear Pairings and Its Applications[C]. Proc. of Public Key Cryptography, Singapore. Springer-Verlag, 2004: 277.
68.熊华,郭世泽,慧勤.《网络安全一取证与蜜罐》.北京人民邮电出版社,2003.97-136页.
69. Lance Spitzner. Honeypots: Catching the Insider Threat. IEEE ComputerSociety. Dec 2003.
70. L. Spitzner. The Honeynet Project: Trapping the Hackers. Security and PrivacyMagazine. IEEE, Volume 1, Issue 2, 2003. Pages 15-23.
71.王春海.《虚拟机配置与应用完全手册》.人民邮电出版社.2003.6-32,240-245页.
72. Lance Spitzner. Honeypots-Definitions and Value of Honeypots, Oct 2001. http://www.enteract.com/}lspitz/honeypot,html.
73. Know Your Enemy: Defining Virtual Honeynets-Different types of VirtualHoneynets. Honeynet Project. January, 2003. Pages 1-3.
74.李江,张峰,秦志.Telnet和FTP协议下跟踪用户操作的一种方法.计算机应用.2003年08期.