Classification of TCP 445 Attacks and Global Snapshot with Honeypot Analysis

2019 International Conference on Advanced Information Technologies (ICAIT) Pub Date : 2019-11-01 DOI:10.1109/AITC.2019.8921162

Yinghui Luo, Zhiqing Zhang, H. Esaki, H. Ochiai

引用次数: 1

Abstract

This paper analyzes malicious activities collected in port 445 for 20 days by honeypot, by exposing our computer to malicious hosts and luring them to intrude it. We filtered the intrusion packets by Samba protocol and find their characteristics for classifying them into 3 types and processed them for their source IP address. The goal is obtaining the source country corresponding to each type of malicious activities in port 445 so that we could analyze their source country distribution.

查看原文本刊更多论文

基于蜜罐分析的TCP 445攻击分类及全局快照

本文分析了蜜罐在445端口收集的20天的恶意活动，将我们的计算机暴露给恶意主机并引诱它们入侵它。通过Samba协议对入侵报文进行过滤，找出入侵报文的特征，将其分为3类，并对其源IP地址进行处理。我们的目标是获取端口445中每种类型恶意活动对应的来源国家，以便我们分析其来源国家分布。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 International Conference on Advanced Information Technologies (ICAIT)

自引率

0.00%

发文量