基于事件驱动与定时迁移的平台动态防御策略

doi:10.19678/j.issn.1000-3428.0053690

计算机工程 ›› 2019, Vol. 45 ›› Issue (9): 105-111. doi: 10.19678/j.issn.1000-3428.0053690

基于事件驱动与定时迁移的平台动态防御策略

陈彤睿, 马润年, 王刚, 伍维甲

空军工程大学信息与导航学院, 西安 710003

收稿日期:2019-01-15 修回日期:2019-02-24 出版日期:2019-09-15 发布日期:2019-09-03
作者简介:陈彤睿(1992-),男,硕士研究生,主研方向为网络空间安全;马润年、王刚(通信作者),教授;伍维甲,讲师
基金资助:
国家自然科学基金"适应性指挥控制组织优化问题研究"（61573017）。

Dynamic Defense Strategy for Platform Based on Event-driven and Timing Migration

CHEN Tongrui, MA Runnian, WANG Gang, WU Weijia

School of Information and Navigation, Air Force Engineering University, Xi'an 710003, China

Received:2019-01-15 Revised:2019-02-24 Online:2019-09-15 Published:2019-09-03
Supported by:
This work is supported by Shanghai Engineering Research Center of Green Energy Grid Connected Technology (No.13DZ2251900).

摘要/Abstract

摘要： 为解决入侵检测系统漏检后的网络安全防御问题，利用平台层动态目标防御技术，设计一种新的平台动态防御（PDD）策略。结合隔离区PDD系统，分析PDD运行原理，考虑平台响应入侵检测告警的随机选择平台迁移以及漏检情况下固定时间间隔的主动迁移，给出PDD策略和防御效能评估指标。仿真结果表明，该策略在异常事件和入侵检测系统漏报率增多的情况下能够始终保持较高的费效比，可有效解决防御收支不平衡和入侵检测系统漏报带来的安全隐患问题。

关键词: 动态目标防御, 平台动态防御, 事件驱动, 定时迁移, 入侵检测

Abstract: In order to solve the network security defense problem after the intrusion detection system misses detection,using the Moving Target Defense(MTD) technology of the platform layer,this paper designs a new dynamic defense strategy for platforms.Combined with the dynamic defense system of the platform in Demilitarized Zone(DMZ),the dynamic defense operation principle of the platform is analyzed.Considering the active platform migration at fixed intervals caused by missed intrusion detection and random platform migration caused by detected intrusion alarms,a dynamic defense strategy for platform and an evaluation index for defense effects are given.Simulation results show that the proposed strategy always maintains a high cost-effectiveness ratio in the case of abnormal events and an increased false negative rate of the intrusion detection system,which can effectively solve the imbalance between defense costs and effects and the security risks caused by missed detection of the intrusion detection system.

Key words: Moving Target Defense(MTD), dynamic defense for platform, event-driven, timing migration, intrusion detection

中图分类号:

TP391

陈彤睿, 马润年, 王刚, 伍维甲. 基于事件驱动与定时迁移的平台动态防御策略[J]. 计算机工程, 2019, 45(9): 105-111.

CHEN Tongrui, MA Runnian, WANG Gang, WU Weijia. Dynamic Defense Strategy for Platform Based on Event-driven and Timing Migration[J]. Computer Engineering, 2019, 45(9): 105-111.

http://www.ecice06.com/CN/Y2019/V45/I9/105

图/表 10

20190912183038

20190912183041

20190912183043

20190912183046

20190912183049

20190912183052

20190912183054

20190912183057

20190912183100

20190912183103

参考文献

[1] 刘兰,任光明,林军.SDN环境下的动态随机网络病毒传播模型及特性研究[J].计算机工程,2018,44(8):179-183.
[2] JAJODIA S,GHOSH A K,SWARUP V,et al.Moving target defense——creating asymmetric uncertainty for cyber threats[M].Berlin,Germany:Springer,2011.
[3] 杨林,于全.动态赋能网络空间防御[M].北京:人民邮电出版社,2016.
[4] 谷允捷,胡宇翔,丁悦航,等.基于业务感知的随机地址跳变方法[J].计算机工程,2018,44(10):28-33,41.
[5] OKHRAVI H,COMELLA A,ROBINSON E,et al.Creating a cyber moving target for critical infrastructure applications using platform diversity[J].International Journal of Critical Infrastructure Protection,2012,3(1):30-39.
[6] WEI Peng,LI Feng,HUANG C T,et al.A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces[C]//Proceedings of 2014 IEEE International Conference on Communications.Washington D.C.,USA:IEEE Press,2014:804-809.
[7] HUANG Y,GHOSH A K.Introducing diversity and uncertainty to create moving attack surfaces for Web services[M].Berlin,Germany:Springer,2011.
[8] BANGALORE A K,SOOD A K.Securing Web servers using self cleansing intrusion tolerance[C]//Proceedings of DEPEND'09.Washington D.C.,USA:IEEE Press,2009:60-65.
[9] 赵鑫.跳变信息服务系统研究[J].软件,2018,39(3):204-208.
[10] 刘江,张红旗,刘艺.基于不完全信息动态博弈的动态目标防御最优策略选取研究[J].电子学报,2018,46(1):82-89.
[11] 刘丹军,蔡桂林,王宝生.AMTD:一种适应性动态目标防御方法[J].网络与信息安全学报,2018,4(1):1-12.
[12] 顾泽宇,张兴明,林森杰.基于安全策略的负载感知动态调度机制[J].计算机应用,2017,37(11):3304-3310.
[13] 雷程,马多贺,张红旗,等.基于网络攻击面自适应转换的动态目标防御技术[J].计算机学报,2018,41(5):1109-1131.
[14] 刘江,张红旗,杨英杰,等.基于主机安全状态迁移模型的动态网络防御有效性评估[J].电子与信息学报,2017,39(3):509-517.
[15] OKHRAVI H,RIOADAN J,CARTER K.Quantitative evaluation of dynamic platform techniques as a defensive mechanism[C]//Proceedings of the 17th International Symposium on Recent Advances in Intrusion Detection.Berlin,Germany:Springer,2014:405-425.
[16] HONG J B,KIM D S.Assessing the effectiveness of moving target defenses using security models[J].IEEE Transactions on Dependable and Secure Computing,2016,13(2):163-177.
[17] SHEYNE R O,HAINES J,JHA S,et al.Automated generation and analysis of attack graphs[C]//Proceedings of IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2002:273-284.
[18] OKHRAVI H,RABE M,MAYBERR Y T,et al.Survey of cyber moving target techniques[D].Lexington,USA:Massachusetts Institute of Technology Lexington Lincoln Laboratory,2013.
[19] CAI Gulin,WANG Baosheng,HU Wei,et al.Moving target defense:state of the art and characteristics[J].Frontiers of Information Technology and Electronic Engineering,2016,17(11):1122-1153.
[20] 刘海燕,张钰,毕建权,等.基于分布式及协同式网络入侵检测技术综述[J].计算机工程与应用,2018,54(8):1-20.
[21] NITRD Subcommittee.National cyber leap year summit 2009 co-chairs' report[EB/OL].[2018-12-21].https://www.nitrd.gov/nitrdgroups/index.php?title=Category:National_Cyber_Leap_Year_Summit_2009.

选择文件类型/文献管理软件名称

选择包含的内容

基于事件驱动与定时迁移的平台动态防御策略

Dynamic Defense Strategy for Platform Based on Event-driven and Timing Migration

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	陈仲磊, 伊鹏, 陈祥, 胡涛. 基于集成学习的系统调用实时异常检测框架[J]. 计算机工程, 2023, 49(6): 162-169,179.
[2]	张雷, 鲍蓉, 朱永红, 史新国. 基于CSA-ResNet的人员入侵检测方法[J]. 计算机工程, 2023, 49(4): 297-302,311.
[3]	石磊, 张吉涛, 高宇飞, 卫琳, 陶永才. 基于Transformer与BiLSTM的网络流量入侵检测[J]. 计算机工程, 2023, 49(3): 29-36,57.
[4]	刘强, 张颖, 周卫祥, 蒋先涛, 周薇娜, 周谋国. 自适应类增量学习的物联网入侵检测系统[J]. 计算机工程, 2023, 49(2): 169-174.
[5]	孙扬威, 戚湧. 基于聚类混合采样与PSO-Stacking的车载CAN入侵检测方法[J]. 计算机工程, 2023, 49(1): 138-145.
[6]	刘金硕, 詹岱依, 邓娟, 王丽娜. 基于深度神经网络和联邦学习的网络入侵检测[J]. 计算机工程, 2023, 49(1): 15-21,30.
[7]	董卫宇, 李海涛, 王瑞敏, 任化娟, 孙雪凯. 基于堆叠卷积注意力的网络流量异常检测模型[J]. 计算机工程, 2022, 48(9): 12-19.
[8]	金海波, 赵欣越. 共形预测框架下的高可靠入侵检测算法[J]. 计算机工程, 2022, 48(7): 130-140.
[9]	生龙, 袁丽娜, 武南南, 姬少培. 基于GSA与DE优化混合核ELM的网络异常检测模型[J]. 计算机工程, 2022, 48(6): 146-153.
[10]	李晋国, 焦旭斌. 雾计算环境下入侵检测模型研究[J]. 计算机工程, 2022, 48(5): 43-52.
[11]	刘菲菲, 伍忠东, 丁龙斌, 张凯. 基于改进在线序列极限学习机的AMI入侵检测算法[J]. 计算机工程, 2020, 46(9): 136-142,148.
[12]	刘雅丽, 石瑞峰, 任晓亮. 基于低复杂度随机分组检测的LTE核心网入侵识别[J]. 计算机工程, 2020, 46(8): 139-145,152.
[13]	张玲, 张建伟, 桑永宣, 王博, 侯泽翔. 基于随机森林与人工免疫的入侵检测算法[J]. 计算机工程, 2020, 46(8): 146-152.
[14]	付子爔, 徐洋, 吴招娣, 许丹丹, 谢晓尧. 基于增量学习的SVM-KNN网络入侵检测方法[J]. 计算机工程, 2020, 46(4): 115-122.
[15]	党小超, 邓琦研, 郝占军. 基于30°角同心圆环形取样的室内人员检测方法[J]. 计算机工程, 2020, 46(4): 198-205.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于事件驱动与定时迁移的平台动态防御策略

Dynamic Defense Strategy for Platform Based on Event-driven and Timing Migration

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献

相关文章 15

编辑推荐

Metrics

本文评价