作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (5): 12-18. doi: 10.19678/j.issn.1000-3428.0055996

• 热点与综述 • 上一篇    下一篇

一种基于执行体异构度的拟态裁决优化方法

武兆琪1, 张帆1, 郭威1, 卫今2a,2b, 谢光伟2a,2b   

  1. 1. 国家数字交换系统工程技术研究中心, 郑州 450001;
    2. 复旦大学 a. 计算机科学技术学院;b. 大数据试验场研究院, 上海 200433
  • 收稿日期:2019-09-12 修回日期:2019-11-07 发布日期:2019-10-16
  • 作者简介:武兆琪(1995-),男,硕士,主研方向为拟态防御技术、分布式存储、网络安全;张帆(通信作者),副研究员;郭威、卫今、谢光伟,博士。
  • 基金资助:
    国家自然科学基金面上项目"网络空间拟态安全异构冗余机制研究"(61572520);国家自然科学基金创新研究群体项目"网络空间拟态防御基础理论研究"(61521003);上海市信息化发展专项资金(大数据发展)项目"拟态大数据一体机研制"(201701046)。

A Mimic Arbitration Optimization Method Based on Heterogeneous Degree of Executors

WU Zhaoqi1, ZHANG Fan1, GUO Wei1, WEI Jin2a,2b, XIE Guangwei2a,2b   

  1. 1. China National Digital Switching System Engineering & Technological R & D Center, Zhengzhou 450001, China;
    2a. School of Computer Science;2b. Data Arena Institute, Fudan University, Shanghai 200433, China
  • Received:2019-09-12 Revised:2019-11-07 Published:2019-10-16

摘要: 网络空间拟态防御技术通过构建动态异构冗余的系统架构来提高系统的安全性能,而裁决器的表决机制是防御链中的关键步骤,直接影响拟态系统的安全性和效率。针对拟态表决环节的任务特性,对一致表决算法进行改进,设计基于执行体异构度的拟态裁决优化方法。结合拟态防御系统的异构特性,在选择执行体表决输出时引入执行体间的异构度作为决策因素,同时综合考虑执行体数目和历史记录信息,使表决算法更适用于拟态架构面临的威胁场景。实验结果表明,与一致表决算法相比,该算法能够显著提高拟态系统的安全性能,有效规避共模逃逸的风险。

关键词: 拟态防御, 异构冗余, 裁决器, 异构度, 表决算法

Abstract: Mimic defense technology in cyberspace builds a dynamic heterogeneous redundant system architecture to improve the security performance of the system.In this procedure of defense,the voting mechanism of the arbiter is an important step which directly affects the security and efficiency of the mimic system.Based on the task characteristics of the voting process,this paper improves the consistent voting algorithm and proposes a mimic arbitration optimization method based on heterogeneous degree of the executors.By combining the heterogeneous characteristics in the mimic defense system,introducing the inter-executor heterogeneity as the decision factor when choosing the executor for voting output,and considering the number of executors and historical records,the voting algorithm is made more applicable to the threat scenarios faced by mimic architecture.Experimental results show that,compared with the consistent voting algorithm,the proposed algorithm can significantly improve the security performance of the mimic system and effectively suppress the risk of common mode escape.

Key words: mimic defense, heterogeneous redundancy, arbiter, heterogeneous degree, voting algorithm

中图分类号: