计算机工程

• 安全技术 • 上一篇    下一篇

网电空间中基于蠕虫的攻防对抗技术研究

张志威,张传富,岳云天   

  1. (解放军信息工程大学三院,郑州 450004)
  • 收稿日期:2012-12-12 出版日期:2013-11-15 发布日期:2013-11-13
  • 作者简介:张志威(1986-),男,硕士研究生,主研方向:网络安全;张传富,讲师、博士;岳云天,副教授

Research on Attack-defense Countermeasure Technology Based on Worm in Cyberspace

ZHANG Zhi-wei, ZHANG Chuan-fu, YUE Yun-tian   

  1. (The Third Institute, Information Engineering University of PLA, Zhengzhou 450004, China)
  • Received:2012-12-12 Online:2013-11-15 Published:2013-11-13

摘要: 随着网电空间战略地位的提高,其对抗技术已成为研究的热点。针对网电空间对抗建模问题,以典型的网电空间蠕虫为研究对象,采用建立蠕虫攻击传播模型和蠕虫防御模型的方法,对基于蠕虫的网电空间攻防对抗建模技术进行研究。分析蠕虫扫描策略及目的不可达报文检测方法,建立基于选择性随机扫描策略的蠕虫传播模型。在该模型的基础上,提出基于蠕虫签名的防御方法及改进措施,并设计蠕虫综合对抗模型。仿真结果表明,与基于签名的防御方法相比,综合防御方法能更有效地抑制蠕虫传播。

关键词: 网电空间, 网络蠕虫, 蠕虫传播模型, 数字签名, 综合防御, 攻防对抗

Abstract: With the improvement of the strategic position of cyberspace, the technology of network countermeasure becomes a research focus in cyberspace. In order to overcome the problem of building the coutermeasure model in cyberspce, this paper takes worm as research object and researches the attack-defense countermeasure technology based on building the worm propagation model and the worm defense model. Firstly, a worm propagation model based on the strategy of selective-random scan is built by the analysis of the scanning strategy and the detection method. Then, at the basis of the worm propagation model, the defense method of Internet worm and improvement measures is proposed with the worm signature. In the end, this paper builds a comprehensive-countermeasure model. Simulation experimental result shows that the method of comprehensive defense can inhibit worm propagation more effectively than the method of the worm signature technology.

Key words: cyberspace, network worm, worm propagation model, digital signature, integrated defense, attack-defense countermeasure

中图分类号: