摘要
拟态构造的Web服务器是一种基于拟态防御原理的新型Web安全防御系统,其利用异构性、动态性、冗余性等特性阻断或扰乱网络攻击,以实现系统安全风险可控.在分析拟态防御技术原理的基础上,论证异构性如何提高拟态构造的Web服务器的安全性,并指出对异构性进行量化的重要性.在借鉴生物多样性的量化方法基础上,将拟态构造的Web服务器的异构性定义为其执行体集的复杂性与差异性,提出了一种适用于量化异构性的量化方法,通过该方法分析了影响拟态构造的Web服务器异构性的因素.在理论上为拟态防御量化评估提供了一种新方法,工程实践上为选择冗余度、构件和执行体提供了指导.实验结果表明,该方法比香浓维纳指数和辛普森指数更适合于量化拟态构造的Web服务器的异构性.
The Web server with mimic construction is a new Web security defense system based on the principle of mimic defence.It uses the heterogeneity,dynamics,redundancy,and other characteristics to block or disrupt network attacks to control the security risk of the system.This study analyzes how heterogeneity can improve the security of the Web server with mimic construction and points out the importance of quantification of heterogeneity.Based on the quantification methods of biodiversity,this study defines the heterogeneity of the Web servers with mimic construction as the complexity and disparity of its execution set,proposes a quantification method that is suitable for quantitative heterogeneity,and analyzes the factors that influence heterogeneity of the Web servers with mimic construction.This study provides a new method for quantitative assessment of mimic defence in theory,and provides guidance for choosing the redundancy,components,and execution in practice.The experimental results show that the proposed method is more suitable for quantifying the heterogeneity of Web server with mimic construction than the Shannon-Wiener index and Simpson index.
作者
张杰鑫
庞建民
张铮
ZHANG Jie-Xin;PANG Jian-Min;ZHANG Zheng(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)
出处
《软件学报》
EI
CSCD
北大核心
2020年第2期564-577,共14页
Journal of Software
基金
国家自然科学基金(61472447)
国家重点研发计划(2016YFB0800104)
上海市科学技术委员会科研计划(16DZ1120502).
