摘要
易攻难守是当前网络安全面临的核心问题之一.移动目标防御为解决这一问题提供了一种全新思路,其核心思想是通过内部可管理的方式对被保护目标的攻击面实施持续性的动态变换以迷惑攻击者,从而增加攻击者实施成功攻击的代价和复杂度,降低其攻击成功的概率,提高系统弹性和安全性.首先对移动目标防御的基本概念加以介绍,并依据研究内容的不同对已有的研究成果进行分类;然后对每类成果加以描述、分析和总结;最后对当前研究现状进行总结,并对未来研究方向进行了展望.
Nowadays ,network configurations are typically deterministic ,static ,and homogeneous . These features reduce the difficulties for cyber attackers scanning the network to identify specific targets and gather essential information ,which gives the attackers asymmetric advantages of building up ,launching and spreading attacks .Thus the defenders are always at a passive position ,and the existing defense mechanisms and approaches cannot reverse this situation . Moving target defense (M TD) is proposed as a new revolutionary technology to alter the asymmetric situation of attacks and defenses .It keeps moving the attack surface of the protected target through dynamic shifting ,which can be controlled and managed by the administrator . In this way , the attack surface exposed to attackers appears chaotic and changes over time . Therefore , the work effort ,i .e ., the cost and complexity ,for the attackers to launch a successful attack ,will be greatly increased .As a result ,the probability of successful attacks will be decreased ,and the resiliency and security of the protected target will be enhanced effectively .In this paper ,we firstly introduce the basic concepts of M TD ,and classify the related works into categories according to their research field .Then ,under each category , we give a detailed description on the existing work ,and analyze and summarize them separately . Finally ,we present our understandings on M TD ,and summarize the current research status ,and further discuss the development trends in this field .
出处
《计算机研究与发展》
EI
CSCD
北大核心
2016年第5期968-987,共20页
Journal of Computer Research and Development
基金
国家"九七三"重点基础研究发展计划基金项目(2012CB315906)
高等学校博士学科点专项科研基金项目(20114307110006)~~
关键词
移动目标防御
攻击面
动态变换
弹性
安全性
moving target defense
attack surface
dynamic shifting
resiliency
security
