摘要
网络空间拟态防御技术以动态异构冗余的内生安全特性作为架构核心,通过多余度裁决方保证服务质量并阻断攻击威胁。然而,目前对于多余度裁决的方法,并没有对其防御的代价和风险进行有效分析和评估。本文根据拟态防御与多余度裁决模型之间的关系,针对多余度裁决方法的防御能力、运行效率和系统恢复三方面进行建模和分析。根据模型分析方法挖掘出模型的三项指标之间的潜在关系和部分同构的部署策略下裁决模型的风险隐患问题,并通过实验验证了该方法的有效性。最后,根据模型的评估结果给出了实际部署意见并总结了模型的不足和改进方向。
Cyber space mimic defense technology takes the endogenous security characteristics of dynamic, heterogeneous and redundancy as the core of the architecture, which uses adjudication guarantees the quality of service and blocks the attack threat. However, the current method can not effectively analyze and evaluate the cost and risk of the redundancy adjudication. To evaluate the redundancy adjudication, we first introduce the association between the mimic architecture and the redundancy adjudication. Afterwards, we analyze the defense ability, operation efficiency and system recovery of the redundancy adjudication thus finding out the model indicators' potential relationship and the deployment strategies risk. Finally, the experimental evaluation and the deficiencies of the model are discussed.
作者
李卫超
张铮
王立群
邬江兴
LI Weichao;ZHANG Zheng;WANG Liqun;WU Jiangxing(l State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China;National Digital Switching System Engineering & Technological R&D Center,Zhengzhou 450002,China)
出处
《信息安全学报》
CSCD
2018年第5期64-74,共11页
Journal of Cyber Security
基金
国家重点研发计划网络空间安全专项(No.2017YFB0803201)
上海市科学技术委员会科研计划项目(No.16DZ1120502)资助
