期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于攻击面度量的动态目标防御效能评估方法 被引量:4

Performance Assessment Technique of Moving Target Defense Based on Attack Surface Measurement
下载PDF
导出
摘要 在赛博空间的攻防博弈中,信息系统的静态不变特性使得攻击者具有足够的时间和空间来实施侦察、发动攻击.从网络防御的角度来看,利用操作系统、软件、数据、网络设施的动态随机变化实现信息系统的动态防御,有可能减小攻击面,从而抑制攻击.基于马尔可夫(Markov)链模型对信息系统动态目标防御方法进行了建模分析,通过引入攻击探测概率指标对变化攻击面进行定量度量.根据攻防博弈中实施策略的不同,将模型细分为4种情况,并以动态云中心攻防为例,对模型的有效性和合理性进行了验证. Attackers have sufficient time and space to implementing reconnaissance and attack aiming at the static and fixed characteristic of information system in the game of cyberspace attack and defense. In the view of network defense, dynamic and random changes of OS, software, data and network infrastructure realize dynamic defense of information system, thus probably reduces attack surface and contains attacks. In the paper, a method of modeling and analysis of information system dynamic defense is presented based on Markov chain, meanwhile, the index of attack detection probability is introduced in order to quantitatively calculate attack surface of dynamic system. The model is subdivided into four cases according to attack and defense strategies. Finally, a calculation example of dynamic cloud center attack and defense is illustrated which shows that the mentioned modeling technique is valid and feasible.
作者 杨林 张义荣 杨峰 马琳茹 李京鹏
机构地区 中国电子设备系统工程公司研究所
出处 《指挥与控制学报》 2015年第4期453-457,共5页 Journal of Command and Control
关键词 动态目标防御 变化攻击面 马尔可夫链 攻击探测概率 效能评估 moving target defense, dynamic attack surface, markov chain, attack detection probability, performance assessment
分类号 E919 [军事]
  • 相关文献

参考文献12

  • 1Manadnata P K, Wing J M. A formal model for a system's attack surface [C]// Advances in Information Security. Hei-delberg: Springer-Verlag, 2011: 1-28.
  • 2Shaer E A, Morrero W. Network configuration in a box: to- wards end-to-end verification of network reachability and Security [C]// Proceedings of 17th International Conference Network Communication and Protocol (ICNP'09). Prince- ton N J: Princeton University Press, 2009:123-132.
  • 3Boyd S M, Kc G S, Locasto M E, et al. On the general appli- cability of instruction-set randomization [J]. IEEE Trans- action on Dependable and Secure Computing, 2010, 7(1): 255-270.
  • 4Salamal B, Jackson T, Wagner G, et al. Run-time defense against code injection attacks using replicated exception [J]. IEEE Transaction on Dependable and Secure Computing, 2011, 8(4): 588-601.
  • 5Shaer E A1. Towards network configuration randomization for moving target defense [C]// Advances in Information Security. Heidelberg: Springer-Verlag~ 2011: 153-159.
  • 6Kc G S, Keromytis A D, Vassilis P. Countering code-injection attacks with instruction-set randomization [C]// Proceedings of the 10th ACM Conference on Com- puter and Communications Security (CCS). Washington DC: ACM Press, 2003: 272-280.
  • 7Shacham H, Page M, Pfaff B, et al. On the effectiveness of address-space randomization [C]// Proceedings of the llth ACM Conference on Computer and Communications Secu- rity (CCS). Washington DC: ACM Press, 2004: 298-307.
  • 8Jacob M, Jakubowski M, Naldur P, et al. The superdiversi- tier: Peephole individualization for software protection [C]// 3rd International Workshop on Security (IWSEC 2008). Ka~ gawa: Springer-Verlag, 2008: 100-120.
  • 9Huang Y, Ghosh A, Bracewell T, et al. A security evaluation of a novel resilient web serving architecture: Lessons learned through industry/ academia collaboration [C]// Proceed- ings of the International Conference on Dependable Sys- tems and Networks Workshops. Chicago: IEEE Press~ 2010: 188-193.
  • 10陆大金.随机过程及其应用[M].北京:清华大学出版社,1986..

共引文献26

同被引文献39

引证文献4

二级引证文献25

指挥与控制学报
2015年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部