摘要
针对传统防御技术难以应对未知漏洞和后门的问题,拟态安全防御(MSD,mimic security defense)通过构造动态异构冗余模型,提高系统的不确定性,增加攻击者的攻击难度和成本,提升网络安全性能。基于软件定义网络,提出了一种拟态防御的实现架构,首先,按照非相似余度准则构建异构冗余执行体,而后借助软件定义网络的集中管理控制实现动态选调和多模判决等功能。实验验证了架构的入侵容忍能力和可用性。
To deal with the attacks employing unknown security vulnerabilities or backdoors which are difficult for traditional defense techniques to eliminate, mimic security defense(MSD) that employs "dynamic, heterogeneity, redundancy(DHR)" mechanism can increase the difficulty and cost of attack and uncertainty of system so as to improve network security. Based on the software defined networking(SDN), an implementation architecture of MSD was proposed. First, diverse functional equivalent variants for the protected target were constructed, then leverage the rich programmability and flexibility of SDN to realize the dynamic scheduling and decision-making functions on SDN controller. Simulation and experimental results prove the availability and the intrusion tolerant ability of the architecture.
出处
《网络与信息安全学报》
2017年第10期52-61,共10页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.61309020
No.61602509)
国家自然科学基金创新群体基金资助项目(No.61521003)
国家重点研发计划基金资助项目(No.2016YFB0800100
No.2016YFB0800101)
河南省科技攻关基金资助项目(No.172102210615
No.172102210441)~~
关键词
拟态安全防御
软件定义网络
主动防御
动态异构冗余
mimic security defense, software defined networking, active defense, dynamic heterogeneous redundancy