期刊文献+

软件定义网络下的拟态防御实现架构 被引量:5

Implementation architecture of mimic security defense based on SDN
下载PDF
导出
摘要 针对传统防御技术难以应对未知漏洞和后门的问题,拟态安全防御(MSD,mimic security defense)通过构造动态异构冗余模型,提高系统的不确定性,增加攻击者的攻击难度和成本,提升网络安全性能。基于软件定义网络,提出了一种拟态防御的实现架构,首先,按照非相似余度准则构建异构冗余执行体,而后借助软件定义网络的集中管理控制实现动态选调和多模判决等功能。实验验证了架构的入侵容忍能力和可用性。 To deal with the attacks employing unknown security vulnerabilities or backdoors which are difficult for traditional defense techniques to eliminate, mimic security defense(MSD) that employs "dynamic, heterogeneity, redundancy(DHR)" mechanism can increase the difficulty and cost of attack and uncertainty of system so as to improve network security. Based on the software defined networking(SDN), an implementation architecture of MSD was proposed. First, diverse functional equivalent variants for the protected target were constructed, then leverage the rich programmability and flexibility of SDN to realize the dynamic scheduling and decision-making functions on SDN controller. Simulation and experimental results prove the availability and the intrusion tolerant ability of the architecture.
出处 《网络与信息安全学报》 2017年第10期52-61,共10页 Chinese Journal of Network and Information Security
基金 国家自然科学基金资助项目(No.61309020 No.61602509) 国家自然科学基金创新群体基金资助项目(No.61521003) 国家重点研发计划基金资助项目(No.2016YFB0800100 No.2016YFB0800101) 河南省科技攻关基金资助项目(No.172102210615 No.172102210441)~~
关键词 拟态安全防御 软件定义网络 主动防御 动态异构冗余 mimic security defense, software defined networking, active defense, dynamic heterogeneous redundancy
  • 相关文献

参考文献2

二级参考文献6

共引文献183

同被引文献34

引证文献5

二级引证文献18

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部