摘要
针对DHR系统服务体在面临共同漏洞时的系统脆弱性问题,提出了一种改进的DHR架构——IDHR。该架构在DHR的基础上,首先引入根据执行体间的异构性对执行体集进行划分的执行体划分模块,以极大增强各执行体池之间的异构性。在此基础上,改进调度模块中的动态选择算法,即采用先随机选择执行体池,再从执行体池中随机选择执行体的方式,以提高在共同漏洞下DHR系统的安全性。最后,通过随机模拟执行体和仿真Web服务器2种实验方案,从攻击成功率和被控制率2个方面对所提IDHR架构进行安全性评估。实验结果表明,IDHR架构的安全性,尤其是在共同漏洞未知情况下,明显优于传统DHR架构。
Aiming at the security problem when servants are faced with common vulnerabilities,an improved DHR architecture called IDHR was proposed.On the basis of DHR,an executor-partition module that divided the executor-set to several executor pools by the heterogeneity among the executors was introduced to improve the heterogeneity among the executor pools.Moreover,the scheduling algorithm was improved by choosing executor pools randomly at first,and then choosing the executors from these pools randomly.Finally,through two experimental schemes of random simulation and Web server emulation,the security evaluation of the proposed IDHR architecture was carried out from two aspects of attack success rate and control rate.Experimental results show that the security of the IDHR architecture,especially when the common vulnerability is unknown,is significantly better than the traditional DHR architecture.
作者
吴铤
胡程楠
陈庆南
陈安邦
郑秋华
WU Ting;HU Chengnan;CHEN Qingnan;CHEN Anbang;ZHENG Qiuhua(School of Cyberspace Security,Hangzhou Dianzi University,Hangzhou 310018,China;Hangzhou Innovation Institute,Beihang University,Hangzhou 310051,China)
出处
《通信学报》
EI
CSCD
北大核心
2021年第3期122-134,共13页
Journal on Communications
基金
浙江省重点研发计划基金资助项目(No.2020C01078,No.2019C01012,No.2017C01062)。
关键词
拟态防御
拟态系统架构
动态异构冗余
安全性分析
mimic defense
mimic system architecture
dynamic heterogeneous redundancy
security analysis
