摘要
近年来,以内生安全为主要技术机制的多变体系统在防御零日漏洞攻击中表现出了巨大的潜力。但是现有研究很少涉及多样性和安全性之间的量化评估。对此,提出面向多变体系统的执行体多样性度量方法,该方法通过执行体属性和属性类型构建执行体属性矩阵,结合属性多样性和局部多样性综合评估执行体集的空间多样性,并针对矩阵参数及其多样性权重进行分析以达到系统最大多样化。构建了一个典型的多变体系统及零日攻击模型来评估该指标的有效性,评估结果表明,该多样性度量方法能有效衡量多变体系统中执行体间的异构性,并根据执行体异构性和系统攻击成功率的关系,间接评估出多变体系统的整体安全性。根据结论,该方法为构建更加多样化和安全的系统方面提供了一些指导。
Nowadays,multi-variant systems with endogenous security show great potential in defending against zero-day vulnerabilities.However,existing researches lack a quantitative assessment between diversity and security.Hence,this paper proposed a diversity metric of executors for multi-variant systems,which was based on system attribute matrix built with executor attri-butes and attribute types.The method evaluated the spatial diversity of the executor set by the attribute diversity and local diversity,and analyzed the matrix parameters and diversity weights to achieve the maximum diversification.This paper also built a multi-variant system and a zero-day attack model to assess the effectiveness of this indicator.The evaluation results show that the proposed diversity metric can effectively measure the differences between executors.According to the relationship between the heterogeneity of executors and the success rate of attacks,system’s security can be indirectly evaluated.According to conclusions,this paper provides some guidance in building a more diverse and security system.
作者
陈玉枚
扈红超
王亚文
仝青
Chen Yumei;Hu Hongchao;Wang Yawen;Tong Qing(People’s Liberation Army Strategic Support Force Information Engineering University,Zhengzhou 450001,China)
出处
《计算机应用研究》
CSCD
北大核心
2021年第12期3744-3751,共8页
Application Research of Computers
基金
国家重点研发计划项目
国家自然科学基金面上项目。
关键词
多样性
安全度量
多变体系统
K多数裁决
diversity
security metric
multi-variant system
K-majority rule
