摘要
针对当前自动机模型对系统状态表达不完整,单一视角建模无法满足网络攻防行为刻画需求的问题,本文提出一种视角可变的变焦有限自动机(Zooming Finite Automata,ZFA)结构。ZFA使用完整的参量集合取值对状态进行标示,设置观测系数增强模型对于多角度分析系统行为过程的能力。结合ZFA结构给出了网络攻防模型和安全性能分析方法,分析揭示了传统安全手段的天然劣势以及移动目标防御技术的局限性。最后,讨论了网络空间拟态防御(Cyberspace Mimic Defense,CMD)技术中核心部件——异构执行体的实现结构,从理论上证明了构建"多参数"不确定性可获得超线性增益。
The incompletion of current automata model for system state expression and the singleness of angle on modeling cannot meet the requirement for characterization of cyberspace attack and defense. To address the problem, this paper proposes an angle-variable Zooming Finite Automaton(ZFA) structure. In ZFA, a complete set of parameters is used to identify the status of the state, and the observation coefficient it set up to enhance the ability of system analysis in a multi angle. The cyberspace attack and defense model and the security performance analysis method are given by means of the ZFA structure. The analysis reveals the natural disadvantage of the traditional security methods and the limitations of the moving target defense technology. Finally, the core components of the Cyberspace Mimic Defense(CMD) theory--executive isomer architecture is discussed, and theoretically proved that the super linear growth of uncertainty can be obtained by construction at 'Multi parameter'.
出处
《信息安全学报》
2016年第4期29-39,共11页
Journal of Cyber Security
基金
国家自然科学基金面上项目网络空间拟态安全异构冗余机制研究(61572520)资助
国家自然科学基金创新研究群体项目(No.61521003)
国家重点研发计划项目(Nos.2016YFB0800100
2016YFB0800101)支持
