With the rapid development of information technology,the cyberspace security problem is increasingly serious.Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense.This paper ...With the rapid development of information technology,the cyberspace security problem is increasingly serious.Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense.This paper aims to describe the architecture and analyze the performance of Cyberspace Mimic DNS based on generalized stochastic Petri net.We propose a general method of anti-attacking analysis.For general attack and special attack model,the available probability,escaped probability and nonspecial awareness probability are adopted to quantitatively analyze the system performance.And we expand the GSPN model to adjust to engineering practice by specifying randomness of different output vectors.The result shows that the proposed method is effective,and Mimic system has high anti-attacking performance.To deal with the special attack,we can integrate the traditional defense mechanism in engineering practice.Besides,we analyze the performance of mimic DNSframework based on multi-ruling proxy and input-output desperation,the results represent we can use multi ruling or high-speed cache servers to achieve the consistent cost of delay,throughput compared with single authorized DNS,it can effectively solve 10%to 20%performance loss caused by general ruling proxy.展开更多
With the increasing computing demand of train operation control systems,the application of cloud computing technology on safety computer platforms of train control system has become a research hotspot in recent years....With the increasing computing demand of train operation control systems,the application of cloud computing technology on safety computer platforms of train control system has become a research hotspot in recent years.How to improve the safety and availability of private cloud safety computers is the key problem when applying cloud computing to train operation control systems.Because the cloud computing platform is in an open network environment,it can face many security loopholes and malicious network at-tacks.Therefore,it is necessary to change the existing safety computer platform structure to improve the attack resistance of the private cloud safety computer platform,thereby enhancing its safety and reliability.Firstly,a private cloud safety computer platform architecture based on dynamic heterogeneous redundant(DHR)structure is proposed,and a dynamic migration mechanism for heterogeneous executives is designed.Then,a generalized stochastic Petri net(GSPN)model of a private cloud safety computer platform based on DHR is established,and its steady-state probability is solved by using its isomorphism with the continuous-time Markov model(CTMC)to analyse the impact of different system structures and executive migration mechanisms on the system's anti-attack performance.Finally,through experimental verifcation,the system structure proposed in this paper can improve the anti-attack capability of the private cloud safety computer platform,thereby improving its safety and reliability.展开更多
In this article, a modified susceptible-infected-removed (SIR) model is proposed to study the influence of diversity of node anti-attack abilities on the threshold of propagation in scale-free networks. In particula...In this article, a modified susceptible-infected-removed (SIR) model is proposed to study the influence of diversity of node anti-attack abilities on the threshold of propagation in scale-free networks. In particular, a vulnerability function related to node degree is introduced into the model to describe the diversity of a node anti-attack ability. Analytical results are derived using the mean-field theory and it is observed that the diversity of anti-attack of nodes in scale-free networks can increase effectively the threshold of epidemic propagation. The simulation results agree with the analytical results. The results show that the vulnerability functions can help adopt appropriate immunization strategies.展开更多
基金This work was supported by the specific issues of national cyberspace security(Grant No.2018YFB0804001)the Innovative Research Groups of the National key R&D plan(Grant No.2020YFB18040803).
文摘With the rapid development of information technology,the cyberspace security problem is increasingly serious.Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense.This paper aims to describe the architecture and analyze the performance of Cyberspace Mimic DNS based on generalized stochastic Petri net.We propose a general method of anti-attacking analysis.For general attack and special attack model,the available probability,escaped probability and nonspecial awareness probability are adopted to quantitatively analyze the system performance.And we expand the GSPN model to adjust to engineering practice by specifying randomness of different output vectors.The result shows that the proposed method is effective,and Mimic system has high anti-attacking performance.To deal with the special attack,we can integrate the traditional defense mechanism in engineering practice.Besides,we analyze the performance of mimic DNSframework based on multi-ruling proxy and input-output desperation,the results represent we can use multi ruling or high-speed cache servers to achieve the consistent cost of delay,throughput compared with single authorized DNS,it can effectively solve 10%to 20%performance loss caused by general ruling proxy.
基金supported by the National Natural Science Foundation of China(Grant No.U1934219)the National Science Fund for Excellent Young Scholars(Grant No.52022010).
文摘With the increasing computing demand of train operation control systems,the application of cloud computing technology on safety computer platforms of train control system has become a research hotspot in recent years.How to improve the safety and availability of private cloud safety computers is the key problem when applying cloud computing to train operation control systems.Because the cloud computing platform is in an open network environment,it can face many security loopholes and malicious network at-tacks.Therefore,it is necessary to change the existing safety computer platform structure to improve the attack resistance of the private cloud safety computer platform,thereby enhancing its safety and reliability.Firstly,a private cloud safety computer platform architecture based on dynamic heterogeneous redundant(DHR)structure is proposed,and a dynamic migration mechanism for heterogeneous executives is designed.Then,a generalized stochastic Petri net(GSPN)model of a private cloud safety computer platform based on DHR is established,and its steady-state probability is solved by using its isomorphism with the continuous-time Markov model(CTMC)to analyse the impact of different system structures and executive migration mechanisms on the system's anti-attack performance.Finally,through experimental verifcation,the system structure proposed in this paper can improve the anti-attack capability of the private cloud safety computer platform,thereby improving its safety and reliability.
基金supported by the Program for New Century Excellent Talents in University of China (NCET-06-0510)the National Natural Science Foundation of China (60874091)+1 种基金the Six Projects Sponsoring Talent Summits of Jiangsu Province (SJ209006)the Scientific Innovation Program for University Research Students in Jiangsu Province of China (CX08B_081Z)
文摘In this article, a modified susceptible-infected-removed (SIR) model is proposed to study the influence of diversity of node anti-attack abilities on the threshold of propagation in scale-free networks. In particular, a vulnerability function related to node degree is introduced into the model to describe the diversity of a node anti-attack ability. Analytical results are derived using the mean-field theory and it is observed that the diversity of anti-attack of nodes in scale-free networks can increase effectively the threshold of epidemic propagation. The simulation results agree with the analytical results. The results show that the vulnerability functions can help adopt appropriate immunization strategies.