English | 中文

手机二维码
 
【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 356次   下载 270 本文二维码信息
码上扫一扫!
基于GSPN的拟态DNS构造策略研究
任权,邬江兴,贺磊
分享到: 微信 更多
(国家数字交换系统工程技术研究中心 郑州 中国 450001)
摘要:
网络空间拟态防御系统(Cyberspace Mimic Defense System,CMDS)采用动态异构冗余架构以及多模表决机制将不确定威胁转化为概率可控的事件,从而实现了自主可控、安全可信。为进一步研究拟态构造策略在不同干扰场景下的稳态可用性和感知安全性,本文采用广义随机Petri网(Generalized Stochastic Petri Net,GSPN)建模,分析了不同干扰场景下采用不同拟态构造策略对系统性能和构造成本的影响,实验结果表明拟态防御系统可以根据反馈控制信息对不同干扰场景进行策略替换,从而实现系统的稳定可用性和感知安全性。同时通过反馈控制能有效控制不同服务器解析时延差值,对实际拟态DNS系统部署有重要指导意义。
关键词:  拟态防御  广义随机Petri网  建模  策略与成本代价  可用性和感知安全性
DOI:10.19363/J.cnki.cn10-1380/tn.2019.03.05
投稿时间:2018-03-18修订日期:2018-08-10
基金项目:国家网络安全专项课题资助。
Research on Mimic DNS Architectural Strategy Based on Generalized Stochastic Petri Net
REN Quan,WU Jiangxing,HE Lei
National Digital Switching System Engineering & Technogical R & D Center, Zhengzhou 450001, China
Abstract:
Cyberspace Mimic Defense System adopts dynamic heterogeneous redundant architecture with multi-mode voting mechanism to convert the deterministic or uncertain disturbance to a reliable event so as to achieve self-controllable,safe and reliable.To further study the reliability and awareness security of mimic constructing strategy in different interference scenarios,this paper establishes a model of cyberspace mimic defense system based on the generalized stochastic Petri nets (GSPN) and analyzes the effects of different strategies and interference scenarios in performance and cost.The results of simulations show that Mimic defense system can change strategy to make a tradeoff among stable availability,awareness security and cost in different interference scenarios based on feedback information.
Key words:  Mimic defense  generalized stochastic Petri net  model  architectural strategy and cost  availability and awareness security