引用本文
  • 蔡雨彤,常晓林,石禹,陈志.动态平台技术防御攻击的瞬态效能量化分析[J].信息安全学报,2019,4(4):59-67    [点击复制]
  • CAI Yutong,CHANG Xiaolin,SHI Yu,CHEN Zhi.Analyzing Transient Effectiveness of Dynamic Platform Technique in Resisting Attacks[J].Journal of Cyber Security,2019,4(4):59-67   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 4513次   下载 3872 本文二维码信息
码上扫一扫!
动态平台技术防御攻击的瞬态效能量化分析
蔡雨彤, 常晓林, 石禹, 陈志
0
(智能交通数据安全与隐私保护技术北京市重点实验室, 北京交通大学计算机与信息技术学院 北京 中国 100044)
摘要:
移动目标防御(Moving Target Defense,MTD)是一种主动防御策略,而动态平台技术(Dynamic Platform Techniques,DPT)是MTD在平台层面的一种具体实现方案,其通过在脆弱网络系统中构建随机动态变化的运行平台,来提高脆弱网络系统中网络服务被探测和被攻击的复杂度,从而提高关键网络服务的安全性。目前状态空间模型已应用于MTD效能的量化分析,但仅用于稳态分析;而对于关键网络服务,DPT瞬态效能量化分析极为重要。本文通过分析脆弱网络系统中网络服务的可生存性,来实现DPT防御攻击的瞬态效能量化分析。本文构建了基于马尔可夫链的可生存性模型,用于捕捉从系统漏洞被披露到漏洞被消除这段时期内,攻击者、网络服务和防御机制三者之间的动态行为;定义了相关评估指标并给出了计算公式;进行了数值实验,利用构建的模型和指标计算公式,分析关键参数对DPT效能的影响,并设计了被动防御机制作为对比实验,以突显DPT的效能。
关键词:  移动目标防御  动态平台  瞬态效能  马尔可夫链  可生存性  主动防御
DOI:10.19363/J.cnki.cn10-1380/tn.2019.07.04
投稿时间:2018-09-30修订日期:2018-12-24
基金项目:本课题得到国家自然科学基金(No.61572066和No.U183610024)资助。
Analyzing Transient Effectiveness of Dynamic Platform Technique in Resisting Attacks
CAI Yutong, CHANG Xiaolin, SHI Yu, CHEN Zhi
(Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China)
Abstract:
Moving target defense (MTD) is a proactive defense strategy. Dynamic Platform Technique (DPT) is a specific implementation of MTD strategy at the platform level.It increases the complexity of exploring and attacking network services by constructing a randomly and dynamically changing execution platform in vulnerable network systems, thus the security of critical network service is improved. State-space models have been applied to the quantitative analysis of MTD effectiveness, but only for steady-state analysis.For critical network services, quantitative analysis of DPT transient effectiveness is more important. This paper aims to quantitatively analyze DPT effectiveness in resisting attacks by quantitatively analyzing the DPT effectiveness in improving network service survivability. The paper constructs a survivability model based onMarkov chain to capture the dynamic behavior between attackers, network services and defense mechanism during the period from system vulnerabilities being disclosed to vulnerabilities being eliminated. The relevant metrics are definedand the formulas for calculating metrics are given. Numerical experiments are finally constructed to assess the impact of key parameters on DPT effectivenessby using the model and calculation formulas. A reactive defense mechanism is designed as comparison experiments to show the effectiveness of DPT.
Key words:  moving target defense  dynamic platform  transient effectiveness  markov chain  survivability  proactive defense