摘要: |
针对当前自动机模型对系统状态表达不完整,单一视角建模无法满足网络攻防行为刻画需求的问题,本文提出一种视角可变的变焦有限自动机(Zooming Finite Automata,ZFA)结构。ZFA使用完整的参量集合取值对状态进行标示,设置观测系数增强模型对于多角度分析系统行为过程的能力。结合ZFA结构给出了网络攻防模型和安全性能分析方法,分析揭示了传统安全手段的天然劣势以及移动目标防御技术的局限性。最后,讨论了网络空间拟态防御(Cyberspace Mimic Defense,CMD)技术中核心部件——异构执行体的实现结构,从理论上证明了构建“多参数”不确定性可获得超线性增益。 |
关键词: 网络空间安全 自动机 变焦 攻防模型 安全性能 网络空间拟态防御 多参数不确定性 |
DOI:10.19363/j.cnki.cn10-1380/tn.2016.04.003 |
Received:September 10, 2016Revised:September 30, 2016 |
基金项目:本课题得到国家自然科学基金面上项目网络空间拟态安全异构冗余机制研究(61572520)资助、国家自然科学基金创新研究群体项目(No.61521003)和国家重点研发计划项目(Nos.2016YFB0800100,2016YFB0800101)支持。 |
|
A Cyberspace Attack and Defense Model with Security Performance Analysis Based on Automata Theory |
GUO Wei,WU Jiangxing,ZHANG Fan,SHEN Jianliang |
National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China |
Abstract: |
The incompletion of current automata model for system state expression and the singleness of angle on modeling cannot meet the requirement for characterization of cyberspace attack and defense. To address the problem, this paper proposes an angle-variable Zooming Finite Automaton (ZFA) structure. In ZFA, a complete set of parameters is used to identify the status of the state, and the observation coefficient it set up to enhance the ability of system analysis in a multi angle. The cyberspace attack and defense model and the security performance analysis method are given by means of the ZFA structure. The analysis reveals the natural disadvantage of the traditional security methods and the limitations of the moving target defense technology. Finally, the core components of the Cyberspace Mimic Defense (CMD) theory -- executive isomer architecture is discussed, and theoretically proved that the super linear growth of uncertainty can be obtained by construction at "Multi parameter". |
Key words: cyberspace security automata zooming attack and defense model security performance cyberspace mimic defense multi parameter |