基于异构冗余架构的拟态防御建模技术

doi:10.11959/j.issn.1000-0801.2020143

电信科学 ›› 2020, Vol. 36 ›› Issue (5): 31-38.doi: 10.11959/j.issn.1000-0801.2020143

• 专题：网络安全的智能化和高对抗性发展 • 上一篇下一篇

基于异构冗余架构的拟态防御建模技术

秦俊宁¹,韩嘉佳²,周升³,吴春明⁴,陈双喜^4,⁵(),赵若琰⁴,张江瑜⁴

¹ 浙江华云信息科技有限公司，浙江杭州310027
² 国网浙江省电力有限公司电力科学研究院，浙江杭州310027
³ 国网浙江省电力有限公司，浙江杭州310027
⁴ 浙江大学，浙江杭州310058
⁵ 嘉兴职业技术学院，浙江嘉兴314036

修回日期:2020-04-25 出版日期:2020-05-20 发布日期:2020-05-18
作者简介:秦俊宁（1972- ），男，浙江华云信息科技有限公司高级工程师，主要研究方向为信息安全管理|韩嘉佳（1983- ），女，国网浙江省电力有限公司电力科学研究院高级工程师，主要研究方向为网络安全|周升（1985- ），男，国网浙江省电力有限公司高级工程师，主要研究方向为网络安全|吴春明（1967- ），男，浙江大学教授、博士生导师，主要研究方向为人工智能、柔性可重构网络体系、软件定义网络、网络主动防御创新安全技术等|陈双喜（1980- ），男，嘉兴职业技术学院讲师，浙江大学博士生，主要研究方向为网络空间安全的渗透与主动防御|赵若琰（1998- ），女，浙江大学硕士生，主要研究方向为云安全、拟态防御|张江瑜（1998- ），男，浙江大学硕士生，主要研究方向为新型主动防御
基金资助:
国家电网总部科技项目(52110118001F)

Modeling of the mimic defense based on heterogeneous redundancy

Junning QIN¹,Jiajia HAN²,Sheng ZHOU³,Chunming WU⁴,Shuangxi CHEN^4,⁵(),Ruoyan ZHAO⁴,Jiangyu ZHANG⁴

¹ Zhejiang Huayun Info Technology Co.,Ltd.,Hangzhou 310027,China
² State Grid Zhejiang Electric Power Co.,Ltd.Research Institute,Hangzhou 310027,China
³ State Grid Zhejiang Electric Power Co.,Ltd.,Hangzhou 310027,China
⁴ Zhejiang University,Hangzhou 310058,China
⁵ Jiaxing Vocational and Technical College,Jiaxing 314036,China

Revised:2020-04-25 Online:2020-05-20 Published:2020-05-18
Supported by:
The Science and Technology Funding Project of State Grid(52110118001F)

摘要/Abstract

摘要：

介绍了网络安全发展的不平衡现状，对渗透测试的主要危害和机理模型进行描述，分析并发现了现存的多种传统防御手段均存在其固有缺点；而拟态防御模型的新方法可以通过动态选择执行体集，适应性地改变系统组成，使得攻击者获得的攻击信息失效，相同攻击难以维持或再现，基于攻击链模型对传统防御技术和拟态防御技术进行了分析和对比，论证了拟态防御在攻击链的多个阶段均具有防护作用；最后，通过实验验证了拟态防御的有效性和优越性，并对该模型进行了总结和展望。

关键词: 传统防御, 非平衡态势, 渗透测试, 异构冗余, 拟态防御

Abstract:

The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Key words: traditional defense, unbalanced situation, penetration test, heterogeneous redundancy, mimic defense

中图分类号:

TP393

秦俊宁,韩嘉佳,周升,吴春明,陈双喜,赵若琰,张江瑜. 基于异构冗余架构的拟态防御建模技术[J]. 电信科学, 2020, 36(5): 31-38.

Junning QIN,Jiajia HAN,Sheng ZHOU,Chunming WU,Shuangxi CHEN,Ruoyan ZHAO,Jiangyu ZHANG. Modeling of the mimic defense based on heterogeneous redundancy[J]. Telecommunications Science, 2020, 36(5): 31-38.

图/表 11

图1

图2

表1

图3

图4

图5

图6

图7

图8

表2

图9

参考文献 13

[1]	SUBRAHMANIAN V S , OVEKGONN M , DUMITRAS T ,et al. The global cyber-vulnerability report[J]. Springer Int’l Publishing, 2015(10): 33-64.
[2]	China Information Technology Security Evaluation Center. China national vulnerability database of information security[EB]. 2015.
[3]	XU H , CHEN X , ZHOU J ,et al. Research on basic problems of cognitive network intrusion prevention[C]// Proceedings of 9th International Conference on Computational Intelligence and Security (CIS). Piscataway:IEEE Press, 2013: 514-517.
[4]	CHUNG C J , KHATKAR P , XING T ,et al. NICE:network intrusion detection and countermeasure selection in virtual network systems[J]. IEEE Transaction on Dependable and Secure Computing, 2013,10(4): 198-211.
[5]	MADA B B , GOSEVAP K , VAIDYANATHAN K ,et al. A method for modeling and quantifying the security attributes of intrusion tolerant systems[J]. Performance Evaluation, 2004,56(14): 167-186.
[6]	WU J X . Research on cyberspace mimic defense[J]. Journal of Information Security, 2016,1(4): 1-10.
[7]	仝青, 张铮, 张为华 ,等. 拟态防御 Web 服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897.
	TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implementation of mimic defense Web server[J]. Journal of Software, 2017(4): 883-897.
[8]	邬江兴 . 拟态计算与拟态安全防御的原意和愿景[J]. 电信科学, 2014,30(7): 2-7.
	WU J X . The original intention and vision of mimic computing and mimic security defense[J]. Telecommunications Science, 2014,30(7): 2-7.
[9]	National Science and Technology Council. Trustworthy cyberspace:strategic plan for the federal cybersecurity research and development program[EB]. 2011.
[10]	邬江兴 . 网络空间拟态防御原理[M]. 北京: 科学出版社, 2018: 317-367.
	WU J X . Cyber mimic defense[M]. Beijing: Science PressPress, 2018: 317-367.
[11]	VOAS J , GHOSH A , CHARRON F ,et al. Reducing uncertainty about common-mode failures[C]// Proceedings of IEEE Symposium on Software Reliability Engineering (SRE’ 97). Piscataway:IEEE Press, 1997: 308-319.
[12]	LECITIN G . Optimal structure of fault-tolerant software systems[J]. Reliability Engineering ＆ System Safety, 2005,8(3): 286-295.
[13]	LIU C , LI C Q , QIU G W . Research on intruder countermeasures based on CobaltStrike and office vulnerabilities[J]. Cyberspace Security, 2018(1): 56-61.

名称	用途	内存	处理器	硬盘	系统
node1	执行体	2 GB	Intel? Core? i5-6300HQ CPU @ 2.30 GHz	20 GB	Ubuntu16.04.6
node2	执行体	1 GB		20 GB	CentOS7
node3	负载均衡服务器	1 GB		20 GB	CentOS7
node4	执行体	2 GB		60 GB	Windows2012
Windows10	攻击节点	8 GB		1 TB	Windows10

实验环境	样本数量	平均值	最小值	异常	吞吐量	接收	发送
未开启拟态防御	6 000	353	8	33.18%	10.0个/s	19.01 KB/s	2.15 KB/s
开启拟态防御	6 000	2 124	7	22.43%	10.0个/s	20.79 KB/s	2.25 KB/s

基于异构冗余架构的拟态防御建模技术

Modeling of the mimic defense based on heterogeneous redundancy

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 13

相关文章 5

Metrics

推荐阅读 0

[1]	李传煌, 唐晶晶, 陈泱婷, 雷睿, 陈超, 王伟明. 基于拟态防御架构的服务功能链执行体动态调度方法[J]. 电信科学, 2022, 38(4): 101-112.
[2]	张汝云, 李合元, 李顺斌. 有限异构资源条件下的工业控制拟态调度算法[J]. 电信科学, 2021, 37(3): 57-65.
[3]	陈利跃,孙歆,成天晟,吴春明,陈双喜. 面向Web隐藏后门技术的防御[J]. 电信科学, 2020, 36(5): 39-46.
[4]	高明,罗锦,周慧颖,焦海,应丽莉. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020, 36(5): 73-82.
[5]	季新生,梁浩,扈红超. 天地一体化信息网络安全防护技术的新思考[J]. 电信科学, 2017, 33(12): 24-35.