通信学报 ›› 2017, Vol. 38 ›› Issue (1): 126-140.doi: 10.11959/j.issn.1000-436x.2017015

• 学术论文 • 上一篇    下一篇

基于变点检测的网络移动目标防御效能评估方法

雷程1,3,马多贺2,张红旗1,3,杨英杰1,3,王淼2   

  1. 1 信息工程大学密码工程学院,河南 郑州 450001
    2 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
    3 河南省信息安全重点实验室,河南 郑州 450001
  • 修回日期:2016-11-12 出版日期:2017-01-01 发布日期:2017-01-23
  • 作者简介:雷程(1989-),男,北京人,信息工程大学博士生,主要研究方向为网络信息安全、数据安全交换、移动目标防御。|马多贺(1982-),男,安徽六安人,博士,中国科学院信息工程研究所助理研究员,主要研究方向为应用安全、移动目标防御、云安全、网络与系统安全等。|张红旗(1962-),男,河北遵化人,博士,信息工程大学教授、博士生导师,主要研究方向为网络安全、等级保护和信息安全管理。|杨英杰(1971-),男,河南郑州人,信息工程大学教授、硕士生导师,主要研究方向为数据挖掘、态势感知和信息安全管理。|王淼(1991-),女,河北廊坊人,中国科学院信息工程研究所硕士生,主要研究方向为移动目标防御、网络与系统安全和云安全。
  • 基金资助:
    国家重点基础研究发展计划(“973”计划)基金资助项目(2011CB311801);国家高技术研究发展计划(“863”计划)基金资助项目(2012AA012704);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016106);郑州市科技领军人才基金资助项目(131PLKRC644);中国科学院先导专项基金资助项目(XDA06010701)

Performance assessment approach based on change-point detection for network moving target defense

Cheng LEI1,3,Duo-he MA2,Hong-qi ZHANG1,3,Ying-jie YANG1,3,Miao WANG2   

  1. 1 Cryptography Engineering Institute,Information Engineering University,Zhengzhou 450001,China
    2 State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing 100093,China
    3 Henan Key Laboratory of Information Security,Zhengzhou 450001,China
  • Revised:2016-11-12 Online:2017-01-01 Published:2017-01-23
  • Supported by:
    The National Basic Research Program of China (973 Program)(2011CB311801);The National High Technology Research and Development Program of China (863 Program)(2012AA012704);The National High Technology Research and Development Program of China (863 Program)(2015AA016106);Zhengzhou Science and Technol-ogy Talents Project(131PLKRC644);Strategic Priority Research Program of the Chinese Academy of Sciences(XDA06010701)

摘要:

提出一种基于变点检测的网络移动目标防御效能评估方法。针对网络资源图无法表示资源脆弱性对节点安全状态影响的问题,定义分层网络资源图,在建立资源脆弱性改变和节点安全状态转换关联关系的同时,提高构建和更新网络资源图的效率。针对静态检测度量无法准确度量网络移动目标防御动态改变的问题,设计变点检测和标准化度量算法,在保证度量标准统一的基础上实现对网络移动目标防御的安全成本和安全收益的实时检测和动态度量,提高评估的准确性和结果的可比性。典型实例分析证明了所提出的网络移动目标防御效能评估方法的可行性和有效性。

关键词: 网络移动目标防御, 分层网络资源图, 变点检测, 标准化度量, 效能评估

Abstract:

A performance assessment approach based on change-point detection for network moving target defence was proposed.Directed to the problem of network resource graph not being able to present the effect of network resource vulnerabilities to network nodes,a conversion relationship between resource vulnerability changes and node security states was established by defining the concept of a hierarchical network resource graph and the efficiency of resource graph construction and updating were improved.Furthermore,directed to the problem of static detection algorithm not being able to precisely measure the dynamic change of network moving target defense,a change-point detection algorithm and standard degree measurement algorithm was designed.The security cost and benefit of network moving target defense in real-time and dynamically on the basis of unified metrics were defected and measured,which improved the evaluation accuracy.The analysis result of typical examples has proved the feasibility and the effectiveness of the proposed approach.

Key words: network moving target defense, multi-layer network resource graph, change-point detection, standardized measurement, performance assessment

中图分类号: 

  • TP393