通信学报 ›› 2019, Vol. 40 ›› Issue (8): 123-132.doi: 10.11959/j.issn.1000-436x.2019171
吴志军,周胜琰,雷缙
修回日期:
2019-07-01
出版日期:
2019-08-25
发布日期:
2019-08-30
作者简介:
吴志军(1965- ),男,河南固始人,博士,中国民航大学教授、博士生导师,主要研究方向为网络空间安全、大数据信息安全和云计算安全等。|周胜琰(1994- ),男,山东临沂人,中国民航大学硕士生,主要研究方向为信息安全等。|雷缙(1982- ),女,四川自贡人,中国民航大学讲师,主要研究方向为信息安全等。
基金资助:
Zhijun WU,Shengyan ZHOU,Jin LEI
Revised:
2019-07-01
Online:
2019-08-25
Published:
2019-08-30
Supported by:
摘要:
为解决广域信息管理(SWIM)服务提供者由于自身故障或受到恶意攻击,造成SWIM服务中断、服务时延增加或服务质量下降的问题,提出了一种基于态势感知的SWIM服务权限主动移交模型,利用随机森林算法判别SWIM服务提供者安全态势,依据安全态势主动移交SWIM服务权限,降低突发事件对SWIM服务的影响。实验证明,所提模型能够在突发事件发生的情况下保证服务的连续性,与未部署服务移交模型的SWIM网络相比,具有更高的可靠性和稳定性。
中图分类号:
吴志军,周胜琰,雷缙. 基于态势感知的SWIM服务权限主动移交模型[J]. 通信学报, 2019, 40(8): 123-132.
Zhijun WU,Shengyan ZHOU,Jin LEI. Proactive migration model of SWIM service based on situation awareness[J]. Journal on Communications, 2019, 40(8): 123-132.
表4
节点安全态势统计数据"
时间戳 | CPU% | Band% | MEM% | 攻击编号 | 攻击次数/次 | 攻击类型 | 漏洞信息 | 环境威胁 | 服务时间 | 是否安全 |
2018-05-05 15:20:30 | 0.32 | 0.28 | 0.22 | A1 | 3 | 1 | 缓存溢出 | 0.2 | 15:23:30 | 是 |
2018-05-05 15:21:30 | 0.24 | 0.44 | 0.32 | A2A3 | 52 | 11 | 缓存溢出 | 0.2 | 15:23:30 | 是 |
A4 | 28 | 3 | ||||||||
2018-05-05 15:22:30 | 0.59 | 0.71 | 0.51 | A5 | 12 | 2 | 访问控制错误,权限许可 | 0.1 | 15:23:30 | 否 |
A6 | 15 | 2 | ||||||||
2018-05-05 15:23:30 | 0.41 | 0.34 | 0.36 | A7 | 3 | 2 | SQL注入 | 0.2 | 15:25:30 | 是 |
2018-05-05 15:24:30 | 0.36 | 0.42 | 0.47 | A8 | 2 | 3 | 访问控制错误 | 0.7 | 15:25:30 | 否 |
2018-05-05 15:25:30 | 0.45 | 0.38 | 0.29 | A9 | 2 | 1 | 权限许可 | 0.3 | 15:26:30 | 否 |
表5
随机森林算法分类结果"
序号 | TLN | TAN | TVN | TEN | TSN | 真实态势 | 分类态势 |
1 | 0.56 | 0 | 0.114 7 | 0.1 | 0.208 7 | 安全 | 安全 |
2 | 0.62 | 0 | 0.221 4 | 0.6 | 0.084 7 | 安全 | 安全 |
3 | 0.66 | 100 | 0.342 1 | 0.1 | 0.260 1 | 威胁 | 威胁 |
4 | 0.74 | 0 | 0.158 7 | 0.2 | 0.360 7 | 安全 | 安全 |
5 | 0.61 | 0 | 0.136 4 | 0.2 | 0.538 4 | 安全 | 安全 |
6 | 0.52 | 320 | 0.412 4 | 0.1 | 0.634 6 | 威胁 | 威胁 |
7 | 0.86 | 0 | 0.214 1 | 0.3 | 0.451 1 | 威胁 | 威胁 |
8 | 0.71 | 640 | 0.542 1 | 0.2 | 0.725 5 | 威胁 | 威胁 |
9 | 0.65 | 0 | 0.631 2 | 0.1 | 0.491 1 | 威胁 | 威胁 |
10 | 0.58 | 0 | 0.104 7 | 0.1 | 0.596 7 | 安全 | 安全 |
[1] | DELOSIERES L , NADJMTEHRANI S . Batman Store and Forward:The Best of the Two Worlds[C]// IEEE International Conference on Pervasive Computing and Communications Workshops. IEEE Press, 2012: 721-727. |
[2] | DARIO D C , ANTONIO S , GEORG T . SWIM- a next generation ATM information bus-the SWIM-SUIT prototype[C]// 14th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW). IEEE Press, 2010: 41-46. |
[3] | 吴志军, 赵婷, 雷瑨 . 广域信息管理SWIM信息安全技术标准的研究[J]. 信息网络安全, 2014(1): 1-4. |
WU Z J , ZHAO T , LEI J . Research on SWIM security technology standards[J]. Netinfo Security, 2014(1): 1-4. | |
[4] | 齐鸣, 邢文钊, .民航广域信息管理系统数据安全威胁与风险分析方案设计[C]// 第十九届全国青年通信学术年会论文集. 北京:国防工业出版社, 2014: 12-18. |
QI M , XING W Z . Scheme design for data security threats and risk analysis of civil aviation system wide information management[C]// Proceedings of the 19th National Youth Communication Academic Conference. Beijing:National Defence Industry Press, 2014: 12-18. | |
[5] | LU X D , KOGA T . Real-time oriented system wide information management for service assurance[C]// 2015 IEEE Twelfth International Symposium on Autonomous Decentralized Systems. IEEE Press, 2015: 175-180. |
[6] | MOHAMMAD M , CARLOS A , CASTRO P ,et al. Information security in the aircraft access to system wide information management infrastructure[C]// 2016 Integrated Communications Navigation and Surveillance (ICNS). IEEE Press, 2016: 1-7. |
[7] | WILAON I , YANG S . Security for system wide information management[C]// 2017 Integrated Communications,Navigation and Surveillance Conference (ICNS). IEEE Press, 2017: 1-13. |
[8] | 黄遵国, 卢锡城, 胡华平 . 生存能力技术及其实现案例研究[J]. 通信学报, 2004,25(7): 137-145. |
HUANG Z G , LU X C , HU H P . The survivability technique and its implementation case study[J]. Journal on Communications, 2004,25(7): 137-145. | |
[9] | 洪小亮, 郭义喜 . 服务漂移机制的研究[J]. 信息工程大学学报, 2008,9(1): 105-109. |
HONG X L , GUO Y X . Research on the mechanism of service migration[J]. Journal of Information Engineering University, 2008,9(1): 105-109. | |
[10] | 赵二虎, 阳小龙, 彭云峰 ,等. CPSM:一种增强IP网络生存性的客户端主动服务漂移模型[J]. 电子学报, 2010,38(9): 2134-2139. |
ZHAO E H , YANG X L , PENG Y F ,et al. CPSM:client-side proactive service migration model for enhancing IP network survivability[J]. ACTA ELECTRONICA SINICA, 2010,38(9): 2134-2139. | |
[11] | 陈天平, 孟相如, 崔文岩 ,等. 基于网络可生存性态势感知的主动服务漂移模型[J]. 空军工程大学学报:自然科学版, 2015,16(6): 64-68. |
CHEN T P , MENG X R , CUI W Y ,et al. A proactive service migration model based on network survivability situation awareness[J]. Journal of Air Force Engineering University:Natural Science Edition, 2015,16(6): 64-68. | |
[12] | MAO Y C , XU Z Y , WANG L B ,et al. An optimal Web services migration framework in the cloud computing[C]// 2015 8th International Conference on Intelligent Computation Technology and Automation (ICICTA). IEEE Press, 2015: 153-156. |
[13] | TIM B . Intrusion detection systems and multi sensor data fusion:creating cyberspace situational awareness[J]. Communications of the ACM, 2000,43(4): 99-105. |
[14] | 刘磊 . 面向服务的网络安全态势评估系统的设计与实现[D]. 哈尔滨:哈尔滨工程大学, 2010: 14-36. |
LIU L . Design and implementation on service-oriented network security situation assessment[D]. Harbin:Harbin Engineering University, 2010: 14-36. | |
[15] | 谢丽霞, 王亚超, 于巾博 . 基于神经网络的网络安全态势感知[J]. 清华大学学报(自然科学板块), 2013,53(12): 1750-1759. |
XIE L X , WANG Y C , YU J B . Network security situation awareness based on neural networks[J]. Tsinghua Univ (Sci & Technol), 2013,53(12): 1750-1759. | |
[16] | 韦勇, 连一峰, 冯登国 . 基于信息融合的网络安全态势评估模型[J]. 计算机研究与发展, 2009,46(3): 353-362. |
WEI Y , LIAN Y F , FENG D G . A network security situation awareness model based on information fusion[J]. Journal of Computer Research and Development, 2009,46(3): 353-362. | |
[17] | HARKNESS D , TAYLOR M S . An architecture for system-wide information management[C]// 25th Digital Avionics Systems Conference. IEEE Press, 2006: 1-13. |
[18] | GARY L , SCOTT L , JON D . Service oriented architecture for the next generation air transportation system[C]// 2007 Integrated Communications,Navigation and Surveillance Conference. IEEE , 2007: 1-9. |
[19] | 周顺 . 面向Web Service的动态负载均衡设计与实现[J]. 计算机工程与科学, 2010,32(12): 152-156. |
ZHOU S . Web services-oriented design and implementation of dynamic load balancing[J]. Computer Engineering & Science, 2010,32(12): 152-156. | |
[20] | PONTUS J , ROBERT L , MATHIAS E . Can the common vulnerability scoring system be trusted? a bayesian analysis[J]. IEEE Transactions on Dependable and Secure Computing, 2018,15(6): 1002-1015. |
[21] | 周志华 . 机器学习[M]. 北京: 清华大学出版社, 2016: 179-185. |
ZHOU Z H . Machine learning[M]. Beijing: Tsinghua University PressPress, 2016: 179-185. | |
[22] | TONG H X , ZHANG S S . A fuzzy multi-attribute decision making algorithm for web services selection based on QoS[C]// Proceedings of the 2006 IEEE Asia-Pacific Conference on Services Computing. IEEE Press, 2006: 51-57. |
[23] | 周雅琴 . 航班信息交换模型 FIXM 研究 l[J]. 中国民用航空, 2013(11): 80-81. |
ZHOU Y Q . Research on flight information exchange model[J]. China Civil Aviation, 2013(11): 80-81. | |
[24] | MARY E M , EDUARDO C M , OVID S . Addressing AIXM and IWXXM international challenges[C]// 2016 IEEE/AIAA 35th Digital Avionics Systems Conference (DASC). IEEE/AIAA, 2016: 25-29. |
[25] | KIRATIPONG O , HIDEORI N , TADASHI K . QoS Implementation in system wide information management (SWIM) Network Model[C]// 2015 IEEE Twelfth International Symposium on Autonomous Decentralized Systems. IEEE, 2015: 25-27. |
[1] | 张红斌, 尹彦, 赵冬梅, 刘滨. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021, 42(6): 182-194. |
[2] | 李罡,吴志军. 基于多QoS约束条件的广域信息管理系统任务调度算法[J]. 通信学报, 2019, 40(7): 27-37. |
[3] | 刘琳岚,高声荣,舒坚. 基于随机森林的链路质量预测[J]. 通信学报, 2019, 40(4): 202-211. |
[4] | 周胜利,金苍宏,吴礼发,洪征. 基于评分卡—随机森林的云计算用户公共安全信誉模型研究[J]. 通信学报, 2018, 39(5): 143-152. |
[5] | 杨宏宇,徐晋. 基于改进随机森林算法的Android恶意软件检测[J]. 通信学报, 2017, 38(4): 8-16. |
[6] | 穆海蓉,丁丽萍,宋宇宁,卢国庆. DiffPRFs:一种面向随机森林的差分隐私保护算法[J]. 通信学报, 2016, 37(9): 175-182. |
[7] | 孙岩炜,郭云川,张玲翠,方滨兴. 基于多选项二次联合背包的态势感知资源分配算法[J]. 通信学报, 2016, 37(12): 56-66. |
[8] | 马亚洲,龚俭,杨望. 面向应急响应的高速网络流量采集设计与实现[J]. 通信学报, 2014, 35(Z1): 46-51. |
[9] | 马亚洲,龚 俭,杨 望. 面向应急响应的高速网络流量采集设计与实现[J]. 通信学报, 2014, 35(Z1): 10-51. |
[10] | 吴志军,赵婷,雷缙. 基于改进的Diameter/EAP-MD5的SWIM认证方法[J]. 通信学报, 2014, 35(8): 1-7. |
[11] | 吴志军,赵 婷,雷 缙. 基于改进的diameter/EAP-MD5的SWIM认证方法[J]. 通信学报, 2014, 35(8): 1-7. |
[12] | 赵国生,王健,刘海龙. 增强信息系统可生存性的应急响应模型[J]. 通信学报, 2010, 31(9A): 150-154. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|