基于马尔可夫的有限自动机入侵容忍系统模型

doi:10.11959/j.issn.1000-436x.2019196

Abstract

Abstract:

To ensure that the system could still provide normal service for legitimate users when the LAN being invaded,a finite automaton intrusion tolerance model was designed.Based on Markov’s theory,the state transformation relationship of the service provided by the system by establishing the state transition probability matrix was described,quantified the transition state and found the key nodes in the system.The maintenance of key nodes could enhance the tolerance of the system and improve the reliability of the service.Experimental comparison shows that this model not only has strong intrusion tolerance,but also has obvious advantages in the integrity of the security system when it is invaded.

Key words: network security, invasion tolerance, finite automaton, state transition, Markov process

CLC Number:

TP393.4

Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov[J]. Journal on Communications, 2019, 40(10): 79-89.

Figures/Tables 14

References 16

[1]	JAJODIA S , ALBANESE M . An integrated framework for cyber situation awareness[M]// Theory and Models for Cyber Situation Awareness. Berlin:Springer, 2017: 29-46.
[2]	LUKTARHAN N , JIA X , HU L . Multi-stage attack detection algorithm based on hidden Markov model[C]// International Conference on Web Information Systems and Mining. Springer, 2012: 275-282.
[3]	罗世亮, 程良伦 . 面向复杂工业环境的信息物理融合系统可靠性[J]. 北京理工大学学报, 2015,35(9): 973-979.
	LUO S L , CHENG L L . Reliability research on cyber-physical systems for the complicated industrial environment[J]. Transactions of Beijing Institute of Technology, 2015,35(9): 973-979.
[4]	席荣荣, 云晓春, 张永铮 . 一种改进的网络安全态势量化评估方法[J]. 计算机学报, 2015,38(4): 749-758.
	XI R R , YUN X C , ZHANG Y Z . An improved quantitative evaluation method for network security[J]. Chinese Journal of Computers, 2015,38(4): 749-758.
[5]	邢云菲, 栾春玉 . 一种改进的对入侵容忍系统的容忍度量化分析[J]. 情报科学, 2015,33(8): 55-58,78.
	XING Y F , LUAN C Y . A quantitative analysis and detection of intrusion tolerance system model[J]. Information Science, 2015,33(8): 55-58,78.
[6]	刘进 . 基于高分子链的入侵容忍系统病毒吸附算法[J]. 科技通报, 2014(10): 103-105.
	LIU J . Virus adsorption optimization algorithm of intrusion tolerance system based on polymer chain[J]. Bulletin of Science and Technology, 2014(10): 103-105.
[7]	徐晓斌, 张光卫, 王尚广 . 基于群体信任的 WSN 异常数据过滤方法[J]. 通信学报, 2014,35(5): 108-117.
	XU X B , ZHANG G W , WANG S G . Abnormal date filtering approach based on collective trust for WSN[J]. Journal on Communications, 2014,35(5): 108-117.
[8]	孙蔚 . 基于网管系统的分布式入侵检测模型研究[J]. 电子设计工程, 2014,22(1): 165-167.
	SUN W . Research of distributed intrusion detection based on network management system[J]. Electronic Design Engineering, 2014,22(1): 165-167.
[9]	DIVYA T , MUNIASAMY K ． Real-time intrusion prediction using hidden Markov model with genetic algorithm［M］// Artificial intelligence and evolutionary algorithms in engineering systems.Berlin:Springer, 2015: 731-736．
[10]	KHOLIDY H A , ERRADI A , ABDELWAHED S ,et al. A finite state hidden markov model for predicting multistage attacks in cloud systems[C]// IEEE 12th International Conference on Dependable,Autonomic and Secure Computing. IEEE, 2014: 14-19.
[11]	HOLGADOP , VILLAGRA V A , VAZQUEZ L . Real-time multistep attack prediction based on Hidden Markov models[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2017,PP(99):1.
[12]	AHMADIAN R A , RASOOLZADEGAN A , JAVAN J A . A systematic review on intrusion detection based on the hidden Markov model[J]. Statistical Analysis and Data Mining:The ASA Data Science Journal, 2018,11(3): 111-134.
[13]	王笑, 戚湧, 李千目 . 基于时变加权马尔可夫链的网络异常检测模型[J]. 计算机科学, 2017,44(9): 136-14.
	WANG X , QI Y , LI Q M . Network anomaly detection model based on time-varying weighted Markov chain[J]. Computer Science, 2017,44(9): 136-14.
[14]	TRIVEDI K S . Probability and statistics with reliability queuing ,and computer science applications[M]. 2nd ed. New York: John Wiley and SonsPress, 2002.
[15]	魏柯, 张帆 . 基于马尔可夫的网络容忍入侵能力评估建模[J]. 计算机仿真, 2016,33(7): 289-292.
	WEI K , ZHANG F . Based on Markov network tolerate invasion ability evaluation model[J]. Computer Simulation, 2016,33(7): 289-292.
[16]	罗智勇, 尤波, 刘嘉辉 . 基于半马尔可夫的入侵容忍状态转移系统研究[J]. 北京理工大学学报, 2016,36(7): 712-717.
	LUO Z Y , YOU B , LIU J H . Research of the intrusion tolerance state transition system based on semi-Markov[J]. Transactions of Beijing Institute of Technology, 2016,36(7): 712-717.

Metrics

Recommended 0

No Suggested Reading articles found!

状态s	输入字母表Σ
状态s	0	1	τ
NO	DO	NO	—
DO	—	NO	BA
BA	UD	AD,ZT]	—
AD	WI	WI	—
UD	—	NO	—
ZT	CC	RS,SS]	—
RS	WI	WI	—
SS	—	WI	—
CC	—	NO	—
WI	—	NO	—

符号	功能	功能描述
P_n	NO→NO	系统正常工作的概率
P_nd	NO→DO	系统中的弱点被入侵行为发现的概率
P_db	DO→BA	系统被成功入侵的概率
P_ba	BA→AD	系统发现了入侵行为，且屏蔽了入侵损害的概率
P_bu	BA→UD	入侵没有被发现的概率
P_aw	AD→WI	系统屏蔽了入侵损害但需要进行改进的概率
P_un	UD→NO	系统未发现入侵，一段时间后进行改进或修复重新运行的概率
P₁=1-P_w-P_a	DO→NO	系统检测到自身弱点并及时修复的概率
P₂=1-P_s-P_u	BA→ZT	成功触发自动机的概率
P_zr	ZT→RS	系统能够运行但却需要降级服务的概率
P_zs	ZT→SS	系统无法运行自主停止系统的概率
P_rw	RS→WI	系统能够提供降级服务运行但需要进行改进的概率
P_sw	SS→WI	系统被安全停止运行后需要进行改进的概率
P₃=1-P_d-P_h	ZT→CC	系统因为入侵故障被迫停止运行的概率
P_wn	WI→NO	系统处改进或完善状态后经过改进重返正常运行的概率
P_cn	CC→NO	系统处于完全失控状态但经改进或修复后重返正常运行的概率

Finite automaton intrusion tolerance system model based on Markov

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 16

Related Articles 15

Metrics

Recommended 0

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[3]	Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194.
[4]	Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167.
[5]	Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254.
[6]	Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150.
[7]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[8]	Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113.
[9]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[10]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.
[11]	Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD [J]. Journal on Communications, 2018, 39(7): 15-25.
[12]	Le-yi SHI,Hui SUN,Yu-wen CUI,Hong-bin GUO,Jian-lan LI. Web plug-in paradigm for anti-DoS attack based on end hopping [J]. Journal on Communications, 2017, 38(Z1): 19-24.
[13]	Xin PENG,Ren-fa LI,Zhe-tao LI,Guo-qi XIE. Data dissemination of VANET based on lower bound of road delay [J]. Journal on Communications, 2017, 38(4): 25-34.
[14]	Tao WANG,Hong-chang CHEN,Guo-zhen CHENG. Research on software-defined network and the security defense technology [J]. Journal on Communications, 2017, 38(11): 133-160.
[15]	Tao YIN,Shi-cong LI,Yu-peng TUO,Yong-zheng ZHANG. Modeling and countermeasures of a social network-based botnet with strong destroy-resistance [J]. Journal on Communications, 2017, 38(1): 97-105.