基于物联网集成防御机制的诱饵路径优化算法

针对物联网设备很容易被攻击者利用来入侵网络的问题,设计实现了一种将基于网络拓扑改组的移动目标防御(network topology shuffling-based moving target defense,NTS-MTD)和网络欺骗相结合的物联网集成防御机制,并基于该防御机制设计了一种诱饵路径优化算法(decoy path-based optimization algorithm,DPOA)来进行网络拓扑改组优化.在软件定义网络(software defined network,SDN)的支持下主动改变真实节点和诱饵节点的网络拓扑,实现物联网环境中的网络拓扑改组.通过一个带有安全度量的图形安全模型(graphical security model,GSM)研究防御机制有效性,并使用三个指标对DPOA的安全性和性能进行衡量.仿真结果表明,基于DPOA的方案防御成本显著降低且安全性高,更适应于物联网.

Decoy path optimization algorithm based on integrated defense mechanism of Internet of Things

Aiming at the problem that Internet of Things devices are easy to be used by attackers to invade the network, this paper designed and implemented an integrated defense mechanism of Internet of Things, which combined network topology shuffling-based moving target defense(NTS-MTD) and cyber deception. And based on this defense mechanism, this paper designed a decoy path-based optimization algorithm(DPOA) to optimize the network topology. With the support of software defined network(SDN), changing the network topology of real nodes and decoy nodes actively to realize the network topology shuffling in the Internet of Things. This paper studied the effectiveness of defense mechanism through a graphical security model(GSM) with security metrics, and used three indicators to measure the security and performance of DPOA. The simulation results show that the defense cost of the scheme based on DPOA is significantly reduced and the security is high, which is more suitable for the Internet of Things.