| 有限异构资源条件下的工业控制拟态调度算法 |
| |
| 引用本文: | 张汝云,李合元,李顺斌. 有限异构资源条件下的工业控制拟态调度算法[J]. 电信科学, 2021, 37(3): 57-65 |
| |
| 作者姓名: | 张汝云 李合元 李顺斌 |
| |
| 作者单位: | 之江实验室,浙江 杭州 311121 |
| |
| 基金项目: | 国家重点研发计划项目(No.2020YFB1804800);之江实验室开放课题(No.2018FD0ZX01)。 |
| |
| 摘 要: | 网络空间拟态防御技术是应对信息系统未知漏洞后门攻击的有效手段,其安全性与执行体的数量、异构化程度以及具体的裁决调度策略紧密相关。然而在工业控制领域,工业应用的生态资源相对封闭,可实现的异构执行体个数受限。针对上述问题,提出一种适用于有限异构资源约束条件下的工业控制拟态调度算法。算法通过引入执行体上线保护寄存器、周期清洗定时器等,能够根据运行环境自适应选择合适的执行体上线,可有效防范N-1模与N模攻击。实验结果表明,所提出的三余度工业控制拟态调度算法,可自适应根据环境特性选择合适的执行体上线,即使在高强度攻击环境下,依然能保持99.24%的高可用概率。
|
| 关 键 词: | 拟态防御 内生安全 资源受控模型 |
Mimic security scheduling algorithm for industrial control under limited heterogeneous resource constraints |
| |
| ZHANG Ruyun,LI Heyuan,LI Shunbin. Mimic security scheduling algorithm for industrial control under limited heterogeneous resource constraints[J]. Telecommunications Science, 2021, 37(3): 57-65 |
| |
| Authors: | ZHANG Ruyun LI Heyuan LI Shunbin |
| |
| Affiliation: | (Zhejiang Lab,Hangzhou 311121,China) |
| |
| Abstract: | Cyberspace mimic defense technology is an effective method to deal with backdoor attacks on unknown vulnerabilities in information systems.Its security is closely related to the number and the heterogeneity of the executors and the scheduling strategy.However,in the field of industrial control,the ecological resources of industrial application are relatively closed,and the number of realizable heterogeneous executors is limited.To solve the above problems,a mimic scheduling algorithm for industrial control under the constraints of limited heterogeneous resources was proposed.The experimental results show that the proposed algorithm for triple-redundancy mimic industrial control system was able to select a suitable executor to go online according to environmental characteristics adaptively.Even in a high-intensity attack environment,it can still maintain a high availability probability of 99.24%. |
| |
| Keywords: | mimic defense endogenous safety and security resource-constrained model |
| 本文献已被 维普 万方数据 等数据库收录! |
|
