| 软件定义网络下的拟态防御实现架构 |
| |
| 作者姓名: | 王禛鹏 扈红超 程国振 张传浩 |
| |
| 作者单位: | 1. 国家数字交换系统工程技术研究中心,河南 郑州 450003;2. 铁道警察学院公安技术系,河南 郑州 450053 |
| |
| 基金项目: | 国家自然科学基金资助项目(No.61309020;No.61602509);国家自然科学基金创新群体基金资助项目(No.61521003);国家重点研发计划基金资助项目(No.2016YFB0800100;No.2016YFB0800101);河南省科技攻关基金资助项目(No.172102210615;No.172102210441)~~ |
| |
| 摘 要: | 针对传统防御技术难以应对未知漏洞和后门的问题,拟态安全防御(MSD,mimic security defense)通过构造动态异构冗余模型,提高系统的不确定性,增加攻击者的攻击难度和成本,提升网络安全性能。基于软件定义网络,提出了一种拟态防御的实现架构,首先,按照非相似余度准则构建异构冗余执行体,而后借助软件定义网络的集中管理控制实现动态选调和多模判决等功能。实验验证了架构的入侵容忍能力和可用性。
|
| 关 键 词: | 拟态安全防御 软件定义网络 主动防御 动态异构冗余 |
Implementation architecture of mimic security defense based on SDN |
| |
| Authors: | Zhen-peng WANG Hong-chao HU Guo-zhen CHENG Chuan-hao ZHANG |
| |
| Affiliation: | 1. National Digital Switching System Engineering &Technological R&D Center,Zhengzhou 450003,China;2. Public Security Technology Department,Railway Police College,Zhengzhou 450053,China |
| |
| Abstract: | To deal with the attacks employing unknown security vulnerabilities or backdoors which are difficult for traditional defense techniques to eliminate,mimic security defense (MSD) that employs “dynamic,heterogeneity,redundancy (DHR)” mechanism can increase the difficulty and cost of attack and uncertainty of system so as to improve network security.Based on the software defined networking (SDN),an implementation architecture of MSD was proposed.First,diverse functional equivalent variants for the protected target were constructed,then leverage the rich programmability and flexibility of SDN to realize the dynamic scheduling and decision-making functions on SDN controller.Simulation and experimental results prove the availability and the intrusion tolerant ability of the architecture. |
| |
| Keywords: | mimic security defense software defined networking active defense dynamic heterogeneous redundancy |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
