一种面向网络拟态防御系统的信息安全建模方法
|
摘要
常见网络系统多数使用静态构架,无法有效抵御攻击者的持续探测与攻击,导致网络态势呈现易攻难守的局面。针对当前攻击成本和防御成本的严重不对称现状,邬江兴院士提出了网络拟态防御技术安全防护思想。网络拟态防御系统利用异构性、多样性来改变系统的相似性和单一性,利用动态性、随机性改变系统的静态性、确定性,期望利用动态异构的构架使得隐藏漏洞不被利用。基于此,提出一种基于本体的网络拟态防御系统安全建模方法,使用安全本体构建拟态动态化、异构性和多样性的模型,并通过测试案例解释了该模型的应用流程,同时验证了其有效性。
Most common network systems use static architecture, which could not effectively resist the persistent detection and attack, and this makes the network information protection difficult. Considering the current situation for serious asymmetry of attack cost and defense cost, Academician Wu Jiangxing proposes a security protection strategy called Cyber Mimic Defense technology. Network mimicry defense system uses heterogeneity and diversity to change the similarity and singularity of the system, dynamic and randomness to replace the static and deterministic nature of the system, expecting to make the hidden vulnerabilities not-being-used with the dynamic heterogeneous architecture. Based on this, a security modeling method for network mimic defense system based on ontology is proposed, and the security ontology is used to build up the model of mimicry, heterogeneity and diversity, and in addition, the application process of the model is explained by via a test case. And meanwhile its effectiveness is also verified.
Most common network systems use static architecture, which could not effectively resist the persistent detection and attack, and this makes the network information protection difficult. Considering the current situation for serious asymmetry of attack cost and defense cost, Academician Wu Jiangxing proposes a security protection strategy called Cyber Mimic Defense technology. Network mimicry defense system uses heterogeneity and diversity to change the similarity and singularity of the system, dynamic and randomness to replace the static and deterministic nature of the system, expecting to make the hidden vulnerabilities not-being-used with the dynamic heterogeneous architecture. Based on this, a security modeling method for network mimic defense system based on ontology is proposed, and the security ontology is used to build up the model of mimicry, heterogeneity and diversity, and in addition, the application process of the model is explained by via a test case. And meanwhile its effectiveness is also verified.
引文
[1]邬江兴.网络空间拟态防御研究[J].信息安全学报,2016,1(04):1-10.WU Jiang-xing.Study on Network Space Mimicry Defense[J].Journal of Information Security,2016,1(04):1-10.
[2]扈红超,陈福才,王禛鹏.拟态防御DHR模型若干问题探讨和性能评估[J].信息安全学报,2016,1(04):40-51.HU Hong-chao,CHEN Fu-cai,WANG Zhen-peng.Performance Evaluations on DHR for Cyberspace Mimic Defense[J].Journal of Information,2016,1(04):40-51.
[3]马海龙,伊鹏,江逸茗等.基于动态异构冗余机制的路由器拟态防御体系结构[J].信息安全学报,2017,2(01):29-42.MA Hai-long,YI Peng,JIANG Yi-ming,et al.Dynamic Heterogeneous Redundancy based Router Architecture with Mimic Defenses[J].Journal of Information,2017,2(01):29-42.
[4]邬江兴.拟态计算与拟态安全防御原理的原意和愿景[J].电信科学,2014(07):2-7.WU Jiang-xing.Meaning and Vision of Mimic Computing and Mimic Security Defense[J].Telecommunications Science,2014(07):2-7.
[5]张铮,马博林,邬江兴.web服务器拟态防御原理验证系统测试与分析[J].信息安全学报,2017,2(01):13-28.ZHANG Zheng,MA Bo-lin,WU Jiang-xing.The Test and Analysis of Prototype of Mimic Defense in Web Servers[J].Journal of Information,2017,2(01):13-28.
[6]马海龙,江逸茗,白冰等.路由器拟态防御能力测试与分析[J].信息安全学报,2017,2(01):43-53.MA Hai-long,JIANG Yi-ming,BAI Bing,et al.Tests and Analyses for Mimic Defense Ability of Routers[J].Journal of Information,2017,2(01):43-53.
[7]张宇一,张保稳.基于本体的RBAC建模及其应用研究[J].通信技术,2017,50(01):102-108.ZHANG Yu-yi,ZHANG Bao-wen.Ontology-based RBAC Model and Its Application[J].Journal of Informati on,2017,50(01):102-108.
[8]高建波,张保稳,陈晓桦.安全本体研究进展[J].计算机科学,2012,39(08):14-41.GAO Jian-bo,ZHANG Bao-wen,CHEN Xiao-hua.Research Progress in Security Ontology[J].Computer Science,2012,39(08):14-41.
[9]Donner.Toward A Security Ontology[J].IEEE Security&Privacy,2003,1(03):6-7.
[10]Bechhofer S.OWL:Web Ontology Language[J].Springer US,2009,63(45):990-996.
[2]扈红超,陈福才,王禛鹏.拟态防御DHR模型若干问题探讨和性能评估[J].信息安全学报,2016,1(04):40-51.HU Hong-chao,CHEN Fu-cai,WANG Zhen-peng.Performance Evaluations on DHR for Cyberspace Mimic Defense[J].Journal of Information,2016,1(04):40-51.
[3]马海龙,伊鹏,江逸茗等.基于动态异构冗余机制的路由器拟态防御体系结构[J].信息安全学报,2017,2(01):29-42.MA Hai-long,YI Peng,JIANG Yi-ming,et al.Dynamic Heterogeneous Redundancy based Router Architecture with Mimic Defenses[J].Journal of Information,2017,2(01):29-42.
[4]邬江兴.拟态计算与拟态安全防御原理的原意和愿景[J].电信科学,2014(07):2-7.WU Jiang-xing.Meaning and Vision of Mimic Computing and Mimic Security Defense[J].Telecommunications Science,2014(07):2-7.
[5]张铮,马博林,邬江兴.web服务器拟态防御原理验证系统测试与分析[J].信息安全学报,2017,2(01):13-28.ZHANG Zheng,MA Bo-lin,WU Jiang-xing.The Test and Analysis of Prototype of Mimic Defense in Web Servers[J].Journal of Information,2017,2(01):13-28.
[6]马海龙,江逸茗,白冰等.路由器拟态防御能力测试与分析[J].信息安全学报,2017,2(01):43-53.MA Hai-long,JIANG Yi-ming,BAI Bing,et al.Tests and Analyses for Mimic Defense Ability of Routers[J].Journal of Information,2017,2(01):43-53.
[7]张宇一,张保稳.基于本体的RBAC建模及其应用研究[J].通信技术,2017,50(01):102-108.ZHANG Yu-yi,ZHANG Bao-wen.Ontology-based RBAC Model and Its Application[J].Journal of Informati on,2017,50(01):102-108.
[8]高建波,张保稳,陈晓桦.安全本体研究进展[J].计算机科学,2012,39(08):14-41.GAO Jian-bo,ZHANG Bao-wen,CHEN Xiao-hua.Research Progress in Security Ontology[J].Computer Science,2012,39(08):14-41.
[9]Donner.Toward A Security Ontology[J].IEEE Security&Privacy,2003,1(03):6-7.
[10]Bechhofer S.OWL:Web Ontology Language[J].Springer US,2009,63(45):990-996.