摘要
网络空间拟态防御系统(Cyberspace Mimic Defense System, CMDS)采用动态异构冗余架构以及多模表决机制将不确定威胁转化为概率可控的事件,从而实现了自主可控、安全可信。为进一步研究拟态构造策略在不同干扰场景下的稳态可用性和感知安全性,本文采用广义随机Petri网(Generalized Stochastic Petri Net, GSPN)建模,分析了不同干扰场景下采用不同拟态构造策略对系统性能和构造成本的影响,实验结果表明拟态防御系统可以根据反馈控制信息对不同干扰场景进行策略替换,从而实现系统的稳定可用性和感知安全性。同时通过反馈控制能有效控制不同服务器解析时延差值,对实际拟态DNS系统部署有重要指导意义。
Cyberspace Mimic Defense System adopts dynamic heterogeneous redundant architecture with multi-mode voting mechanism to convert the deterministic or uncertain disturbance to a reliable event so as to achieve self-controllable,safe and reliable.To further study the reliability and awareness security of mimic constructing strategy in different interference scenarios,this paper establishes a model of cyberspace mimic defense system based on the generalized stochastic Petri nets(GSPN)and analyzes the effects of different strategies and interference scenarios in performance and cost.The results of simulations show that Mimic defense system can change strategy to make a tradeoff among stable availability,awareness security and cost in different interference scenarios based on feedback information.
作者
任权
邬江兴
贺磊
REN Quan;WU Jiangxing;HE Lei(National Digital Switching System Engineering&Technogical R&D Center,Zhengzhou 450001,China)
出处
《信息安全学报》
CSCD
2019年第2期37-52,共16页
Journal of Cyber Security
基金
国家网络安全专项课题(No.2017YFB0803201)
国家高技术研究发展计划("863"计划)课题(No.2015AA016102)
国家自然科学基金群体创新项目(No.61521003)
关键词
拟态防御
广义随机PETRI网
建模
策略与成本代价
可用性和感知安全性
Mimic defense
generalized stochastic Petri net
model
architectural strategy and cost
availability and awareness security
