摘要
针对隔离区网络防御在遭受持续攻击威胁时存在的问题,利用动态目标防御理论和技术,设计了面向隔离区异构平台的动态防御主动迁移策略。从分析隔离区平台动态防御原理入手,结合网络攻防特点,考虑平台暴露时间和随机迁移次序等因素,提出了面向隔离区的3类平台动态防御主动迁移策略,包括固定时间间隔-顺序平台选择策略、固定时间间隔-随机平台选择策略以及基于平台安全等级的可调时间间隔-随机平台选择策略,设计了策略评估指标和系统效能计算方法。仿真结果表明,主动迁移策略具有优异的安全防御性能,通过增加迁移次序的随机性和根据安全等级设置可调时间间隔,可以实现防御成本和收益的优化。
Aiming at the proble m of the network defense under persistent threat in Demilitarized Zone(DMZ),the dynamic target defense theory and technology are introduced to design the dynamic defense active migration strategy for the heterogeneous platform. Starting with dynamic defense platform principle of DMZ and combining to the characteristics of cyber-attack and defense,there were three strategies designed based on platform exposure time and random migration. The first is sequential platform selection strategy with fixed time. The second is random platform selection strategy with fixed time,and the third is random platform selection strategy with adjustable time based on platform security level. The security evaluation index which is used to quantify strategy and calculation method of system performance was proposed. Simulation results showed that the active migration strategy had excellent security defense performance. By increasing the randomness of migration sequence and setting the adjustable time interval according to the security level,the defense cost and earning can be optimized.
作者
马润年
陈彤睿
王刚
伍维甲
MA Run-nian;CHEN Tong-rui;WANG Gang;WII Wei-jia(school of Information and Navigation,Air force Engineering University ,Xi' an 110003,China)
出处
《火力与指挥控制》
CSCD
北大核心
2019年第3期1-8,22,共9页
Fire Control & Command Control
基金
国家自然科学基金资助项目(61573017)
关键词
网络安全
动态目标防御
平台动态防御
隔离区
cyberspace security
moving target defense
platform dynamic defense
DMZ
