Analysis of Resource Defense Model for Novel Active Defense Modeling
CHEN Shuang-xi1,2,3, WU An-bang1, QI Shu-jun4, LIU Hui2, WU Chun-ming1
1. Zhejiang University, Hangzhou, Zhejiang 310058, China;
2. Jiaxing Vocational and Technical College, Jiaxing, Zhejiang 314036, China;
3. The University of Alabama, Tuscaloosa 35401, USA;
4. Duke University, Durham, North Carolina 27708, USA
Abstract:In this paper,a brand-new active defense framework based on CMD (Cyberspace Mimic Defense) theory is proposed.The dynamic and structural characteristics of this framework are described by introducing ordinary differential dynamic systems.Through ordinary differential equations,some complex network attack and defense problems in reality are transformed into simple and precisely defined resource confrontation models.Hence,we can get a countermeasure model by constructing key structural details of the active defense system based on the characteristics of heterogeneity,redundancy and self-repairing.This framework can help to evaluate the effectiveness of current network active defense systems and enhance their security by selecting effective defense strategies.
[1] 邬江兴.网络空间拟态防御研究[J].信息安全学报,2016,1(4):1-10. Wu Jiangxing.Research on cyber mimic defense[J].Journal of Cyber Security,2016,1(4):1-10.in Chinese
[2] Bharat B Madana,et al.A method for modeling and quantifying the securityattributes of intrusion tolerant systems[J].Performance Evaluation,2004(56):167-186.
[3] Sushil J,Anup K G,Vipin S,et al.Moving Target Defense-Creating Asymmetric Uncertainty for Cyber Threats[M].[s.l.]:Springer Press,2011.
[4] Han Y,Lu W,Xu S.Characterizing the power of moving target defense via cyber epidemic dynamics[A].Symposium and Bootcamp on the Science of Security[C].ACM,2014.
[5] Garcia M,Gashi I,Obelheiro N N A.Analysis of operating system diversity for intrusion tolerance[J].Software-Practice & Experience,2014,44(6):735-770.
[6] Sushil J,Anup K G,Vipin S,et al.Moving Target Defense Ⅱ:Application of Game Theory and Adversarial Modeling[M].[s.l.]:Springer Press,2013.
[7] 温涛,张玉清,刘奇旭,等.UVDA:自动化融合异构安全漏洞库框架的设计与实现[J].通信学报,2015,36(10):235-244. Wen Tao,Zhang Yu-qing,Liu Qi-xu,et al.UVDA:Design and implementation of automation fusion framework of heterogeneous security vulnerability database[J].Journal on Communications,2015,36(10):235-244.(in Chinese)
[8] 郑勇.基于演化计算的模拟电路冗余容错方法研究[D].中国科学技术大学,2015.
[9] Hermann Kopetz,Paulo Veríssimo.Real time and dependability concepts[A].Distributed Systems (2nd Ed.).Sape Mullender (Ed.)[C].New York,NY,USA:ACM Press/Addison-Wesley Publishing Co,1993.411-446.
[10] Shackleford D.Virtualization Security:Protecting Virtualized Environments[M].SYBEX Inc.2012.96-98.
[11] Bangalore A K,Sood A K.Securing web servers using self-cleansing intrusion tolerance (scit)[A].Second International Conference on Dependability(DEPEND'09)[C].IEEE,2009.60-65.
[12] 张大伟,沈昌祥,刘吉强,等.基于主动防御的网络安全基础设施可信技术保障体系[J].中国工程科学,2016,18(6):58-61.
[13] 陈永强,吴晓平,付钰,等.基于模糊静态贝叶斯博弈的网络主动防御策略选取[J].计算机应用研究,2015,32(3):887-889. Chen Yong-qiang,Wu Xiao-ping,Fu Yu,et al.Active defense strategy a selection of network based on fuzzy static bayesian game model[J].Application Reseach of Computers,2015,32(3):887-889.
[14] Satchidanandan B,Kumar P R.Dynamic watermarking:Active defense of networked cyber-physical systems[J].Proceedings of the IEEE,2017,105(2):219-240.
[15] 董超.网络安全2.0的发展思路和理念探索——基于网络安全监测预警服务体系的研究与开发[J].信息安全与通信保密,2015(9):67-67. Dong Chao.Exploration of roads and ideas for the development of network scurity 2.0:Research and development based on network security monitoring and early warning service system[J].China Information Security,2015(9):67-67.(in Chinese)
[16] Marvin Rausand.Reliability of Safety-Critical Systems:Theory and Applications[M].Wiley,2014.120-128.
2019, Vol. 47 
