动态异构冗余结构的拟态防御自动机模型

doi:10.3969/j.issn.0372-2112.2019.10.002

电子学报 ›› 2019, Vol. 47 ›› Issue (10): 2025-2031.DOI: 10.3969/j.issn.0372-2112.2019.10.002

动态异构冗余结构的拟态防御自动机模型

朱维军^1,2, 郭渊博³, 黄伯虎⁴

1. 郑州大学信息工程学院, 河南郑州 450001;
2. 北京大学信息科学技术学院, 北京 100871;
3. 信息工程大学密码工程学院, 河南郑州 450001;
4. 西安电子科技大学计算机学院, 陕西西安 710071

收稿日期:2018-09-21 修回日期:2019-07-26 出版日期:2019-10-25
- 作者简介:
- 朱维军 男,1976年生于河南郑州.郑州大学副教授.研究方向为拟态防御、网络安全.E-mail:zhuweijun@zzu.edu.cn;郭渊博 男,1975年生于陕西周至.信息工程大学教授、博士生导师,研究方向为拟态防御、信息安全.
- 基金资助:
- 国家自然科学基金 (No.U1204608）; 国家重点研发计划 (No.2016YFB0800100）

A Mimic Defense Automaton Model of Dynamic Heterogeneous Redundancy Structures

ZHU Wei-jun^1,2, GUO Yuan-bo³, HUANG Bo-hu⁴

1. School of Information Engineering, Zhengzhou University, Zhengzhou, Henan 450001, China;
2. School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China;
3. Cryptography Engineering Institute, Information Engineering University, Zhengzhou, Henan 450001, China;
4. School of Computer Science, Xidian University, Xi'an, Shaanxi 710071, China

Received:2018-09-21 Revised:2019-07-26 Online:2019-10-25 Published:2019-10-25
- Supported by:
- National Natural Science Foundation of China (No.U1204608); National Key Research and Development Program of China (No.2016YFB0800100)

摘要/Abstract

摘要： 动态异构冗余结构是拟态防御技术的常用工程模型.然而，目前尚缺乏对该结构实施形式化分析的手段，因为该结构缺乏形式化建模方法.针对此问题，使用有穷状态自动机及其并行组合自动机为一些拟态攻防行为建立计算模型.首先，使用单个有穷状态自动机为单个执行体建模；其次，使用有穷状态自动机的并行组合为执行体组合建模；再次，修改状态迁移规则，得到可描述攻防行为的拟态防御自动机模型；最后，根据该自动机模型的状态条件，分析动态异构冗余结构上拟态攻防行为的安全性.此外，也可使用交替自动机为拟态攻防建模，并把安全性自动分析规约为交替自动机模型检测问题.

关键词: 动态异构冗余, 拟态防御, 自动机

Abstract: Up to now, the Dynamic Heterogeneous Redundancy (DHR) structure is a kind of important engineering model about the Mimic Defense (MD) technique. However, there is still a lack of way of formal analysis for DHR structures as there is no formal model available for a DHR structure. To address this problem, we use a Finite State Automaton (FSA) and its Parallel Automaton (PA) to establish a computing model for some attacks and mimic defenses. First, each FSA is employed to model each execution body, while there are a number of execution bodies in a DHR structure. Second, these FSAs are combined in parallel to model the combination of execution bodies. Third, one can get a model of MD automaton which can describe the attacks and MD actions, by modifying the state transition rules. Finally, one can analyse the attacks and MD actions on a DHR structure, according to the conditions of the PA states. Furthermore, we use an Alternating Finite Automaton (AFA) to model some attacks and MD actions. As a result, the automatic MD analysis problem is reduced to the solved AFA model checking problem.

Key words: dynamic heterogeneous redundancy, mimic defense, automata

中图分类号:

朱维军, 郭渊博, 黄伯虎. 动态异构冗余结构的拟态防御自动机模型[J]. 电子学报, 2019, 47(10): 2025-2031.

ZHU Wei-jun, GUO Yuan-bo, HUANG Bo-hu . A Mimic Defense Automaton Model of Dynamic Heterogeneous Redundancy Structures[J]. Acta Electronica Sinica, 2019, 47(10): 2025-2031.

参考文献

[1] 邬江兴.网络空间拟态防御研究[J].信息安全学报,2016,1(4):1-10. WU J.Research on cyber mimic defense[J].Journal of Cyber Security,2016,1(4):1-10.(in Chinese)
[2] Hu H,Wu J,Wang Z,et al.Mimic defense:a designed-in cyber security defense framework[J].IET Information Security,2018,12(3):226-237.
[3] 马海龙,伊鹏,江逸茗,等.基于动态异构冗余机制的路由器拟态防御体系结构[J].信息安全学报,2017,2(1):29-42. MAH,YI P,JIANG Y,et al.Dynamic heterogeneous redundancy based router architecture with mimic defenses[J].Journal of Cyber Security,2017,2(1):29-42.(in Chinese)
[4] 扈红超,陈福才,王禛鹏.拟态防御DHR模型若干问题探讨和性能评估[J].信息安全学报,2016,1(4):40-51. HU H,CHEN F,WANG Z.Performance evaluations on DHR for cyberspace mimic defense[J].Journal of Cyber Security,2016,1(4):40-51.(in Chinese)
[5] 张晔.我拟态防御网络挡住"白帽黑客"290万次攻击[N].科技日报,2019-05-24.
[6] 斯雪明.拟态安全理论研究[EB/OL].http://wenku.baidu.com/link?url=nZlsR3REwg_zT8K6svYQy0j14DIUNvpxsux94ns2-ABnh7jnngc-Xb1K3c7QAPD3YmTM94xlf_53dBrjSQrLi6clZZTtp35iMpokhBV1oEW,2014-11-02.
[7] Ma Bolin,Zheng Zhang,Zhu Yongsheng.A formalization research on web server and scheduling strategy for heterogeneity[A].Proceedings of 2016 IEEE Advanced Information Management,Communicates,Electronic and Automation Control Conference[C].Xi'an:IEEE press,2016.1447-1451.
[8] 斯雪明,王伟,曾俊杰,等.拟态防御基础理论研究综述[J].中国工程科学,2016,18(6):62-68. SI X,WANG W,ZENG J,et al.A review of the basic theory of mimic defense[J].Strategic Study of Chinese Academy of Engineering,2016,18(6):62-68.(in Chinese)
[9] 刘勤让,林森杰,顾泽宇.面向拟态安全防御的异构功能等价体调度算法[J].通信学报,2018,39(07):188-198. LIU Q,LIN S,GU Z.Heterogeneous redundancies scheduling algorithm for mimic security defense[J].Journal on Communications,2018,39(07):188-198.(in Chinese)
[10] 仝青,张铮,张为华,邬江兴.拟态防御Web服务器设计与实现[J].软件学报,2017,28(04):883-897. TONG Q,ZHANG Z,ZHANG H,WU J.Design and implementation of mimic defense web server[J].Journal of Software,2017,28(04):883-897.(in Chinese)
[11] Ya-wen WANG,Jiang-xing WU,Yun-fei GUO,Hong-chao HU,Wen-yan LIU,Guo-zhen CHENG.Scientific workflow execution system based on mimic defense in the cloud environment[J].Frontiers of Information Technology & Electronic Engineering,2018,19(12):1522-1537.
[12] 王禛鹏,扈红超,程国振.一种基于拟态安全防御的DNS框架设计[J].电子学报,2017,45(11):2705-2714. WANG Z,HU H,CHENG G.A DNS architecture based on mimic security defense[J].Acta Electronica Sinica,2017,45(11):2705-2714.(in Chinese)
[13] 王禛鹏,扈红超,程国振.MNOS:拟态网络操作系统设计与实现[J].计算机研究与发展,2017,54(10):2321-2333. WANG Z,HU H,CHENG G.Design and implementation of mimic network operating system[J].Journal of Computer Research and Development,2017,54(10):2321-2333.(in Chinese)
[14] 刘彩霞,季新生,邬江兴.一种基于MSISDN虚拟化的移动通信用户数据拟态防御机制[J].计算机学报,2018,41(02):275-287. LIU C,JI X,WU J.A mimic defense mechanism for mobile communication user data based on MSISDN virtualization[J].Chinese Journal of Computers,2018,41(02):275-287.(in Chinese)
[15] Ji X S,Huang K Z,Jin L,et al.Overview of 5G security technology[J].Sci China Inf Sci,2018,61(8):107-131.
[16] 邬江兴.网络空间拟态防御导论[M].北京:科学出版社,2017. WU J.Introduction to Cyberspace Mimic Defense[M].Beijing:Science Press,2017.(in Chinese)
[17] Satoru Miyano,Takeshi Hayashi.Alternating finite automata on ω-words[J].Theoretical Computer Science,1984,32(3):321-330.
[18] R Alur,T Henzinger,O Kupferman.Alternating-time temporal logic[J].Journal of ACM,2002,49(5):672-713.
[19] G Drimmelen.Satisfiability in alternating-time temporal logic[A].IEEE Symposium on Logic in Computer Science[C].US:IEEE press,2003.208-217.
[20] F Stoica,L F Stoica.Implementing an ATL model checker tool using relational algebra concepts[A].201422nd International Conference on Software,Telecommunications and Computer Networks (SoftCOM)[C].Split,Croatia:IEEE press,2014.361-366.
[21] Florin Stoica,Laura Florentina Stoica.Generating an ATL model checker using an attribute grammar[EB/OL].arXiv:1807.08267,https://arxiv.org/abs/1807.08267,2019-02-05.

动态异构冗余结构的拟态防御自动机模型

A Mimic Defense Automaton Model of Dynamic Heterogeneous Redundancy Structures

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	李杨帅, 彭斐, 韩倩, 李小帅, 解光军. 一种针对QCA电路自动布局布线的混合策略研究[J]. 电子学报, 2023, 51(3): 666-674.
[2]	赵耿, 马英杰, 陈磊, 董有恒, 侯艳丽. 基于扰动时空混沌系统的动态S盒设计[J]. 电子学报, 2022, 50(8): 2037-2042.
[3]	郑秋华, 胡程楠, 崔婷婷, 申延召, 曾英佩, 吴铤. 一种基于概率分析的DHR模型安全性分析方法[J]. 电子学报, 2021, 49(8): 1586-1598.
[4]	王亚良, 倪晨迪, 金寿松. 基于多邻居结构的自适应元胞差分算法[J]. 电子学报, 2021, 49(3): 578-585.
[5]	高俊涛, 王梅, 徐光会, 刘聪. 正则语言推断综述[J]. 电子学报, 2021, 49(12): 2479-2489.
[6]	邓飞飞, 解光军, 王晓旸, 程心, 张永强. 量子元胞自动机共面五输入择多门结构的分析与设计[J]. 电子学报, 2020, 48(5): 861-869.
[7]	黄俊君, 关杰. 基于元胞自动机的S盒的性质与神经网络实现研究[J]. 电子学报, 2020, 48(12): 2462-2468.
[8]	孙朋朋, 董云卫. 二维全向无线充电信息物理融合系统建模与优化方法[J]. 电子学报, 2019, 47(3): 568-575.
[9]	李俊文, 夏银水. 基于QCA的五输入Majority门设计及应用[J]. 电子学报, 2019, 47(2): 404-409.
[10]	孙梦博, 吕洪君, 张永强, 解光军. 量子元胞自动机全加器的性能分析与设计[J]. 电子学报, 2018, 46(7): 1774-1780.
[11]	范艳焕, 李永明. 模糊线性时序逻辑的可实现性[J]. 电子学报, 2018, 46(2): 341-346.
[12]	房丙午, 黄志球, 王勇, 李勇. 状态不可观测的信息物理融合系统运行时验证[J]. 电子学报, 2018, 46(12): 2824-2831.
[13]	杜化鲲, 吕洪君, 黄程, 张永强, 解光军. 基于QCA的双边沿JK触发器的实现[J]. 电子学报, 2017, 45(8): 2044-2048.
[14]	张孝国, 丁伟. 基于自动机的TCP流识别算法[J]. 电子学报, 2017, 45(6): 1396-1402.
[15]	王禛鹏, 扈红超, 程国振. 一种基于拟态安全防御的DNS框架设计[J]. 电子学报, 2017, 45(11): 2705-2714.