第 38 卷第 1 期
2017 年 1 月
通
信
学
报
Vol.38 No.1
January 2017
Journal on Communications
doi:10.11959/j.issn.1000-436x.2017015
基于变点检测的网络移动目标防御效能评估方法
1,3
2
1,3
1,3
2
雷程 ,马多贺 ,张红旗 ,杨英杰 ,王淼
(1. 信息工程大学密码工程学院,河南 郑州 450001;
2. 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093;
3. 河南省信息安全重点实验室,河南 郑州 450001)
摘 要:提出一种基于变点检测的网络移动目标防御效能评估方法。针对网络资源图无法表示资源脆弱性对节点
安全状态影响的问题,定义分层网络资源图,在建立资源脆弱性改变和节点安全状态转换关联关系的同时,提高
构建和更新网络资源图的效率。针对静态检测度量无法准确度量网络移动目标防御动态改变的问题,设计变点检
测和标准化度量算法,在保证度量标准统一的基础上实现对网络移动目标防御的安全成本和安全收益的实时检测
和动态度量,提高评估的准确性和结果的可比性。典型实例分析证明了所提出的网络移动目标防御效能评估方法
的可行性和有效性。
关键词:网络移动目标防御;分层网络资源图;变点检测;标准化度量;效能评估
中图分类号:TP393
文献标识码:A
Performance assessment approach based on change-point
detection for network moving target defense
1,3
2
1,3
1,3
LEI Cheng , MA Duo-he , ZHANG Hong-qi , YANG Ying-jie , WANG Miao
2
(1. Cryptography Engineering Institute, Information Engineering University, Zhengzhou 450001, China;
2. State Key Laboratory of Information Security, Institute of Information Engineering, CAS, Beijing 100093, China;
3. Henan Key Laboratory of Information Security, Zhengzhou 450001, China)
Abstract: A performance assessment approach based on change-point detection for network moving target defence was
proposed. Directed to the problem of network resource graph not being able to present the effect of network resource vul-
nerabilities to network nodes, a conversion relationship between resource vulnerability changes and node security states
was established by defining the concept of a hierarchical network resource graph and the efficiency of resource graph
construction and updating were improved. Furthermore, directed to the problem of static detection algorithm not being
able to precisely measure the dynamic change of network moving target defense, a change-point detection algorithm and
standard degree measurement algorithm was designed. The security cost and benefit of network moving target defense in
real-time and dynamically on the basis of unified metrics were defected and measured, which improved the evaluation
accuracy. The analysis result of typical examples has proved the feasibility and the effectiveness of the proposed ap-
proach.
Key words: network moving target defense, multi-layer network resource graph, change-point detection, standardized
measurement, performance assessment
收稿日期:2016-04-28;修回日期:2016-11-12
通信作者:马多贺,
基金项目:国家重点基础研究发展计划(“973”计划)基金资助项目(No.2011CB311801);国家高技术研究发展计划(“863”
计划)基金资助项目(No.2012AA012704, No.2015AA016106);郑州市科技领军人才基金资助项目(No.131PLKRC644);
中国科学院先导专项基金资助项目(No.XDA06010701)
Foundation Items: The National Basic Research Program of China (973 Program) (No.2011CB311801), The National High Technology
Research and Development Program of China (863 Program)( No.2012AA012704, No.2015AA016106), Zhengzhou Science and Technol-
ogy Talents Project (No.131PLKRC644), Strategic Priority Research Program of the Chinese Academy of Sciences (No.XDA06010701)
2017015-1
全部评论(0)