一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級搜索

留言板

尊敬的讀者、作者、審稿人, 關于本刊的投稿、審稿、編輯和出版的任何問題, 您可以本頁添加留言。我們將盡快給您答復。謝謝您的支持!

姓名
郵箱
手機號碼
標題
留言內容
驗證碼

基于非相似余度架構的網(wǎng)絡空間安全系統(tǒng)異構性量化方法

張杰鑫 龐建民 張錚 邰銘 劉浩

張杰鑫, 龐建民, 張錚, 邰銘, 劉浩. 基于非相似余度架構的網(wǎng)絡空間安全系統(tǒng)異構性量化方法[J]. 電子與信息學報, 2019, 41(7): 1594-1600. doi: 10.11999/JEIT180764
引用本文: 張杰鑫, 龐建民, 張錚, 邰銘, 劉浩. 基于非相似余度架構的網(wǎng)絡空間安全系統(tǒng)異構性量化方法[J]. 電子與信息學報, 2019, 41(7): 1594-1600. doi: 10.11999/JEIT180764
Jiexin ZHANG, Jianmin PANG, Zheng ZHANG, Ming TAI, Hao LIU. Heterogeneity Quantization Method of Cyberspace Security System Based on Dissimilar Redundancy Structure[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1594-1600. doi: 10.11999/JEIT180764
Citation: Jiexin ZHANG, Jianmin PANG, Zheng ZHANG, Ming TAI, Hao LIU. Heterogeneity Quantization Method of Cyberspace Security System Based on Dissimilar Redundancy Structure[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1594-1600. doi: 10.11999/JEIT180764

基于非相似余度架構的網(wǎng)絡空間安全系統(tǒng)異構性量化方法

doi: 10.11999/JEIT180764

  • 數(shù)學工程與先進計算國家重點實驗室 ??鄭州 ??450001

基金項目: 國家自然科學基金(61472447),國家重點研發(fā)計劃(2016YFB0800104),上海市科學技術委員會科研計劃(16DZ1120502)
詳細信息
    作者簡介:

    張杰鑫:男,1989年生,博士生,研究方向為網(wǎng)絡空間安全、高效能計算

    龐建民:男,1964年生,教授,研究方向為高性能計算、信息安全

    張錚:男,1976年生,副教授,研究方向為網(wǎng)絡空間安全、先進計算

    邰銘:男,1967年生,副教授,研究方向為網(wǎng)絡空間安全、先進計算

    劉浩:男,1997年生,碩士生,研究方向為網(wǎng)絡空間安全、先進計算

    通訊作者:

    龐建民 jianmin_pang@hotmail.com

  • 中圖分類號: TP311

Heterogeneity Quantization Method of Cyberspace Security System Based on Dissimilar Redundancy Structure

  • State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China

Funds: The National Natural Science Foundation of China(61472447), The National Key R&D Program of China (2016YFB0800104), The Science and Technology Committee of Shanghai Municipal Research Project (16DZ1120502)
  • 摘要: 基于非相似余度架構(DRS)的網(wǎng)絡空間安全技術是一種主動防御技術,其利用非相似性、冗余性等特性阻斷或者擾亂網(wǎng)絡攻擊,以提高系統(tǒng)的可靠性和安全性。該文在研究異構性是如何提高系統(tǒng)的安全性的基礎上,指出對異構性進行量化評估的重要性,將DRS的異構性定義為其執(zhí)行體集的復雜性與差異性,并依此提出一種量化異構性的方法。實驗結果表明,該方法可以將10個執(zhí)行體集分為9類,而香濃-維納指數(shù)、辛普森指數(shù)和Pielou指數(shù)只能分為4類。在理論上為DRS異構性量化評估提供了一種新方法,并為工程實現(xiàn)DRS系統(tǒng)提供了指導。
    Abstract: The Dissimilar Redundancy Structure (DRS) based cyberspace security technology is an active defense technology, which uses features such as dissimilarity and redundancy to block or disrupt network attacks to improve system reliability and security. By analyzing how heterogeneity can improve the security of the system, the importance of quantification of heterogeneity is pointed out and the heterogeneity of DRS is defined as the complexity and disparity of its execution set. A new method which is suitable for quantitative heterogeneity is also proposed. The experimental results show that this method can divide 10 execution sets into 9 categories, while the Shannon-Wiener index, Simpson index and Pielou index can only divide into 4 categories. This paper provides a new method to quantify the heterogeneity of DRS in theory, and provides guidance for engineering DRS systems.
    • HTML全文

  • 圖  1  非相似余度架構

    圖  2  異構性描述圖

    圖  3  異構性變化圖

    圖  4  最大異構性與執(zhí)行體數(shù)量關系圖

    圖  5  執(zhí)行體集的異構性量化結果對比

    表  1  執(zhí)行體集表

    編號軟件棧編號軟件棧
    1Ubuntu 12.04+Apache 2.4.0+Mysql 5.7.186Ubuntu 12.04+Apache 2.4.0+Mysql 5.7.18
    Windows Server 2003+IIS 6.0+SQL Server 2012 SP2Windows Server 2008+Apache 2.4.0+Oracle 11.2.0.3
    RedHat 7+Nginx 1.12.0+Oracle 11.2.0.3RedHat 7+Nginx 1.12.0+Mysql 5.7.18
    2Ubuntu 12.04+Apache 2.4.0+Oracle 11.2.0.37Ubuntu 12.04+Apache 2.4.0+Mysql 5.7.18
    Windows Server 2012+IIS 7.0+SQL Server 2012 SP2Debian 7.0+Apache 2.4.0+Mysql 5.7.18
    RedHat 7+Nginx 1.12.0+Mysql 5.7.18RedHat 7+Nginx 1.12.0+Oracle 11.2.0.3
    3Debian 7.0+Nginx 1.12.0+Mysql 5.7.188Ubuntu 12.04+Nginx 1.12.0+Mysql 5.7.18
    Windows Server 2016+Lighttpd 1.4.48+SQL Server 2016Windows Server 2016+Lighttpd 1.4.48+SQL Server 2016
    Windows 7+Apache 2.4.0+SQL Server 2014 SP2Windows 7+Nginx 1.12.0+Mysql 5.7.18
    4Ubuntu 12.04+Nginx 1.12.0+Mysql 5.7.189Ubuntu 12.04+Apache 2.4.0+Oracle 11.2.0.3
    Windows Server 2003+IIS 6.0+SQL Server 2016Windows Server 2008+Apache 2.4.0+SQL Server 2012 SP2
    Windows 7+Apache 2.4.0+SQL Server 2014 SP2RedHat 7+Apache 2.4.0+Oracle 11.2.0.3
    5Windows Server 2003+IIS 6.0+SQL Server 2012 SP210Ubuntu 12.04+Apache 2.4.0+Mysql 5.7.18
    Windows Server 2012+IIS 7.0+SQL Server 2016Windows Server 2008+Apache 2.4.0+Mysql 5.7.18
    Windows 7+Nginx 1.12.0+SQL Server 2014 SP2Windows 7+Apache 2.4.0+Mysql 5.7.18
    下載: 導出CSV

    表  2  差異性參數(shù)表

    構件1構件2d構件1構件2d
    Ubuntu 12.04RedHat 70.9868Windows Server 2012Windows 70.5391
    Windows Server 2003Windows 70.7842Windows Server 2008Windows 70.2246
    Windows Server 2016Windows 70.8782IIS 6.0IIS 7.00.7686
    Ubuntu 12.04Debian 7.00.9341SQL Server 2012 SP2SQL Server 2014 SP20.9331
    RedHat 7Debian 7.00.9930SQL Server 2014 SP2SQL Server 20160.7206
    Windows Server 2003Windows Server 20120.9707
    下載: 導出CSV
  • 中國互聯(lián)網(wǎng)絡信息中心. 第42次《中國互聯(lián)網(wǎng)絡發(fā)展狀況統(tǒng)計報告》[OL]. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201808/t20180820_70488.htm, 2018.

    China Internet Network Information Center. The 42nd "China Internet network development state statistic report"[OL]. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201808/t20180820_70488.htm, 2018.
    SUBRAHMANIAN V S, OVELGONNE M, DUMITRAS T, et al. The Global Cyber-vulnerability Report[M]. Cham, Switzerland: Springer International Publishing, 2015. doi: 10.1007/978-3-319-25760-0.
    ERIC T, MAJORCZYK F, and Mé L. COTS diversity based intrusion detection and application to web servers[C]. The 8th International Symposium on Recent Advances in Intrusion Detection, Washington, USA, 2005: 43–62. doi: https://doi.org/10.1007/11663812_3.
    GASHI I and POPOV P. Rephrasing rules for off-the-shelf SQL database servers[C]. European Dependable Computing Conference, Coimbra, Portugal, 2006: 139–148. doi: 10.1109/EDCC.2006.20.
    OKHRAVI H, HOBSON T, BIGELOW D, et al. Finding focus in the blur of moving-target techniques[J]. IEEE Security & Privacy, 2014, 12(2): 16–26. doi: 10.1109/MSP.2013.137
    鄔江興. 網(wǎng)絡空間擬態(tài)防御導論[M]. 北京:科學出版社, 2017: 341–399.

    WU Jiangxing. Introduction to Cyberspace Mimic Defense[M]. Beijing: Science Press, 2017: 341–399.
    殷斌, 陸熊, 陶想林. 非相似三余度飛控計算機設計和可靠性分析[J]. 測控技術, 2015, 34(5): 53–56. doi: 10.19708/j.ckjs.2015.05.015

    YIN Bin, LU Xiong, and TAO Xianglin. Design of a prototype flight control computer system with triple dissimilar redundancy[J]. Measurement &Control Technology, 2015, 34(5): 53–56. doi: 10.19708/j.ckjs.2015.05.015
    WANG Shaoping, CUI Xiaoyu, SHI Jian, et al. Modeling of reliability and performance assessment of a dissimilar redundancy actuation system with failure monitoring[J]. Chinese Journal of Aeronautics, 2016, 29(3): 799–813. doi: 10.1016/j.cja.2015.10.002
    仝青, 張錚, 張為華, 等. 擬態(tài)防御Web服務器設計與實現(xiàn)[J]. 軟件學報, 2017, 28(4): 883–897. doi: 10.13328/j.cnki.jos.005192

    TONG Qing, ZHANG Zheng, ZHANG Weihua, et al. Design and implementation of mimic defense Web server[J]. Journal of Software, 2017, 28(4): 883–897. doi: 10.13328/j.cnki.jos.005192
    GHORABAEE M K, AMIRI M, and AZIMI P. Genetic algorithm for solving bi-objective redundancy allocation problem with k-out-of-n subsystems[J]. Applied Mathematical Modelling, 2015, 39(20): 6396–6409. doi: 10.1016/j.apm.2015.01.070
    AMIRI M and KHAJEH M. Developing a bi-objective optimization model for solving the availability allocation problem in repairable series-parallel systems by NSGA II[J]. Journal of Industrial Engineering International, 2016, 12(1): 61–69. doi: 10.1007/s40092-015-0128-4
    韓進, 臧斌宇. 軟件相異性對于系統(tǒng)安全的有效性分析[J]. 計算機應用與軟件, 2010, 27(9): 273–275. doi: 10.3969/j.issn.1000-386X.2010.09.086

    HAN Jin and ZANG Binyu. Analyzing the effectiveness of software diversity for system security[J]. Computer Applicationsand Software, 2010, 27(9): 273–275. doi: 10.3969/j.issn.1000-386X.2010.09.086
    TWU P, MOSTOFI Y, and EGERSTEDT M. A measure of heterogeneity in multi-agent systems[C]. IEEE American Control Conference, Portland, USA, 2014: 3972–3977. doi: 10.1109/ACC.2014.6858632.
    RAO C R. Diversity and dissimilarity coefficients: A unified approach[J]. Theoretical Population Biology, 1982, 21(1): 24–43. doi: 10.1016/0040-5809(82)90004-1
    DING Ning, YANG Weifang, ZHOU Yunlei, et al. Different responses of functional traits and diversity of stream macroinvertebrates to environmental and spatial factors in the Xishuangbanna watershed of the upper Mekong River Basin, China[J]. Science of the Total Environment, 2017, 574(52): 288–299. doi: 10.1016/j.scitotenv.2016.09.053
    LIU Zhijun. Bootstrapping one way analysis of rao's quadratic entropy[J]. Communication in Statistics-Theory and Methods, 2007, 20(20): 1683–1703. doi: 10.1080/03610929108830592
    BOTTA-DUKáT Z. Rao's quadratic entropy as a measure of functional diversity based on multiple traits[J]. Journal of Vegetation Science, 2010, 16(5): 533–540. doi: 10.1111/j.1654-1103.2005.tb02393.x
    YOUNIS A, MALAIYA Y K, and RAY I. Evaluating CVSS base score using vulnerability rewards programs[C]. Proceedings of IFIP International Information Security and Privacy Protection, Ghent, Belgium, 2016: 62–75. doi: https://doi.org/10.1007/978-3-319-33630-5_5.
    CHEN L and AVIZIENIS A. N-version programming: A fault-tolerance approach to reliability of software operation[C]. Eighth International Conference on Fault Tolerant Computing, Toulouse, France, 1978: 3–9.
    仝青, 張錚, 鄔江興. 基于軟硬件多樣性的主動防御技術[J]. 信息安全學報, 2017, 2(1): 1–12. doi: 10.19363/j.cnki.cn10-1380/tn.2017.01.001

    TONG Qing, ZHANG Zheng, and WU Jiangxing. The active defense technology based on the software/hardware diversity[J]. Journal of Cyber Security, 2017, 2(1): 1–12. doi: 10.19363/j.cnki.cn10-1380/tn.2017.01.001
  • 加載中
圖(5) / 表(2)
計量
  • 文章訪問數(shù):  2608
  • HTML全文瀏覽量:  984
  • PDF下載量:  119
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2018-08-03
  • 修回日期:  2018-11-22
  • 網(wǎng)絡出版日期:  2018-12-05
  • 刊出日期:  2019-07-01

目錄

    /

    返回文章
    返回