摘要
网络主动防御作为突破传统被动防御瓶颈的关键技术正成为网络信息安全领域的研究热点。针对网络主动防御缺乏防御针对性的问题,提出了基于网络安全态势感知的主动防御技术。首先,设计了基于扫描流量熵的网络安全态势感知方法,通过判别恶意敌手的扫描策略指导主动防御策略的选取,以增强防御的针对性。在此基础上,提出了基于端信息转换的主动防御机制,通过转换网络端信息实现网络拓扑结构的动态随机改变,从而达到增加网络攻击难度和成本的目的。理论与实验验证了该技术可有效针对不同类型的扫描策略实施高效的主动防御。
As a key technique to break through the bottleneck of passive defense,network active defense becomes a hotspot in network information security.To solve the blindness problem of hopping mechanism in the course of network defense,we propose a novel active defense mechanism based on network security situation awareness.Firstly,a network security situational awareness method based on scanning flow entropy is designed,which enhances the targeted defense by discriminating the adversary scanning strategy.Based on this,an active defense mechanism based on end-point information transformation is proposed.It can increase the difficulty and the cost of attacks by randomly changing network topology dynamically through transforming end-point information.Theoretical and experimental analyses show that the proposed active defense technique can be employed efficiently under different scanning strategies.
作者
刘世文
马多耀
雷程
尹少东
张红旗
LIU Shi-wen;MA Duo-yao;LEI Cheng;YIN Shao-dong;ZHANG Hong-qi(College of Cryptography Engineering,PLA Information Engineering University,Zhengzhou 450001;Key Laboratory of Urban ITS Technology Optimization and Integration,Ministry of Public Security PRC,Hefei 230001;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;Anhui Keli Information Industry Co.,Ltd,Hefei 230001;Henan Key Laboratory of Information Security,Zhengzhou 450001,China)
出处
《计算机工程与科学》
CSCD
北大核心
2018年第6期1054-1061,共8页
Computer Engineering & Science
基金
国家973计划(2011CB311801)
国家863计划(2012AA012704
2015AA016106)
郑州市科技领军人才基金(131PLKRC644)
中国科学院先导专项基金(XDA06010701)
关键词
网络安全态势感知
扫描流量熵
软件定义网络
主动防御
端信息转换
network security situation awareness
scanning flow entropy
software defined network
active defense
end-point information transformation
