高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于端信息自适应跳变的主动网络防御模型

刘江 张红旗 代向东 王义功

刘江, 张红旗, 代向东, 王义功. 基于端信息自适应跳变的主动网络防御模型[J]. 电子与信息学报, 2015, 37(11): 2642-2649. doi: 10.11999/JEIT150273
引用本文: 刘江, 张红旗, 代向东, 王义功. 基于端信息自适应跳变的主动网络防御模型[J]. 电子与信息学报, 2015, 37(11): 2642-2649. doi: 10.11999/JEIT150273
Liu Jiang, Zhang Hong-qi, Dai Xiang-dong, Wang Yi-gong. A Proactive Network Defense Model Based on Selfadaptive End Hopping[J]. Journal of Electronics & Information Technology, 2015, 37(11): 2642-2649. doi: 10.11999/JEIT150273
Citation: Liu Jiang, Zhang Hong-qi, Dai Xiang-dong, Wang Yi-gong. A Proactive Network Defense Model Based on Selfadaptive End Hopping[J]. Journal of Electronics & Information Technology, 2015, 37(11): 2642-2649. doi: 10.11999/JEIT150273

基于端信息自适应跳变的主动网络防御模型

doi: 10.11999/JEIT150273
基金项目: 

国家863计划项目(2012AA012704)和郑州市科技领军人才项目(131PLJR644)

A Proactive Network Defense Model Based on Selfadaptive End Hopping

Funds: 

The National 863 Program of China (2012AA012704)

  • 摘要: 端信息跳变是目前主动网络防御领域的研究热点之一。该文构建了固定策略下的定时隙端信息跳变模型,分析了固定跳变周期引起的防御收益下降和跳变边界数据包丢失造成的服务损失问题。提出了基于非广延熵和Sibson熵融合的实时网络异常度量算法,在此基础上设计了端信息跳变周期和跳变空间自调整策略,构建了主动网络防御模型,提高了防御收益。给出了基于网络时延预测的跳变周期拉伸策略,保证了跳变边界的服务质量。理论分析与仿真实验结果表明了所提模型在网络防御中的有效性和良好的服务性。
  • Zhuang R, DeLoach S A, and Ou X. Towards a theory of moving target defense[C]. Proceedings of the First ACM Workshop on Moving Target Defense, Scottsdale, Arizona, 2014: 31-40.
    Jajodia S and Sun K. MTD 2014: first ACM workshop on moving target defense[C]. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, 2014: 1550-1551.
    Xu Jun, Guo Pin-yao, Zhao Ming-yi, et al.. Comparing different moving target defense techniques[C]. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, 2014: 97-107.
    Wang H, Jia Q, Fleck D, et al.. A moving target DDoS defense mechanism[J]. Computer Communications, 2014, 46(3): 10-21.
    Lee H C J and Thing V L L. Port hopping for resilient networks[C]. Proceedings of the 60th IEEE Vehicular Technology Conference, Washington, 2004: 3291-3295.
    Atighetchi M, Pal P, Webber F, et al.. Adaptive use of network-centric mechanisms in cyber-defense[C]. Proceedings of the 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, 2003: 183-192.
    Sifalakis M, Schmid S, and Hutchison D. Network address hopping: a mechanism to enhance data protection for packet communications[C]. 2005 IEEE International Conference on Communications, Seoul, 2005: 1518-1523.
    Antonatos S, Akritidis P, Markatos E P, et al.. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490.
    Badishi G, Herzberg A, and Keidar I. Keeping denial-of-service attackers in the dark[J]. IEEE Transactions on Dependable and Secure Computing, 2007, 4(3): 191-204.
    Dunlop M, Groat S, Urbanski W, et al.. Mt6d: a moving target IPv6 defense[C]. The 2011 Military Communications Conference, Baltimore, Maryland, 2011: 1321-1326.
    Hari K and Dohi T. Dependability modeling and analysis of random port hopping[C]. 2012 9th International Conference on Ubiquitous Intelligence Computing and 9th International Conference on Autonomic Trusted Computing, Fukuoka, 2012: 586-593.
    Ellis J W. Method and system for securing data utilizing reconfigurable logic [P]. US, Patent 8127130, 2012-2-28.
    Fu Z, Papatriantafilou M, and Tsigas P. Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(3): 401-413.
    石乐义, 贾春福, 吕述望. 基于端信息跳变的主动网络防护研究[J]. 通信学报, 2008, 29(2): 106-110.
    Shi Le-yi, Jia Chun-fu, and L Shu-wang. Research on end hopping for active network confrontation[J]. Journal of Communications, 2008, 29(2): 106-110.
    林楷, 贾春福, 石乐义. 分布式时间戳同步技术的改进[J]. 通信学报,2012, 33(10):110-116.
    Lin Kai, Jia Chun-fu, and Shi Le-yi. Improvement of distributed timestamp synchronization[J]. Journal of Communications, 2012, 33(10): 110-116.
    赵春蕾. 端信息跳变系统自适应策略研究[D]. [博士论文], 南开大学, 2012.
    Zhao Chun-lei. Research on adaptive strategies for end-hopping system[D]. [Ph.D. dissertation], Nankai University, 2012.
    Yu S, Thapngam T, Liu J, et al.. Discriminating DDoS flows from flash crowds using information distance[C]. Proceedings of the third International Conference on Network and System Security, Piscataway, NJ, 2009: 351-356.
    Cong S, Ge Y, Chen Q, et al.. DTHMM based delay modeling and prediction for networked control systems[J]. Journal of Systems Engineering and Electronics, 2010, 21(6): 1014-1024.
  • 加载中
计量
  • 文章访问数:  1559
  • HTML全文浏览量:  144
  • PDF下载量:  1044
  • 被引次数: 0
出版历程
  • 收稿日期:  2015-03-04
  • 修回日期:  2015-05-25
  • 刊出日期:  2015-11-19

目录

    /

    返回文章
    返回