基于网络安全态势感知的主动防御技术研究  被引量：48

作　　者：刘世文 马多耀 雷程[1,5,2] 尹少东 张红旗 LIU Shi-wen;MA Duo-yao;LEI Cheng;YIN Shao-dong;ZHANG Hong-qi(College of Cryptography Engineering,PLA Information Engineering University,Zhengzhou 450001;Key Laboratory of Urban ITS Technology Optimization and Integration,Ministry of Public Security PRC,Hefei 230001;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;Anhui Keli Information Industry Co.,Ltd,Hefei 230001;Henan Key Laboratory of Information Security,Zhengzhou 450001,China)

机构地区：[1]中国人民解放军信息工程大学密码工程学院,河南郑州450001 [2]河南省信息安全重点实验室,河南郑州450001 [3]城市交通管理集成与优化技术公安部重点实验室,安徽合肥230001 [4]安徽科力信息产业有限责任公司,安徽合肥230001 [5]中国科学院信息工程研究所信息安全国家重点实验室,北京100093

出　　处：《计算机工程与科学》2018年第6期1054-1061,共8页Computer Engineering & Science

基　　金：国家973计划(2011CB311801);国家863计划(2012AA012704;2015AA016106);郑州市科技领军人才基金(131PLKRC644);中国科学院先导专项基金(XDA06010701)

摘　　要：网络主动防御作为突破传统被动防御瓶颈的关键技术正成为网络信息安全领域的研究热点。针对网络主动防御缺乏防御针对性的问题,提出了基于网络安全态势感知的主动防御技术。首先,设计了基于扫描流量熵的网络安全态势感知方法,通过判别恶意敌手的扫描策略指导主动防御策略的选取,以增强防御的针对性。在此基础上,提出了基于端信息转换的主动防御机制,通过转换网络端信息实现网络拓扑结构的动态随机改变,从而达到增加网络攻击难度和成本的目的。理论与实验验证了该技术可有效针对不同类型的扫描策略实施高效的主动防御。As a key technique to break through the bottleneck of passive defense,network active defense becomes a hotspot in network information security.To solve the blindness problem of hopping mechanism in the course of network defense,we propose a novel active defense mechanism based on network security situation awareness.Firstly,a network security situational awareness method based on scanning flow entropy is designed,which enhances the targeted defense by discriminating the adversary scanning strategy.Based on this,an active defense mechanism based on end-point information transformation is proposed.It can increase the difficulty and the cost of attacks by randomly changing network topology dynamically through transforming end-point information.Theoretical and experimental analyses show that the proposed active defense technique can be employed efficiently under different scanning strategies.

关 键 词：网络安全态势感知 扫描流量熵 软件定义网络 主动防御 端信息转换 

分 类 号：TP391.9[自动化与计算机技术—计算机应用技术]