面向拟态防御理论构造Web网关的安全调度算法  被引量：6

作　　者：高岩[1] 资郴琛 冯四风 顾青 GAO Yan;ZI Chen-chen;FENG Si-feng;GU Qing(College of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454000,China;Shanghai Puhua Trust Information Technology Co.,Shanghai 201403,China)

机构地区：[1]河南理工大学计算机学院,河南焦作454000 [2]普华诚信信息技术有限公司,上海201403

出　　处：《小型微型计算机系统》2021年第9期1913-1919,共7页Journal of Chinese Computer Systems

基　　金：上海市科学技术委员会科研计划项目(18DZ1100502)资助。

摘　　要：在网络空间拟态防御理论中,通过调度策略的动态性和随机性,可以增加攻击的时间成本和技术成本,减少漏洞的持续性暴露,进而保障系统安全.现有的调度算法缺乏对执行体自身的安全性考量,另外,采用的异构度量化标准缺乏对整体性考虑,会造成量化不合乎实际的情况出现.基于此,本文引入对执行体安全度和异构度考量,提出一种基于最大安全度和异构度的随机种子调度算法.首先,随机选择执行体种子,然后根据安全度指标以及异构度指标选择综合考量最大的调度方案作为最终的调度方案.实验证明,该算法调度周期接近随机调度算法的一半,具有较好动态性,且调度周期的稳定性比随机调度算法更好,其安全度指标与异构度指标也比随机调度算法更高.In the cyberspace mimic defense theory Jthe dynamic and randomness of the scheduling strategy can increase the time cost and technical cost of the attack,reduce the continuous exposure of vulnerabilities,and ensure system security.Existing scheduling algorithms lack security considerations for the executive body itself.In addition,the heterogeneous metric standards adopted lack overall considerations,which will cause quantification to be unrealistic.Based on this,this paper introduces the consideration of the security and heterogeneity of the executive body,and proposes a random seed scheduling algorithm based on the maximum security and heterogeneity.First,the executor seed is randomly selected,and then the scheduling scheme with the largest comprehensive consideration is selected as the final scheduling scheme according to the safety index and the heterogeneity index.Experiments show that the scheduling cycle of the algorithm is close to half of the random scheduling algorithm,and it has good dynamics,and the stability of the scheduling cycle is better than that of the random scheduling algorithm,and its security index and heterogeneity index are also higher than that of the random scheduling algorithm.

关 键 词：拟态防御 调度算法 异构度 安全度 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]