[1]申普兵,薛保泽,吴 波,等.面向 Web 服务安全的 SCIT 改进模型的研究[J].计算机技术与发展,2019,29(09):92-96.[doi:10. 3969 / j. issn. 1673-629X. 2019. 09. 018]
 SHEN Pu-bing,XUE Bao-ze,WU Bo,et al.Research on Web Services Security Based on SCIT Improved Model[J].,2019,29(09):92-96.[doi:10. 3969 / j. issn. 1673-629X. 2019. 09. 018]
点击复制

面向 Web 服务安全的 SCIT 改进模型的研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
29
期数:
2019年09期
页码:
92-96
栏目:
安全与防范
出版日期:
2019-09-10

文章信息/Info

Title:
Research on Web Services Security Based on SCIT Improved Model
文章编号:
1673-629X(2019)09-0092-05
作者:
申普兵薛保泽吴 波陈树文
国防科技大学 信息通信学院,陕西 西安 710106
Author(s):
SHEN Pu-bingXUE Bao-zeWU BoCHEN Shu-wen
School of Information and Communication,National University of Defense Technology,Xi’an 710106,China
关键词:
网络安全移动目标防御Web 服务SCIT 模型入侵攻击攻击面
Keywords:
network securitymoving target defenseWeb serviceSCIT modelintrusion attackattack surface
分类号:
TP309
DOI:
10. 3969 / j. issn. 1673-629X. 2019. 09. 018
摘要:
网络空间日趋复杂,原有的网络安全防护手段大多属于被动防御,难以应对当前复杂的网络安全环境,随着 Web 服务的迅速发展,Web 服务系统成为网络攻击的重灾区。针对当前网络的安全防护构建部署固定静态的现状,移动目标防御旨在构建动态不可预知的系统,使防护对象机动化,增加攻击者代价和开销来抵御攻击。借鉴移动目标防御 SCIT(self cleansing intrusion tolerance)模型的思想,为网络 Web 服务系统引入终端运行环境随机化切换,增加终端控制器、终端清洗审计以及终端资源池等模块,增加抵御终端攻击的能力,进一步扩展系统的随机面维度,增加系统随机性。 从入侵成功的概率统计来看,攻击面的增加和设计配置的多元,使攻击者入侵成功概率较原有模型平均下降 46.44%,有效增强了系统的安全性。
Abstract:
The network space is becoming more and more complex. The original network security means are mostly passive defenses,which is difficult to cope with the current complex network security environment. With the rapid development of Web services,Web service system has become the focus of network attacks. In view of the current situation of fixed and static construction and deployment of network security protection,mobile target defense aims to build a dynamic and unpredictable system,motorizing the protected objects,and increasing the cost and overhead of attackers to resist attacks. Based on the idea of the self cleansing intrusion tolerance (SCIT) model,the improved Web service system is added the client controller,client cleaning audit and client resource pool,randomizing switching in the client operating environment, which increases the ability to resist client attacks and further expand the random dimension of the system. From the perspective of probability statistics,the increase of the attack surface and diversity of the design configuration make the attacker爷s probability of successful invasions lower than the original model by 46.44%, effectively enhancing the security of the system.

相似文献/References:

[1]严华 蔡瑞英.即时通信监控系统的设计与实现[J].计算机技术与发展,2009,(07):242.
 YAN Hua,CAI Rui-ying.Design and Implementation of Monitoring System of Instant Messaging[J].,2009,(09):242.
[2]李生 邓一贵 唐学文 潘磊 林玉香.基于移动代理的分布式入侵检测系统的研究[J].计算机技术与发展,2009,(09):132.
 LI Sheng,DENG Yi-gui,TANG Xue-wen,et al.Research of Mobile Agent - Based Distributed Intrusion Detection System[J].,2009,(09):132.
[3]潘晓君.基于缓存超时的ARP欺骗攻击协议的研究[J].计算机技术与发展,2009,(10):167.
 PAN Xiao-jun.Research of ARP Spoofing Attack Protocol Based on Cache Overtime[J].,2009,(09):167.
[4]彭云峰 沈明玉.入侵防御系统在应急平台网络中的应用研究[J].计算机技术与发展,2009,(02):162.
 PENG Yun-feng,SHEN Ming-yu.Research on Intrusion Prevention System for Emergency Response Network[J].,2009,(09):162.
[5]尚占锋 章登义.DDoS防御机制研究[J].计算机技术与发展,2008,(01):7.
 SHANG Zhan-feng,ZHANG Deng-yi.Research of DDoS Defense Mechanism[J].,2008,(09):7.
[6]涂溢彬 饶云波[] 廖云 周明天.蜜网系统在检测新型Rootkit中的应用[J].计算机技术与发展,2008,(01):181.
 TU Yi-bin,RAO Yun-bo,LIAO Yun,et al.Honeynet System Applied in New Pattern Rootkit[J].,2008,(09):181.
[7]邵晓宇 杨善林 褚伟.基于Linux入侵检测动态防火墙的设计与实现[J].计算机技术与发展,2008,(05):156.
 SHAO Xiao-yu,YANG Shan-lin,CHU Wei.Design and Implementation of Dynamic Intrusion Detection Firewall Based on Linux[J].,2008,(09):156.
[8]孙印杰 王敏 陈智芳.解析蜜罐技术在网络安全中的应用[J].计算机技术与发展,2008,(07):129.
 SUN Yin-jie,WANG Min,CHEN Zhi-fang.Analysis Honeypot Technology Application in Network Security[J].,2008,(09):129.
[9]曹莹莹 王绍棣 王汝传 张伟.恶意代码传播效果的控制技术研究[J].计算机技术与发展,2010,(08):128.
 CAO Ying-ying,WANG Shao-di,WANG Ru-chuan,et al.Research on Malware Code Propagation Effect Control Technology[J].,2010,(09):128.
[10]潘文婵 章韵.路由器访问控制列表在网络安全中的应用[J].计算机技术与发展,2010,(08):159.
 PAN Wen-chan,ZHANG Yun.Application of Access Control List on Router in Network Security[J].,2010,(09):159.

更新日期/Last Update: 2019-09-10