[1]马猛飞,石乐义*,魏东平,等.基于信息熵的分布式 Web 服务移动目标防御方案[J].计算机技术与发展,2020,30(10):131-136.[doi:10. 3969 / j. issn. 1673-629X. 2020. 10. 024]
 MA Meng-fei,SHI Le-yi*,WEI Dong-ping,et al.Distributed Web Service Moving Target Defense Scheme Based on Information Entropy[J].,2020,30(10):131-136.[doi:10. 3969 / j. issn. 1673-629X. 2020. 10. 024]
点击复制

基于信息熵的分布式 Web 服务移动目标防御方案()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
30
期数:
2020年10期
页码:
131-136
栏目:
安全与防范
出版日期:
2020-10-10

文章信息/Info

Title:
Distributed Web Service Moving Target Defense Scheme Based on Information Entropy
文章编号:
1673-629X(2020)10-0131-06
作者:
马猛飞1石乐义1*魏东平1徐兴华2
1. 中国石油大学(华东) 计算机科学与技术学院,山东 青岛 266580; 2. 中国石油大学(华东) 海洋与空间信息学院,山东 青岛 266580
Author(s):
MA Meng-fei1SHI Le-yi1*WEI Dong-ping1XU Xing-hua2
1. School of Computer Science and Technology,China University of Petroleum (East China),Qingdao 266580,China; 2. School of Oceanography and Space Informatics,China University of Petroleum (East China),Qingdao 266580,China
关键词:
移动目标防御分布式信息熵混沌序列主动网络防御
Keywords:
moving target defensedistributedinformation entropychaotic sequenceactive network defense
分类号:
TP309
DOI:
10. 3969 / j. issn. 1673-629X. 2020. 10. 024
摘要:
移动目标防御技术是为了改变传统静态防御的被动性所提出的一种主动防御技术,通过动态地变换系统中的各个攻击面来增加攻击者攻击的成本,实现主动防御。 变换方式以及变换频率是移动目标防御系统的关键,目前移动目标防御系统的变换方式以及变换频率通常是管理者根据经验去设定,无法达到安全性和成本之间平衡的局面。针对这个问题,提出基于信息熵的分布式 Web 服务移动目标防御方案,方案通过信息熵的思想对异常流量进行识别和检测,进而根据检测结果来实时动态选取异构的变换模式以达到最大收益。进一步针对 Web 服务的防御策略进行研究设计。实验结果表明,该方案对网络状态识别和预测具有较高的准确性,并且多样化的变换策略能够有效抵御不同的攻击类型,增强了系统通信安全性及服务过程中的抗攻击能力。
Abstract:
The moving target defense technology is an active defense technology proposed to change the passiveness of the traditional static defense technology,which dynamically transforms each attack surface in the system to increase the cost of the attackers and achieve active defense. The transformation mode and the transformation frequency are key factors of the moving target defense system. At present,the transformation mode and transformation frequency of the moving target defense system are usually set manually by administrators according to their experience, and cannot achieve a balance between security and cost. Aiming at this problem,a distributed Web service moving target defense scheme based on information entropy is proposed. The scheme identifies and detects abnormal flow through information entropy theory,and then dynamically selects heterogeneous transform modes in real time according to the detection result to achieve maximum benefits. Then further research and design can be done according to the defense strategy of Web services. The experiment shows that the proposed scheme has high accuracy for network state recognition and prediction, and the diversified transformation strategy can effectively resist different kind of attacks,which enhances the system communication security and anti-attack capability in the service process.

相似文献/References:

[1]张林才 张燕 王红霞.节点对等WebSpider设计与实现[J].计算机技术与发展,2010,(03):195.
 ZHANG Lin-cai,ZHANG Yan,WANG Hong-xia.Design and Realization of Peer - to - Peer Web Spider[J].,2010,(10):195.
[2]胡欣杰 路川.分布式信息处理系统的对象定位研究[J].计算机技术与发展,2009,(06):148.
 HU Xin-jie,LU Chuan.Research of Object Orientation of Distributed Information System[J].,2009,(10):148.
[3]郑勇 卢捍华 孙雁飞 闵丽娟 王亚石.基于Ajax和CORBA中间件的分布式订单管理系统[J].计算机技术与发展,2009,(08):201.
 ZHENG Yong,LU Han-hua,SUN Yan-fei,et al.A Distributed Order Management System Based on Ajax and CORBA Middleware[J].,2009,(10):201.
[4]谢慧婷 孙力娟 肖甫 王光辉.卫星网络控制系统体系结构研究[J].计算机技术与发展,2009,(10):207.
 XIE Hui-ting,SUN Li-juan,XIAO Fu,et al.Research on Satellite Network Control System Structure[J].,2009,(10):207.
[5]王君 祝永志 魏榕晖 李丙锋.基于Oracle分布式数据库的查询优化[J].计算机技术与发展,2008,(01):157.
 WANG Jun,ZHU Yong-zhi,WEI Rong-hui,et al.Optimizing of Query Based on Oracle Distributed Database[J].,2008,(10):157.
[6]李兵.一种基于对等模型的网络入侵检测系统模型[J].计算机技术与发展,2008,(03):173.
 LI Bing.A Distributed Intrusion Detection System Based on Peer - to - Peer Model[J].,2008,(10):173.
[7]边志伟 王击 覃业梅.火灾报警与联动控制系统实验装置的设计[J].计算机技术与发展,2008,(09):173.
 BIAN Zhi-wei,WANG Ji,QIN Ye-mei.Design of Experimental Device of Alarm and Control Linkage for Fires[J].,2008,(10):173.
[8]马子鹏.分布式电信网漏洞管理系统的研究与设计[J].计算机技术与发展,2010,(07):145.
 MA Zi-peng.Research and Design of Distributed Telecommunication Network Vulnerability Management System[J].,2010,(10):145.
[9]孙放 陈云芳 林杭锋.适用于富客户端的云计算模型[J].计算机技术与发展,2010,(08):96.
 SUN Fang,CHEN Yun-fang,LIN Hang-feng.Cloud Computing Model Applicable to Rich Client Applications[J].,2010,(10):96.
[10]乐晓波 李京京 唐贤瑛.基于Petri net建模的资源调度的蚁群算法[J].计算机技术与发展,2006,(01):44.
 YUE Xiao-bo,LI Jing-jing,TANG Xian-ying.An Ant Colony Optimization Algorithm of Resource Scheduling Based on Petri net[J].,2006,(10):44.

更新日期/Last Update: 2020-10-10