一种改进的对入侵容忍系统的容忍度量化分析
|
摘要
为提高网络中系统在遭到恶意攻击情况下能够继续提供全部或降级的服务,对当前网络上入侵行为以及入侵容忍技术进行分析,提出一种测量容忍度的计算方法。在攻击不可避免的情况下,只要不超出度量值,使系统应能为合法用户提供有效的服务。根据网络系统进入不同的安全状态同时执行不同的安全策略,通过对模拟实验结果的评估,为不同的攻击行为所采取的容忍策略提供有效的帮助。研究结果表明,所提出的模型对于构建入侵容忍系统具有一定的指导意义。
In order to improve the network system in the malicious attack to be able to continue to provideall or degradation of service.In this paper, the current network intrusion and intrusion tolerancetechnology were analyzed, and puts forward the calculation method of a kind of measurement tolerance, inthe case of attack is inevitable, as long as not beyond measure, the system should provide effectiveservices to legitimate users.Through the evaluation of the results of simulation experiment, for differentattack tolerance strategy to provide effective help.The research results show that the proposed model forbuilding intrusion tolerance system has certain guiding significance.
In order to improve the network system in the malicious attack to be able to continue to provideall or degradation of service.In this paper, the current network intrusion and intrusion tolerancetechnology were analyzed, and puts forward the calculation method of a kind of measurement tolerance, inthe case of attack is inevitable, as long as not beyond measure, the system should provide effectiveservices to legitimate users.Through the evaluation of the results of simulation experiment, for differentattack tolerance strategy to provide effective help.The research results show that the proposed model forbuilding intrusion tolerance system has certain guiding significance.
引文
1 Fraga J.,Powell D.Afault-andintrusion-tolerantfilesys-tem[C]//In:Proeeedings of the 3rd Intel.US:Confere-neeon Com Puter Seeurity,1910:203-218.
2荆继武,周天阳.Internet上的入侵容忍服务技术[J].中国科学院研究生院学报,2001,18(2):119-123.
3柴争义.入侵容忍技术及其实现[J].计算机技术与发展,2011,17(2):223-225.
4 Alfred V A,Margaret J C.Efficient string matching:an aid to bibliographic search[J].Communica-tions ofthe ACM,2013,18(6):333-340.
5 Sun W,Manber U.A fast algorithm for multi-patternsearching[EB/OL].http://webglimpse.net/pubs/TR94-17.pdf,2012-05-17.
6 Y.Deswarte,L.Blain,J.C.Fabre.hiurtsion Tolernaee inDistributed Com Puting Systems,Pore[C].US:EIEESmyposiumon Securitynad Privacy,2009.
7 Wang,R#,Wang,F#,Byrd,G#T.:Designnadim Plementationofacc Petaneemonitorofrbuildingsealableintur,;iontol-erantsystem[C].US:Poreeedingsof the Tenthn-ltemational Conefrneeeno Com Puter Communieation-snad Newtokrs,Seottsdale,2011:200-205.
8 Maxion R A,Tan K M C.Benchmarking anomaly-based de-tection systems[C]//Dependable Systems and Networks,New York,USA,2010:623-630.
9 Koral Ilgun,Richard A K.State transition analysis:arule-based intrusion detection approach[J].IEEET-rans Software Eng,2012,21(3):181-199.
10 Denning D E.An intrusion-detection model[J].IEEE Trans-action on Software Engineering,2011,13(2):222-223.
2荆继武,周天阳.Internet上的入侵容忍服务技术[J].中国科学院研究生院学报,2001,18(2):119-123.
3柴争义.入侵容忍技术及其实现[J].计算机技术与发展,2011,17(2):223-225.
4 Alfred V A,Margaret J C.Efficient string matching:an aid to bibliographic search[J].Communica-tions ofthe ACM,2013,18(6):333-340.
5 Sun W,Manber U.A fast algorithm for multi-patternsearching[EB/OL].http://webglimpse.net/pubs/TR94-17.pdf,2012-05-17.
6 Y.Deswarte,L.Blain,J.C.Fabre.hiurtsion Tolernaee inDistributed Com Puting Systems,Pore[C].US:EIEESmyposiumon Securitynad Privacy,2009.
7 Wang,R#,Wang,F#,Byrd,G#T.:Designnadim Plementationofacc Petaneemonitorofrbuildingsealableintur,;iontol-erantsystem[C].US:Poreeedingsof the Tenthn-ltemational Conefrneeeno Com Puter Communieation-snad Newtokrs,Seottsdale,2011:200-205.
8 Maxion R A,Tan K M C.Benchmarking anomaly-based de-tection systems[C]//Dependable Systems and Networks,New York,USA,2010:623-630.
9 Koral Ilgun,Richard A K.State transition analysis:arule-based intrusion detection approach[J].IEEET-rans Software Eng,2012,21(3):181-199.
10 Denning D E.An intrusion-detection model[J].IEEE Trans-action on Software Engineering,2011,13(2):222-223.