云环境下面向拟态防御的反馈控制方法

doi:10.3969/j.issn.1671-1122.2021.01.006

信息网络安全 ›› 2021, Vol. 21 ›› Issue (1): 49-56.doi: 10.3969/j.issn.1671-1122.2021.01.006

云环境下面向拟态防御的反馈控制方法

陈福才¹, 周梦丽¹^,², 刘文彦¹(), 梁浩¹

1.国家数字交换系统工程技术研究中心,郑州450002
2.郑州大学中原网络安全研究院,郑州450002

收稿日期:2020-09-14 出版日期:2021-01-10 发布日期:2021-02-23
通讯作者: 刘文彦 E-mail:lwyndsc@163.com
作者简介:陈福才（1974—）,男,江西,教授,硕士,主要研究方向为网络安全|周梦丽（1993—）,女,河南,硕士研究生,主要研究方向为云安全|刘文彦（1986—）,男,河南,博士,主要研究方向为网络空间防御和云安全|梁浩（1987—）,男,河南,博士,主要研究方向为网络空间防御和云安全
基金资助:
国家自然科学基金(65121003)

Feedback Control Method for Mimic Defense in Cloud Environment

CHEN Fucai¹, ZHOU Mengli¹^,², LIU Wenyan¹(), LIANG Hao¹

1. National Digital Switching System Engineering & Technology Research Center, Zhengzhou 450002, China
2. Zhongyuan Network Security Research Institute, Zhengzhou University, Zhengzhou 450002, China

Received:2020-09-14 Online:2021-01-10 Published:2021-02-23
Contact: LIU Wenyan E-mail:lwyndsc@163.com

摘要/Abstract

摘要：

云环境下的虚拟化技术,给用户带来了一些数据和隐私安全问题。针对云环境中虚拟机单一性、同质性和静态性等问题,文章提出一种云环境下面向拟态防御的反馈控制方法。该方法以云中虚拟机为基础,利用拟态防御技术对虚拟机进行拟态化封装,通过反馈控制架构对其实现闭环负反馈控制,并基于异构虚拟机动态轮换改变执行环境,保证虚拟机系统环境的随机性。实验表明该设计实现了对用户服务的错误容忍、可疑虚拟机检测和动态轮换,增加攻击者利用漏洞攻击的难度。

关键词: 云环境, 拟态防御, 反馈控制, 动态轮换

Abstract:

The virtualization technology in the cloud environment brings some data and privacy security issues to users. Aiming at the problems of the singleness, homogeneity and static stateof virtual machines in the cloud environment, a feedback control method for mimic defense under the cloud environment is proposed. This method is based on the virtual machine in the cloud and uses mimic defense technology to mimic encapsulation of virtual machines, through the feedback control architecture to achieve closed-loop negative feedback control, and based on the dynamic rotation of heterogeneous virtual machines to change the execution environment to ensure the randomness of the virtual machine system environment. Experiments show that the design achieves error tolerance for user services, suspicious virtual machine detection and dynamic rotation, which increases the difficulty for attackers to exploit vulnerabilities.

Key words: cloud environment, mimic defense, feedback control, dynamic rotation

中图分类号:

TP309

陈福才, 周梦丽, 刘文彦, 梁浩. 云环境下面向拟态防御的反馈控制方法[J]. 信息网络安全, 2021, 21(1): 49-56.

CHEN Fucai, ZHOU Mengli, LIU Wenyan, LIANG Hao. Feedback Control Method for Mimic Defense in Cloud Environment[J]. Netinfo Security, 2021, 21(1): 49-56.

图/表 7

图1

图2

图3

图4

图5

图6

图7

参考文献 17

[1]	KHORSHED M T, ALI A B M S, WASIMI S A. Trust Issues that Create Threats for Cyber Attacks in Cloud Computing[EB/OL]. https://ieeexplore.ieee.org/document/6121377, 2020-09-08
[2]	ZHANG Miao, JI Xinsheng, AI Jianjian, et al. Virtual Machine Security Deployment Strategy Based on Operating System Diversity[J]. Journal of Network and Information Security, 2017,10(3):35-43.
	张淼, 季新生, 艾健健, 等. 基于操作系统多样性的虚拟机安全部署策略[J]. 网络与信息安全学报, 2017,10(3):35-43.
[3]	GUO Minzhe, BHATTACHARYA P. Diverse Virtual Replicas for Improving Intrusion Tolerance in Cloud[C] //ACM. ACM Press the 9th Annual Cyber and Information Security Research Conference, April 8-10,2014, Oak Ridge, Tennessee. New York: ACM, 2014: 41-44.
[4]	GADZE J D, COBBAH M, KLOGO G S. Network Intrusion Detection and Countermeasure Selection in Virtual Network (NIDCS)[J]. International Journal of Security, 2016,5(1):25-39.
[5]	WANG Yimin. Automated Web Patrol with Strider Honey Monkeys: Finding Web sites that Exploit Brower Vulnerabilities[EB/OL]. http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=15C7A2D3A59C4B156C686A99F6D0C458?doi=10.1.1.100.224&rep=rep1&type=pdf, 2020-01-03.
[6]	ROSCHKE S, CHENG F, MEINEL C. Intrusion Detection in the Cloud[C] //IEEE. Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, December 12-14, 2009, Chengdu, China. New York: IEEE, 2009: 729-734.
[7]	BAKSHI A, DUJODWALA YB. Securing Cloud from DDOS Attacks Using Intrusion Detection System in Virtual Machine[C] //IEEE. International Conference on Communication Software & Networks, February 26-28, 2010, Singapore. New York: IEEE, 2010: 260-264.
[8]	WEN Tian, JI Xiaopeng, LIU Weiwei, et al. Honeypot Game‐theoretical Model for Defending Against APT Attacks with Limited Resources in Cyber-physical Systems[J]. ETRI Journal, 2019,41(1):585-598. doi: 10.4218/etrij.2019-0152 URL
[9]	ZHUANG Rui, DELOACH S, OU Xinming. Towards a Theory of Moving Target Defense[C] //ACM. Proceedings of the 1st ACM Workshop on Moving Target Defense, November 7, 2014, Scottsdale, Arizona. New York: ACM, 2014: 31-40.
[10]	WRIGHT M, VENKATESAN S, ALBANESES M, et al. Moving Target Defense against DDOS Attacks: An Empirical Game-theoretic Analysis[C] //ACM. Proceedings of the 3rd ACM Workshop on Moving Target Defense, October 24, 2016, New York, NY, USA. New York: ACM, 2016: 93-104.
[11]	ALAVIZADEH H, HONG J B, DONG S K, et al. Comprehensive Security Assessment of Combined MTD Techniques for the Cloud[C] // ACM. Proceedings of the 5th ACM Workshop on Moving Target Defense, October 15, 2018, Toronto, Canada. New York: ACM, 2018: 94-104.
[12]	JAJODIA S, GHOSH A K, SWARUP V, et al. Moving Target Defense[J]. Advances in Information Security, 2011,11(54):99-108.
[13]	WU Jiangxing. Research on Mimicry Defense in Cyberspace[J]. Journal of Information Security, 2016,1(4):1-10. doi: 10.4236/jis.2010.11001 URL
	邬江兴. 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4):1-10.
[14]	TONG Qing, ZHANG Zheng, ZHANG Weihua, et al. Design and Implementation of Mimicry Defense Web Server[J]. Journal of Software, 2017,28(4):883-897.
	仝青, 张铮, 张为华, 等. 拟态防御Web服务器设计与实现[J]. 软件学报, 2017,28(4):883-897.
[15]	WANG Zhenpeng, HU Hongchao, CHENG Guozhen. Implementation Architecture of Mimicry Defense in Software Defined Networks[J]. Journal of Information Security, 2017,3(10):52-61.
	王禛鹏, 扈红超, 程国振. 软件定义网络下的拟态防御实现架构[J]. 信息安全学报, 2017,3(10):52-61.
[16]	WANG Zhenpeng, HU Hongchao, CHENG Guozhen. DNS Framework Design Based on Mimicry Security Defense[J]. Chinese Journal of Electronics. 2017,45(11):2705-2714.
	王禛鹏, 扈红超, 程国振. 一种基于拟态安全防御的DNS框架设计[J]. 电子学报, 2017,45(11):2705-2714.
[17]	WANG Yawen, WU Jiangxing, GUO Yunfei, et al. Scientific Workflow Execution System Based on Mimic Defense in the Cloud Environment[J]. Frontiers of Information Technology & Electronic Engineering, 2018,19(12):1522-1536.

云环境下面向拟态防御的反馈控制方法

Feedback Control Method for Mimic Defense in Cloud Environment

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 17

相关文章 6

编辑推荐

Metrics

本文评价

[1]	陈婉莹, 王运鹏, 赵珂雨, 刘晓洁. 云环境中基于分组的安全虚拟机放置方法[J]. 信息网络安全, 2020, 20(8): 55-61.
[2]	朱维军, 樊永文, 班绍桓. 动态虚拟MSISDN的拟态自动机模型与安全性验证方法[J]. 信息网络安全, 2018, 18(4): 15-22.
[3]	陈亚楠, 梅倩, 熊虎, 徐维祥. 适用于工业物联网的无证书并行密钥隔离签名[J]. 信息网络安全, 2018, 18(10): 1-9.
[4]	闫玺玺, 刘媛, 胡明星, 黄勤龙. 云环境下基于LWE的多机构属性基加密方案[J]. 信息网络安全, 2017, 17(9): 128-133.
[5]	闫玺玺, 刘媛, 李子臣, 黄勤龙. 云环境下理想格上的多机构属性基加密隐私保护方案[J]. 信息网络安全, 2017, 17(8): 19-25.
[6]	闫玺玺, 叶青, 刘宇. 云环境下支持隐私保护和用户撤销的属性基加密方案[J]. 信息网络安全, 2017, 17(6): 14-21.