ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2178-2191.doi: 10.7544/issn1000-1239.2015.20150417

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇

基于云模型的防御代理信任评估模型

余洋1,2,夏春和1,2,3,王星河1,2   

  1. 1(网络技术北京市重点实验室(北京航空航天大学) 北京 100191); 2(北京航空航天大学计算机学院 北京 100191); 3(虚拟现实技术与系统国家重点实验室(北京航空航天大学) 北京 100191) (kiko441500@cse.buaa.edu.cn)
  • 出版日期: 2015-10-01
  • 基金资助: 
    基金项目:国家自然科学基金面上项目(61170295)

A Cloud Model Based Trust Evaluation Model for Defense Agent

Yu Yang1,2, Xia Chunhe1,2,3, Wang Xinghe1,2   

  1. 1(Beijing Key Laboratory of Network Technology (Beihang University), Beijing 100191);2(School of Computer Science and Engineering, Beihang University, Beijing 100191);3(State Key Laboratory of Virtual Reality Technology (Beihang University), Beijing 100191)
  • Online: 2015-10-01

摘要: 在计算机网络协同防御(computer network collaborative defense, CNCD)系统中,所有的防御代理在防御方案的部署过程中默认都是可信和可控的,而这个不合理的假设在开放的网络环境下是不成立的,其将会导致恶意代理参与到计算机网络协同防御的方案执行中,增加方案执行失败率,降低系统安全性.为了解决这个问题,提出了一种计算机网络协同防御下的信任评估模型,该模型能分别从信任的模糊性和随机性2个角度对信任进行描述,并进行信任更新.模型包括2个主要部分:防御任务执行评估和防御代理信任更新.研究了防御代理反馈的评估函数,包括防御任务的完成时间和完成质量评估2个方面,并将信任的时间衰减性、非对称性应用到防御代理的反馈评估函数中;提出了一种基于滑动时间窗口的双权值直接信任云模型(sliding time window-based dual weight direct trust cloud model, STBCM)进行信任更新.最后通过对比实验证明模型具有更低的方案失败率,能够为计算机网络协同防御方案的信任部署提供支持.

关键词: 信任评估, 防御方案部署, 协同防御, 云模型, 防御代理

Abstract: All defense agents (DAs) are trustworthy and controllable by default during the implementation of defense scheme in the computer network collaborative defense (CNCD) system. But this unreasonable assumption does not hold in the open network environment. Malicious agent will be led into the deployment of CNCD defense scheme and the fail rate of defense schemes will be raised under this assumption, which will decrease the security of the whole system. To address this issue, trust evaluation should be conducted. In the present research work, a trust evaluation model of CNCD is proposed. The model can describe trust from the aspects of randomness and fuzziness, and conduct trust updating. The trust evaluation model includes two key parts: task execution evaluation and defense agent trust updating. Evaluation functions of DAs’ feedback, including functions of finish time (FT) and defense quality (DQ), are studied in detail. Two properties of trust, including time decay and asymmetry, are adopted in the evaluation functions of DAs’ feedback. A sliding time window-based dual weight direct trust cloud model (STBCM) is likewise proposed for trust updating. The contrast experiments show that the proposed algorithm has lower fail rate of defense scheme, and can provide support for the trust deployment of the CNCD scheme.

Key words: trust evaluation, defense scheme deployment, collaborative defense, cloud model, defense agents (DAs)

中图分类号: