高级检索

    一种基于动态偏好扫描的网络免疫策略

    A Network Immunization Strategy Based on Dynamic Preference Scan

    • 摘要: 复杂网络中各种自组织现象的涌现给网络脆弱性挖掘和网络免疫自推进带来了启示.一个完整的免疫资源配置过程可以分为4个阶段:信息收集、扫描、漏洞修复和自我推进.网络主机脆弱性分布的实证分析表明,脆弱主机在网络中呈现明显的幂律分布特性,这就意味着盲目扫描将耗费大量资源在非脆弱或不存在的主机上,而一个有效的网络免疫策略应该利用这种非均匀的网络脆弱性分布特性.静态偏好性的扫描方法在初期能取得良好的推进效果,但并不能将这种有效性贯穿整个免疫过程.为此,提出了一种新的基于扫描方式的网络免疫自推进策略.该策略能够在不知道网络结构的条件下,通过一种动态适应的偏好扫描方法,高效命中脆弱主机实施免疫修复.经过传播模型推导及计算机仿真分析,设计的网络免疫策略能够很好地抑制危害传播,提高网络的安全性.

       

      Abstract: There is a variety of self-organization phenomena emerging in complex networks. These phenomena bring enlightenment to the method of network vulnerability mining and the technology of network self-propelled immunization. A complete process of immunity resource deployment can be divided into four stages: information gathering, scanning, bug fixing and self-propulsion. The result of empirical analysis on the vulnerability distribution demonstrates that the distribution of vulnerable hosts obey the power law. It implies that blindfold scanning wastes many resources on invulnerable or inexistent hosts and a more effective immunization strategy should take advantage of this high non-uniformity of network vulnerability distribution. Good results can be achieved by static preference scan at the beginning of immunity resource spread. However, the effectiveness can not be persistent throughout the entire immunization process. On this basis, a novel network immunization self-propelled strategy is proposed, which is based on dynamic preference scan. This strategy can identify vulnerable hosts efficiently by a dynamic and adaptive preference scan method, and then fix and immunize these vulnerable hosts. This paper focuses on how to control this dynamic preference scan process. The analysis of modeling and computer simulation show that our strategy can restrain hazard spread efficiently and improve network security.

       

    /

    返回文章
    返回