CN110581845A - A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive - Google Patents

A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive Download PDF

Info

Publication number
CN110581845A
CN110581845A CN201910772464.7A CN201910772464A CN110581845A CN 110581845 A CN110581845 A CN 110581845A CN 201910772464 A CN201910772464 A CN 201910772464A CN 110581845 A CN110581845 A CN 110581845A
Authority
CN
China
Prior art keywords
controller
executive
mimic
confidence
executive body
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910772464.7A
Other languages
Chinese (zh)
Inventor
吴春明
陈双喜
姜鑫悦
潘高宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN201910772464.7A priority Critical patent/CN110581845A/en
Publication of CN110581845A publication Critical patent/CN110581845A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种拟态控制器执行体的潜在威胁程度的量化表征方法,该方法通过拟态控制器记录执行体每次处理输入与多模表决器的区别,计算执行体置信度,每经过一段时间更新置信度并排序,将置信度最低的执行体下线,并从线下候补执行体中选取执行体上线。本发明方法综合考虑进一步提升拟态控制器的可靠性,对于拟态控制器执行体的潜在威胁程度进行量化表征,引入置信度的概念,依据置信度从而可靠的调节执行体的运行;在现有缺少有效的量化表征方法的情况下,本发明在基本没有改变软硬件开销的情况下,大大提高了拟态防御系统的鲁棒性。

The invention discloses a quantitative characterization method of the potential threat degree of a mimic controller executive body. The method uses the mimic controller to record the difference between each processing input of the executive body and the multi-mode voter, and calculates the confidence degree of the executive body. The confidence level is updated and sorted at time, the execution body with the lowest confidence level is offline, and the execution body is selected from the offline candidate execution body to go online. The method of the present invention comprehensively considers further improving the reliability of the mimic controller, quantifies and characterizes the potential threat degree of the actuator of the mimic controller, introduces the concept of confidence, and reliably adjusts the operation of the actuator according to the confidence; In the case of an effective quantitative representation method, the present invention greatly improves the robustness of the mimic defense system without substantially changing the software and hardware overhead.

Description

拟态控制器执行体的潜在威胁程度的量化表征方法A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive

技术领域technical field

本发明属于网络安全技术领域,具体为网络安全拟态防御技术领域,尤其涉及一种拟态控制器执行体的潜在威胁程度的量化表征方法。The invention belongs to the technical field of network security, in particular to the technical field of network security mimic defense, and particularly relates to a quantitative characterization method of the potential threat degree of a mimic controller executive body.

背景技术Background technique

随着互联网的不断演进、攻击技术的不断进化,网络攻击呈现“隐蔽性、协同性、精确性”等特点,网络安全处于“易攻难守”的态势。为了彻底改变传统的“封堵查杀”等被动应对的防护模式,形成主动防御能力,拟态防御技术应运而生。拟态防御技术是指以系统内部动态异构冗余结构为基础提出的一种主动防御技术,能够应对网络空间中的各类未知威胁。由于采用综合性的防御手段,拟态防御技术具有良好的可靠性与普适性,近年来成为学术界与工业界的研究热点。With the continuous evolution of the Internet and the continuous evolution of attack technologies, network attacks present the characteristics of "concealment, coordination, and precision", and network security is in a situation of "easy to attack but difficult to defend". In order to completely change the traditional protection mode of passive response such as "blocking and killing", and form an active defense capability, mimic defense technology came into being. Mimic defense technology refers to an active defense technology based on the internal dynamic heterogeneous redundant structure of the system, which can deal with various unknown threats in cyberspace. Due to the adoption of comprehensive defense methods, mimic defense technology has good reliability and universality, and has become a research hotspot in academia and industry in recent years.

拟态控制器同一时间有多个功能等价冗余执行体在线上,当拟态防御技术的服务器接收到访问请求,将首先输入到拟态控制器中,拟态控制器同时分配给多个功能等价冗余执行体,如果多个功能等价冗余执行体都正常输出,他们将输出相同的结果给多模表决器,多模表决器将按照择多判决的原理,输出正确结果。当某个或者某些功能等价冗余执行体被攻击出现漏洞,其将输出错误结果,尽管理论上不能保证择多结果总是正确的,但却可以证明择多错误的发生概率随DRS余度数增加呈非线性减小,但是某一时段出现多个存在漏洞的功能等价冗余执行体同时运行,极可能出现错误输出,会导致拟态防御技术服务器的安全性受到威胁。因此,一种适用拟态控制器执行体的潜在威胁程度的量化表征方法,极大的降低择多判决的可能出错率,会进一步加强整个拟态防御系统的鲁棒性。The mimic controller has multiple functional equivalent redundant executives online at the same time. When the server of the mimic defense technology receives an access request, it will first input it to the mimic controller, and the mimic controller is simultaneously assigned to multiple functional equivalent redundant execution bodies. For other executives, if multiple functionally equivalent redundant executives output normally, they will output the same result to the multi-mode voter, and the multi-mode voter will output the correct result according to the principle of majority decision. When one or some functionally equivalent redundant execution bodies are attacked and a vulnerability occurs, it will output wrong results. Although the majority result cannot be guaranteed to be always correct in theory, it can be proved that the probability of majority error increases with the DRS surplus. The increase of the degree decreases non-linearly, but in a certain period of time, multiple functionally equivalent redundant execution bodies with loopholes are running at the same time, and error output is very likely to occur, which will threaten the security of the mimic defense technology server. Therefore, a quantitative characterization method applicable to the potential threat level of the mimic controller executive can greatly reduce the possible error rate of the majority decision, and will further enhance the robustness of the entire mimic defense system.

现有的拟态防御系统,尚没有一种适用的拟态控制器执行体的潜在威胁程度的量化表征方法,目前加强拟态控制器正确性的主要方式,通过人工对于功能等价冗余执行体进行判断,然后手动上线下线相应的执行体,来改善整个拟态控制器的安全程度,确保维护整个拟态防御系统的鲁棒性。但该方法存在着三个方面的缺陷:首先,没有进行标记过的功能等价冗余执行体潜在威胁程度难以精准判断;其次,耗费人力而且检测周期无法保证;最后,人工判断以及手动上线下线执行体存在极大的偏颇性。In the existing mimic defense system, there is no suitable quantitative characterization method for the potential threat level of the mimic controller executive body. At present, the main way to strengthen the correctness of the mimic controller is to manually judge the functionally equivalent redundant executive body , and then manually go online and offline the corresponding executives to improve the security of the entire mimic controller and ensure the robustness of the entire mimic defense system. However, this method has three shortcomings: first, it is difficult to accurately judge the potential threat level of functionally equivalent redundant execution bodies that have not been marked; second, it is labor-intensive and the detection cycle cannot be guaranteed; finally, manual judgment and manual online and offline Line executives are extremely biased.

因此,对于目前拟态控制器执行体的潜在威胁程度量化表征方法的缺失的情况,为保证实际拟态防御技术的高可靠性与高可用性,亟需一种高效且精确的拟态控制器执行体的潜在威胁程度量化表征方法,最大化拟态防御系统的鲁棒性和可靠性。Therefore, in view of the lack of quantitative characterization methods for the potential threat level of the mimic controller executive, in order to ensure the high reliability and high availability of the actual mimic defense technology, an efficient and accurate potential threat of the mimic controller executive is urgently needed. Quantitative characterization method of threat level, maximizing the robustness and reliability of the mimic defense system.

发明内容Contents of the invention

本发明的目的在于针对现有技术的不足,提供一种拟态控制器执行体的潜在威胁程度的量化表征方法。本发明方法通过持续不断的输入,根据不同时段的执行体累积置信度对执行体集进行轮转执行,具有更加安全可靠的优点。The purpose of the present invention is to provide a quantitative characterization method of the potential threat level of a mimic controller executive body in view of the deficiencies in the prior art. The method of the present invention performs round-robin execution on the execution body set according to the cumulative confidence of the execution body in different periods through continuous input, which has the advantage of being safer and more reliable.

本发明的目的是通过以下技术方案来实现的:一种拟态控制器执行体的潜在威胁程度的量化表征方法,包括以下步骤:The purpose of the present invention is achieved through the following technical solutions: a quantitative characterization method of the potential threat level of a mimic controller executive body, comprising the following steps:

(1)对于用户访问请求,判断IP地址是否属于蜜罐黑名单列表;如果是,将该攻击引入到蜜罐中执行,结束所有步骤;如果不是,则进行后续步骤;(1) For the user access request, judge whether the IP address belongs to the honeypot blacklist; if yes, introduce the attack into the honeypot for execution, and end all steps; if not, proceed to subsequent steps;

(2)拟态控制器记录执行体每次处理输入与多模表决器的区别,并且计算每个执行体的置信度,每经过一个固定时间段都更新置信度,并重新排序,包括以下子步骤:(2) The mimicry controller records the difference between the execution body's processing input and the multi-mode voter each time, and calculates the confidence degree of each execution body, and updates the confidence degree every time a fixed period of time passes, and reorders, including the following sub-steps :

(2.1)用M表示待提供服务的异构构体总个数;接收到输入时,选取N个异构构体上线作为拟态控制器的执行体集,拟态控制器将输入交付给上线的执行体,收集每个执行体的输出结果给表决器进行择多判决;(2.1) Use M to represent the total number of isomers to provide services; when the input is received, select N isomers to go online as the execution body set of the mimic controller, and the mimic controller will deliver the input to the online execution body, collect the output results of each executive body to the voter for majority decision;

(2.2)拟态控制器更新执行体的置信度:经过固定时间段t,用Q代表当前时间段一个执行体接受的输入数;用Vi表示第i个执行体的错误处理次数,执行体每次出错以后更新执行体的Vi=Vi+1;当前时间段结束以后,用Q更新当前所有执行体接受的总输入数Pi=Pi+Q,记录第i个执行体接受的总输入数Pi;Ci表示第i个执行体的置信度,由下式计算得到:(2.2) Mimetic controller updates the confidence of the execution body: after a fixed time period t, use Q to represent the number of inputs accepted by an execution body in the current time period; After the first error, update the execution body's V i =V i +1; after the end of the current time period, use Q to update the total number of inputs accepted by all current execution bodies P i =P i+ Q, and record the total input received by the i-th execution body The number P i ; C i represents the confidence degree of the i-th executive, which is calculated by the following formula:

其中,i=1,2,…,N;Among them, i=1,2,...,N;

(2.3)将执行体根据步骤(2.1)得到的置信度Ci的值,进行排序;(2.3) Sorting the execution body according to the value of confidence C i obtained in step (2.1);

(3)将步骤(2.3)得到的执行体排序中置信度最低的执行体下线,排在线下候补执行体排序的末位;并从线下候补执行体中顺序抽取执行体上线;然后跳转至步骤(2.2)进入下一个时间段t。(3) Go offline with the lowest confidence execution body in the execution body sorting obtained in step (2.3), and rank it at the end of the offline candidate execution body ranking; and sequentially extract the execution bodies from the offline candidate execution bodies to go online; then jump Go to step (2.2) to enter the next time period t.

进一步地,所述步骤(2.1)中的异构构体包括执行体和线下候补执行体。Further, the isomers in the step (2.1) include executors and offline candidate executors.

进一步地,所述步骤(2.2)中的错误处理是指表决器判决一致输出,如果与判决结果不一致的执行体输出,则认为是错误输出。Further, the error handling in the step (2.2) means that the decision of the voter is unanimous, and if the output of the executive body is inconsistent with the decision result, it is considered as an error output.

本发明的有益效果是:本发明方法综合考虑进一步提升拟态控制器的可靠性,优化目标是对于拟态控制器中所有功能等价冗余执行体的潜在威胁程度进行量化表征,引入置信度的概念,依据置信度从而可靠的调节执行体的运行,来进一步加强拟态防御系统的安全性和可靠性。在现有缺少拟态控制器执行体的潜在威胁程度的量化表征方法的情况下,本发明在基本没有改变软硬件开销的情况下,大大提高了拟态防御系统的鲁棒性。The beneficial effects of the present invention are: the method of the present invention comprehensively considers further improving the reliability of the mimic controller, and the optimization goal is to quantitatively characterize the potential threats of all functionally equivalent redundant executive bodies in the mimic controller, and introduce the concept of confidence According to the confidence level, the operation of the executive body can be reliably adjusted to further strengthen the security and reliability of the mimic defense system. In the absence of a quantitative characterization method for the potential threat level of the mimic controller executive body, the present invention greatly improves the robustness of the mimic defense system without substantially changing the hardware and software overhead.

附图说明Description of drawings

图1为本发明实施例中控制器接收输入模型示意图;Fig. 1 is the schematic diagram of controller receiving input model in the embodiment of the present invention;

图2为本发明方法的流程图。Fig. 2 is a flow chart of the method of the present invention.

具体实施方式Detailed ways

以下结合附图并举实施例对本发明做进一步详细说明。The present invention will be described in further detail below with reference to the accompanying drawings and examples.

本发明一种拟态控制器执行体的潜在威胁程度的量化表征方法,包括以下步骤:A quantitative characterization method of the potential threat degree of a mimic controller executive body of the present invention, comprising the following steps:

(1)判断用户IP地址是否属于黑名单:蜜罐机制可用于探测和承受已检测到的攻击行为;服务器利用现有的蜜罐机制,实时收集攻击流量的信息,动态更新IP黑名单列表;对于用户访问请求,判断IP地址是否属于蜜罐黑名单列表;如果是,将该攻击引入到蜜罐中执行,结束所有步骤;如果不是,则进行后续步骤;(1) Determine whether the user's IP address belongs to the blacklist: the honeypot mechanism can be used to detect and withstand detected attacks; the server uses the existing honeypot mechanism to collect attack traffic information in real time and dynamically update the IP blacklist list; For user access requests, determine whether the IP address belongs to the honeypot blacklist; if so, introduce the attack into the honeypot for execution, and end all steps; if not, proceed to subsequent steps;

(2)拟态控制器记录执行体每次处理输入与多模表决器的区别,并且计算每个执行体的置信度,每经过一个固定时间段都更新置信度,并重新排序,包括以下子步骤:(2) The mimicry controller records the difference between the execution body's processing input and the multi-mode voter each time, and calculates the confidence degree of each execution body, and updates the confidence degree every time a fixed period of time passes, and reorders, including the following sub-steps :

(2.1)用M表示待提供服务的异构构体总个数,异构构体包括执行体和线下候补执行体;接收到输入时,选取N个异构构体上线作为拟态控制器的执行体集,拟态控制器将输入交付给上线的执行体,收集每个执行体的输出结果给表决器进行择多判决;(2.1) Use M to represent the total number of isomers to provide services, isomers include executives and offline candidate executives; when receiving input, select N isomers to go online as the mimic controller Executive body set, the mimic controller delivers the input to the online executive body, and collects the output result of each executive body to the voter for majority decision;

(2.2)拟态控制器更新执行体的置信度:经过固定时间段t,用Q代表当前时间段一个执行体接受的输入数;用Vi表示第i个执行体的错误处理次数,所述错误处理是指表决器判决一致输出,如果与判决结果不一致的执行体输出,则认为是错误输出;执行体每次出错以后更新执行体的Vi=Vi+1;当前时间段结束以后,用Q更新当前所有执行体接受的总输入数Pi=Pi+Q,记录第i个执行体接受的总输入数Pi;Ci表示第i个执行体的置信度,由下式计算得到:(2.2) Mimetic controller updates the confidence of the execution body: after a fixed time period t, use Q to represent the number of inputs accepted by an execution body in the current time period; use V i to represent the error processing times of the i-th execution body, the error Processing refers to the consistent output of the decision of the voter. If the output of the executive body is inconsistent with the judgment result, it is considered to be an error output; every time the executive body makes an error, V i =V i +1 of the executive body is updated; after the end of the current time period, use Q updates the total number of inputs P i =P i+ Q currently accepted by all executives, and records the total number of inputs P i accepted by the i-th executive; C i represents the confidence of the i-th executive, which is calculated by the following formula:

其中,i=1,2,…,N;Among them, i=1,2,...,N;

(2.3)将执行体根据步骤(2.1)得到的置信度Ci的值,从高到低进行排序;(2.3) Sorting the execution body from high to low according to the value of confidence C i obtained in step (2.1);

(3)将步骤(2.3)得到的执行体排序中置信度最低的执行体下线,排在线下候补执行体排序的末位;并从线下候补执行体中顺序抽取执行体上线;然后跳转至步骤(2.2)进入下一个时间段t。(3) Go offline with the lowest confidence execution body in the execution body sorting obtained in step (2.3), and rank it at the end of the offline candidate execution body ranking; and sequentially extract the execution bodies from the offline candidate execution bodies to go online; then jump Go to step (2.2) to enter the next time period t.

实施例Example

本实例工作在拟态防御服务器中的拟态控制器,如图1所示,拟态控制器中运行A1~A6共6个执行体,以及E1~E6共6个线下候补执行体,输入进入控制器以后交付给6个上线的执行体;本发明的方法依照如下具体步骤在每隔相同时间段t置换线上线下的执行体,保证最终表决器根据算法输出最终结果真实可靠,完成对访问请求的处理。This example works on the mimic controller in the mimic defense server. As shown in Figure 1, there are 6 executives A 1 to A 6 running in the mimic controller, and 6 offline backup executives E 1 to E 6 . After the input enters the controller, it is delivered to the 6 online executives; the method of the present invention replaces the online and offline executives at every same time period t according to the following specific steps, so as to ensure that the final result of the final voter outputting according to the algorithm is true and reliable, and completes Handling of access requests.

如图2所示,本实例具体通过以下步骤实现:As shown in Figure 2, this example is implemented through the following steps:

步骤一、收到用户访问请求,输入代理判断用户IP是否在蜜罐服务器的黑名单中,如果是,则将请求引入蜜罐服务器中执行;如果否,则进入步骤二;Step 1. Receive a user access request, input the agent to determine whether the user IP is in the blacklist of the honeypot server, if yes, then import the request into the honeypot server for execution; if not, then enter step 2;

步骤二、输入到拟态控制器中,交付给上线的执行体,每次输出收集每个执行体的结果输入给表决器,最终收集一个时段t的执行体i的错误输出Vi(i=1~6)和总接受输入Pi以及根据公式计算置信度Ci(i=1~6),Ci等于1减去执行体i的Vi和Pi比值的差值,例如第一个时间段t以后,共收到100次输入,6个执行体的输错结果分别为0,0,1,2,0,0;根据数据更新Pi和Vi,然后计算置信度并按照进行排序;Step 2: input to the mimic controller, deliver to the online execution body, collect the results of each execution body for each output and input to the voter, and finally collect the error output V i (i=1) of the execution body i in a period t ~6) and always accept the input P i and calculate the confidence degree C i (i=1~6) according to the formula, C i is equal to 1 minus the difference between the ratio of V i and P i of executive i, for example, the first time After segment t, a total of 100 inputs are received, and the input error results of the 6 executive bodies are 0, 0, 1, 2, 0, 0 respectively; update Pi and V i according to the data, then calculate the confidence and follow put in order;

步骤三、根据选出最低的Ci执行体A4进行下线,并且从候补执行体Ei(i=1~6)顺序上线执行体E1Step 3: Go offline according to the selection of the lowest C i execution body A 4 , and go online sequentially from the candidate execution body E i (i=1~6) to the execution body E 1 ;

步骤四、继续经过一个相同的时间间隔t后,继续更新当前执行体i的错误输出Vi(i=1~6)和总接受输入Pi以及根据公式计算置信度Ci(i=1~6),然后按照排序,然后继续通过量化表征置换算法来对执行体进行上线和下线处理。Step 4: Continue to update the error output V i (i=1~6) of the current executive i (i=1~6) and the total accepted input P i after the same time interval t, and calculate the confidence degree C i (i=1~6) according to the formula 6), then follow Sorting, and then continue to perform on-line and off-line processing of the execution body through the quantitative representation replacement algorithm.

以上所述为本发明的一个实施例,本发明不受上述实施例限制,可将本发明的技术方案与实际应用场景结合确定具体实施方法。The above is an embodiment of the present invention, and the present invention is not limited by the above embodiment, and a specific implementation method can be determined by combining the technical solutions of the present invention with actual application scenarios.

Claims (3)

1. A method for quantitatively characterizing the potential threat level of a mimicry controller executive is characterized by comprising the following steps:
(1) For a user access request, judging whether the IP address belongs to a honeypot blacklist list or not; if yes, the attack is introduced into the honeypot to be executed, and all the steps are ended; if not, the subsequent steps are performed.
(2) The mimicry controller records the difference between each processing input of the executive and the multi-mode voter, calculates the confidence of each executive, updates the confidence every time a fixed time period passes, and reorders the confidence, and comprises the following sub-steps:
(2.1) using M to represent the total number of isomeric structures to be provided with service; and when receiving input, selecting the on-line of N isomorphs as an executive body set of the mimicry controller, delivering the input to the on-line executive body by the mimicry controller, and collecting the output result of each executive body to a voter for carrying out multi-choice judgment.
(2.2) the mimicry controller updates the confidence of the executant: after a fixed time period t, representing the input number accepted by an executive in the current time period by Q; by ViIndicating the number of times of error handling of the ith executable, and updating V of the executable after each error of the executablei=Vi+ 1; after the current time period is over, updating the total input number P accepted by all the current executors by Qi=Pi+Q, recording the total input number P accepted by the ith executivei;CiThe confidence coefficient of the ith executive body is represented and calculated by the following formula:
wherein i is 1,2, …, N.
(2.3) obtaining the confidence C of the executive body according to the step (2.1)iThe values of (a) are sorted;
(3) The executive body with the lowest confidence level in the executive body sequencing obtained in the step (2.3) is offline, and the last bit of the offline candidate executive body sequencing is arranged; sequentially extracting the upper lines of the execution bodies from the lower line candidate execution bodies; then jump to step (2.2) and enter the next time period t.
2. The method for quantitatively characterizing the potential threat level of a mimicry controller executor according to claim 1, wherein the isomorphs in step (2.1) comprise an executor and a candidate offline executor.
3. the method for quantitatively characterizing the potential threat level of an executor of a mimicry controller as claimed in claim 1, wherein the error processing in step (2.2) is that a voter decides a consistent output and if the executor output is inconsistent with the decision result, the output is regarded as an error output.
CN201910772464.7A 2019-08-21 2019-08-21 A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive Pending CN110581845A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910772464.7A CN110581845A (en) 2019-08-21 2019-08-21 A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910772464.7A CN110581845A (en) 2019-08-21 2019-08-21 A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive

Publications (1)

Publication Number Publication Date
CN110581845A true CN110581845A (en) 2019-12-17

Family

ID=68811663

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910772464.7A Pending CN110581845A (en) 2019-08-21 2019-08-21 A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive

Country Status (1)

Country Link
CN (1) CN110581845A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314337A (en) * 2020-02-11 2020-06-19 之江实验室 A Mimic Scheduling Method Based on Credibility and Credibility Coefficients
CN112202645A (en) * 2020-11-12 2021-01-08 福州大学 Measurement system and abnormal traffic detection method based on mimic defense and Sketch algorithm
CN112367317A (en) * 2020-11-09 2021-02-12 浙江大学 Endogenous safe WAF fingerprint transformation method
CN113946122A (en) * 2021-10-22 2022-01-18 中国科学院工程热物理研究所 Gas turbine parameter redundancy voting method based on confidence coefficient weight floating

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150127822A1 (en) * 2013-11-06 2015-05-07 MyOmega Systems Technologies GmbH Managing devices in a heterogeneouus network
CN109871682A (en) * 2018-12-19 2019-06-11 国网浙江省电力有限公司电力科学研究院 A unified control method for executive bodies of heterogeneous virtual machine platforms
CN109936517A (en) * 2018-12-19 2019-06-25 国网浙江省电力有限公司电力科学研究院 Adaptive Dynamic Traffic Allocation Method in Mimic Defense
CN110011965A (en) * 2019-02-28 2019-07-12 中国人民解放军战略支援部队信息工程大学 A kind of execution body based on confidence level non-uniform output judging method and device completely

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150127822A1 (en) * 2013-11-06 2015-05-07 MyOmega Systems Technologies GmbH Managing devices in a heterogeneouus network
CN109871682A (en) * 2018-12-19 2019-06-11 国网浙江省电力有限公司电力科学研究院 A unified control method for executive bodies of heterogeneous virtual machine platforms
CN109936517A (en) * 2018-12-19 2019-06-25 国网浙江省电力有限公司电力科学研究院 Adaptive Dynamic Traffic Allocation Method in Mimic Defense
CN110011965A (en) * 2019-02-28 2019-07-12 中国人民解放军战略支援部队信息工程大学 A kind of execution body based on confidence level non-uniform output judging method and device completely

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
沈丛麒、陈双喜、吴春明: "基于信誉度与相异度的自适应拟态控制器研究", 《通信学报》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314337A (en) * 2020-02-11 2020-06-19 之江实验室 A Mimic Scheduling Method Based on Credibility and Credibility Coefficients
CN111314337B (en) * 2020-02-11 2022-07-15 之江实验室 Mimicry scheduling method based on credibility and credibility coefficient
CN112367317A (en) * 2020-11-09 2021-02-12 浙江大学 Endogenous safe WAF fingerprint transformation method
CN112367317B (en) * 2020-11-09 2021-09-03 浙江大学 Endogenous safe WAF fingerprint transformation method
CN112202645A (en) * 2020-11-12 2021-01-08 福州大学 Measurement system and abnormal traffic detection method based on mimic defense and Sketch algorithm
CN113946122A (en) * 2021-10-22 2022-01-18 中国科学院工程热物理研究所 Gas turbine parameter redundancy voting method based on confidence coefficient weight floating
CN113946122B (en) * 2021-10-22 2024-02-13 中国科学院工程热物理研究所 Gas turbine parameter redundancy voting method based on confidence weight floating

Similar Documents

Publication Publication Date Title
CN110581845A (en) A Quantitative Characterization Method of the Potential Threat Level of Mimic Controller Executive
US10135788B1 (en) Using hypergraphs to determine suspicious user activities
CN109889538B (en) User abnormal behavior detection method and system
CN108833416B (en) A kind of SCADA system information security risk assessment method and system
CN106548343B (en) Illegal transaction detection method and device
US20170186030A1 (en) Advertisement click-through rate correction method and advertisement push server
US20200104292A1 (en) Method and apparatus for integrating multi-data source user information
CN108306864B (en) Network data detection method, device, computer equipment and storage medium
CN106921504B (en) Method and equipment for determining associated paths of different users
CN102801709A (en) Phishing website identification system and method
CN110544168A (en) A Weakly Supervised Internet Financial Anti-Fraud Method Based on Generative Adversarial Networks
CN111476610A (en) Information detection method and device and computer readable storage medium
CN113962712A (en) Method for predicting fraud gangs and related equipment
CN111160797A (en) Wind control model construction method and device, storage medium and terminal
CN112217650A (en) Network blocking attack effect evaluation method, device and storage medium
CN111686451B (en) A business processing method, device, equipment and computer storage medium
CN113807452B (en) Business process abnormality detection method based on attention mechanism
CN112822220B (en) Multi-sample combination attack-oriented tracing method and device
CN111327630B (en) Attack detection and correction method based on holohedral symmetry polycythemic theory
LU506573B1 (en) A quantitative characterization method of the potential threat degree of the mimic controller actuator
Chang et al. Implementation of ransomware prediction system based on weighted-KNN and real-time isolation architecture on SDN Networks
CN117640147A (en) Dynamic trust evaluation method and system based on access subject behaviors
CN113810329B (en) Method and system for detecting abnormality of mailbox account
CN114519174A (en) Online game login system and method based on big data
CN115510394A (en) A Collection Method for Improving Skyline Data Quality Based on Double Trust Check

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191217