ZHANG Baowen, CHANG Xiao, LI Jianhua, “A Generalized Information Security Model SOCMD for CMD Systems,” Chinese Journal of Electronics, vol. 29, no. 3, pp. 417-426, 2020, doi: 10.1049/cje.2020.02.017
Citation: ZHANG Baowen, CHANG Xiao, LI Jianhua, “A Generalized Information Security Model SOCMD for CMD Systems,” Chinese Journal of Electronics, vol. 29, no. 3, pp. 417-426, 2020, doi: 10.1049/cje.2020.02.017

A Generalized Information Security Model SOCMD for CMD Systems

doi: 10.1049/cje.2020.02.017
Funds:  This work is supported by State Key Development Program (No.2016YFB0800105) and Developed Regions of the National Natural Science Foundation of China (No.61562004).
  • Received Date: 2018-12-26
  • Rev Recd Date: 2019-11-19
  • Publish Date: 2020-05-10
  • As a new security defense theory, Cyberspace mimic defense (CMD) provides an architecture named Dynamic heterogeneous redundancy (DHR) to enhance the defense level of system security. Due to the new dynamic defense mechanism DHR introduced in CMD systems, traditional security modelling and analysis methods can hardly be used for them. In this paper, we propose a Security ontology-based modelling method for CMD systems (SOCMD), which uses ontology to represent DHR components and to define their inner relationships. SOCMD also connects information components including DHRs with security vulnerabilities, threats and attackers in cyberspace. Next, attacking rules, multi-mode arbitration mechanism and combination rules are designed with SOCMD for CMD systems and a new logical-checking method is proposed to make judgement about the security state of SOCMD. Finally, different use cases and performance tests are developed to demonstrate the application process for the model and to verify the validity of our method.
  • loading
  • Anderson N, Mitchell R and Chen I R., “Parameterizing Moving Target Defenses”, Ifip International Conference on New Technologies, Mobility and Security. IEEE, pp.1-6, 2016.
    J.X. Wu, “Research on Cyber Mimic Defense”, Journal of Cyber Security, Vol.1, No.4, pp.1-10, 2016.
    National Science and Technology Council,“Trustworthy Cyberspace: Strategic Plan for The Federal Cybersecurity Research and Development Program”, 2011.
    X.M. Si,W. Wang,J.J. Zeng, et al., “A review of the Basic Theory of Mimic Defense”, Engineering Sciences, Vol.18, No.6, pp.62-68, 2016.
    H.C Hu, F.C. Chen and Z.P. Wang, “Performance Evaluations on DHR for Cyberspace Mimic Defense”, Journal of Cyber Security, Vol.1, No.4, pp.40-51, 2016.
    Q. Tong, Z. Zhang, W.H. Zhang, et al., “Design and implementation of mimic defense Web server”, Journal of Software, Vol.28, No.4, pp.883-897, 2017.
    Z. Zhang, B.L. Ma and J.X. Wu, “The test and analysis of prototype of mimic defense in web servers”, Journal of Cyber Security, Vol.2, No.1, pp.13-28, 2017.
    H.L. Ma, P. Yi, Y.M. Jiang,et al., “Dynamic heterogeneous redundancy based router architecture with mimic defenses”, Journal of Cyber Security, Vol.2, No.1, pp.29-42, 2017.
    H.L. Ma, Y.M. Jiang, B. Bai,et al., “Tests and analyses for mimic defense ability of routers”, Journal of Cyber Security, Vol.2, No.1, pp.43-53, 2017.
    Z.P. WANG, H.C. HU and G.Z. CHENG, “A DNS architecture based on mimic security defense”, Acta Electronica Sinica, Vol.45, No.11, pp.2705-2714, 2017.
    W. ZHANG, N.N. SU, S.Z. NIU,et al., “An effective SDN controller scheduling method to defence DDoS attacks”, Chinese Journal of Electronics, Vol.28, No.2, pp.404-407, 2019.
    Y. CHEN, H.C. HU, and G.Z. CHENG, “The design and implementation of a software-defined intranet dynamic defense system”, Acta Electronica Sinica, Vol.46, No.11, pp.2604-2611, 2018.
    Q. REN, J.X. WU and L. HE, “Research on mimic DNS architectural strategy based on generalized stochastic petri net”, Journal of Cyber Security, Vol.4, No.2, pp.37-52, 2019.
    D.G. FENG, Y. ZHANG and Y.Q. ZHANG, “Survey of in-formation security risk assessment”, Journal of China Institute of Communications, Vol.7, No.25, pp.10-18, 2004.
    Moody, WC., Hu, H. and Apon, A, “Defensive maneuver cyber platform modeling with stochastic petrinets”, Proc. Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, pp.531-538, 2014.
    Zhuang R, Deloach S A and Ou X, “A model for analyzing the effect of moving target defenses on en-terprise networks”, Cyber and In-formation Security Research Conference, ACM, pp.73-76, 2014.
    X. Chang, B.W. Zhang and Y. Zhang, “Information security modeling method for CMD systems”, Communications Technology, Vol.51, No.1, pp.165-170, 2018.
    Donner M., “Toward a security ontology”, IEEE Security and Privacy, Vol.1, No.3, pp.6-7, 2003.
    J.B. Gao, B.W. Zhang and X.H. Chen, “Research progress in security ontology”, Journal of Computer Science, Vol.39, No.8, pp.14-19, 2012.
    Ian Horrocks and Peter F. PatelSchneider, “A proposal for an OWL rules language”, the 13th International World Wide Web Conference, ACM, pp.723-731, 2004.
    Musen, M.A. “The Protégé project: A look back and a look forward”, AI Matters, Vol.1, No.4, DOI:10.1145/2557001.25757003, 2015.
    CVE Database, “Common Vulnerabilities and Exposures”, https://cvemitre.org/, 2018-12-20.
    The Apache Software Foundation, “Apache Jena”, http://jena.apache.org/, 2018-12-20.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (697) PDF downloads(361) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return