Security Analysis And Architecture Improvement Of Mimic DHR

In the current era of globalization and big data,in order to reduce production and maintenance costs,various information systems inevitably use components with uncontrollable credibility such as open source software,hardware or middleware,which intensifies the cyber security threats.In 2014,Wu Jiangxing proposed the idea of "Mimic Defense" and the Dynamic Heterogeneous Redundancy model,and proposed a method for building a reliable information system based on uncontrollable(such as unknown vulnerabilities)components.With the improvement of DHR model related theoretical research,the model is currently applied to many fields such as mimic switches,routers,mimic storage,mimic SDN,mimic web servers,etc.,which greatly enhancing the security of information systems,but still exists some shortcomings,especially:(a)DHR safety analysis requires manual determination of relevant safety parameters,which makes it difficult to guide the construction of DHR system in practice.Regarding DHR security analysis indicators,currently there are only single security indicators such as the success rate of a single attack,and it is difficult to compare the security of different DHR models.(b)The DHR model has not fully considered the heterogeneity among executors when constructing the servant.Therefore,when facing common vulnerabilities,the executor will produce most of the same but abnormal output due to insufficient heterogeneity,which leads to the vulnerability of the DHR model.Furthermore,when the common vulnerability is unknown,the problem becomes more prominent.The above problems have largely restricted the implementation of mimic defense technology.In response to the above problems,this paper introduces probabilistic analysis methods,combined with single/multiple attackers and other actual attack scenarios,establishes a more objective multi-aspects security measurement and method,and analyzes the security-relevant factors in the DHR model through simulation experiments.At the same time,using the clustering method,based on the heterogeneity of the system,the selection algorithm of the executor is constructed,and then an improved DHR model,IDHR is proposed.At the same time,the aforementioned security indicators are used to verify the improvement security effect of IDHR.Specifically,the main contribution of this article are as follows:(1)A DHR system security measurement method based on probability analysis is proposed.First of all,starting from the inherent characteristics of the mimic system,the executor-vulnerability matrix and the servant-vulnerability matrix model are proposed to realize the formal representation of the internal structure of the DHR system.Secondly,starting from the actual attack scenario,a variety of attack strategies such as single attacker and multiple attackers are proposed.From two dimensions of system attack success rate and controlled rate,the calculation formula of related security measures is given.Finally,the impact of relevant factors in the DHR model on security is analyzed through simulation experiments.Compared with the existing DHR safety analysis,the method proposed in this paper can be used for the quantitative comparison of security of the DHR system,and can provide quantitative decision support for the construction of the DHR system.(2)An improved DHR model based on executor division is proposed.Starting from the executor-vulnerability matrix and the servant-vulnerability matrix model,an executor set division algorithm is constructed based on the clustering idea,which solves the problem of how to choose executors with fewer common vulnerabilities as a servant to enhance the security of the system.As a result,the executor-division-module is introduced and the dynamic scheduling algorithm is improved,and an improved DHR(IDHR)model is proposed to effectively alleviate the vulnerability of the DHR system caused by common vulnerabilities.At the same time,using the DHR security analysis method proposed in this paper,the security of the DHR and IDHR models are evaluated through two experimental schemes of random executors simulation and web server emulation,which verifies that the IDHR model has obvious security advantages compared with the DHR model,especially when the common vulnerabilities are unknown.