%0 Journal Article %T 一种软件定义APT攻击移动目标防御网络架构<br>Software defined APT attack moving target defense network architecture %A 谭韧 %A 殷肖川 %A 焦贤龙 %A 廉哲 %A 陈玉鑫< %A br> %A TAN Ren %A YIN Xiao-chuan %A JIAO Xian-long %A LIAN Zhe %A CHEN Yu-xin %J 山东大学学报(理学版) %D 2018 %R 10.6040/j.issn.1671-9352.2.2017.196 %X 摘要: 针对传统网络架构的确定性、静态性和同构性造成APT攻击难以有效防御的问题,提出了一种软件定义APT攻击移动目标防御网络架构SDMTDA。对APT攻击行为进行了建模,总结了APT攻击依赖网络结构和漏洞信息的特点;结合软件定义安全理念建立了从下到上分别为物理层、控制层、应用层的三层网络架构,并给出了网络结构变化和漏洞信息变化的算法,分析了移动目标防御的三种方法在SDMTDA中的实现;对架构进行了分析、实现并测试。实验结果表明,该架构具有软件定义、变化迅速、扩展性强的优点。<br>Abstract: Aiming at the problem that the advanced persistent threat(APT)attack was difficult to effectively defend due to the certainty, statics and isomorphism of traditional network architecture, a software defined APT attack moving target defense network architecture SDMTDA was proposed. The behavior and the characteristics of APT attack were modelized. A three-tier network architecture of the physical layer, control layer, application layer was established considered with software definition security. The algorithm of network structure and vulnerability information change were given, and three categories of moving target defense realized in SDMTDA were analyzed. The experimental results show that the architecture has the advantages of software definability, rapid variability and strong expansibility %K 软件定义安全 %K 高级持续性威胁 %K 移动目标防御 %K 软件定义网络 %K 容器技术 %K < %K br> %K container technology %K advanced persistent threat %K software defined security %K moving target defense %K software defined networking %U http://lxbwk.njournal.sdu.edu.cn/CN/10.6040/j.issn.1671-9352.2.2017.196