CAJ | 학술논문

针对密码协议在实际运行中遭受攻击的问题,设计了自适应容忍入侵的密码协议安全运行防护系统.该防护系统主要由入侵检测模块和容忍入侵模块组成.入侵检测模块采用基于特征和异常的混合入侵检测模式,使用有限状态自动机(FSM)匹配密码协议执行中的各状态参数,实时检测密码协议的运行情况,并把检测结果发送给容忍入侵模块,触发容忍入侵模块根据预先设计好的自适应调整策略,对密码协议的运行进行调节,以达到容忍攻击的目的.采用模拟试验对系统模型进行了仿真测试,测试结果表明该模型能够在一定程度上成功检测对密码协议的攻击行为,并具有容忍某些特定类型攻击的能力.
침대밀마협의재실제운행중조수공격적문제,설계료자괄응용인입침적밀마협의안전운행방호계통.해방호계통주요유입침검측모괴화용인입침모괴조성.입침검측모괴채용기우특정화이상적혼합입침검측모식,사용유한상태자동궤(FSM)필배밀마협의집행중적각상태삼수,실시검측밀마협의적운행정황,병파검측결과발송급용인입침모괴,촉발용인입침모괴근거예선설계호적자괄응조정책략,대밀마협의적운행진행조절,이체도용인공격적목적.채용모의시험대계통모형진행료방진측시,측시결과표명해모형능구재일정정도상성공검측대밀마협의적공격행위,병구유용인모사특정류형공격적능력.
To protect the operation security of cryptographic protocols, the paper proposes an adaptive intrusion-tolerant approach which is composed of an intrusion detection module and an intrusion tolerance module. By adopting the mixed intrusion detection mode, the intrusion detection model uses the finite state machine (FSM) to match the parameters in the running of cryptographic protocols, which could conduct real-time detection of the characteristics of the cryptographic protocol operation, and send the detection results to the intrusion tolerance module, making it adjust the running of the cryptographic protocol according to the pre-designed self-adaptive strategy. The simulation demonstrated that this approach could be used to detect to a certain extent the attacks on cryptographic protocols and improve the intrusion-tolerance ability dominantly.