Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

绩效评估 by Mind Map: 绩效评估
0.0 stars - 0 reviews range from 0 to 5

绩效评估

蠕虫

扫描策略

随机扫描

hit-list扫描

路由器扫描

dns扫描

模型

Simple Epidemic Model

KM

Two-Factor

Worm-Anti-Worm

检测

良性蠕虫抑制恶性蠕虫

GrIDS

Honeypot

防御

Reactive Antibody Defense需要较长反应时间

Reactive Address Blacklisting需识别感染的机器,过滤它们的数据包

Proactive Protection 攻击概率p,须尝试1/p次

Local Containment, hit-list扫描不易识别, N大则α往往较小

博弈论建模

参与人集合P={Pa,Ps}

参与人策略集合S={Sa,Ss}, 攻击策略Sa={随机扫描,hit-list扫描}, 防御策略Ss={将大量目标地址随机的交换机端口暂时关闭,蠕虫对抗蠕虫}, 或防御策略Ss={Reactive Antibody Defense,Proactive Protection}

收益, 因子, 感染比例I(t), 参数说明, α Deployment ratio, β Vulnerable host contact rate, β1 Throttle rate, δa Reaction time (Antibody), δb Reaction time (Blacklist), p Protection probability, t Timestamp, C # of initial infected hosts = I(0), I(t) # of hosts infected at time t, Ip(t) # of participating hosts infected at time t, Inp(t) # of non-participating hosts infected at time t, 参数, 随机扫描, Antibody:δa=10hour,β=1000host/sec, Local Containment :δ=0,β=1000host/sec,β1=100host/sec, hit-list扫描, Antibody:δa=10hour,β=3000host/sec, Local Containment :δ=0,β=3000host/sec,β1=2800host/sec, 是否引入参数N?, 公式, Reactive Antibody Defense较复杂, Local Containment简单, 误判比例E(t)/N, 蠕虫占用的带宽B(t), 随机扫描:6MB*I(t)*N, hit-list扫描:100B*N*I(t)*N, N小时,随机扫描带宽大;N大时,hit-list扫描占带宽大, "当列表大于6M(估算N>60000)时, hit-list蠕虫传播速度比随机扫描还慢", 公式, 攻击方收益Ua, Untitled, a>0, b、c的正负取决于蠕虫的类型, 若以降低目标系统的可用性为目标,则b、c大于0, 若以控制目标系统为目标,则b、c小于0, 积分表示对系统的累加影响,是否使用?, 防御方收益Us, Untitled, x<0,y<0,z<0

博弈树, 随机扫描, 将大量目标地址随机的交换机端口暂时关闭, Untitled, 路由器扫描, 将大量目标地址随机的交换机端口暂时关闭, Untitled

博弈矩阵

DDoS

使用石盼的模型

改进