Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

绩效评估 by Mind Map: 绩效评估
0.0 stars - 0 reviews range from 0 to 5

绩效评估

蠕虫

扫描策略

随机扫描

hit-list扫描

路由器扫描

dns扫描

模型

Simple Epidemic Model

KM

Two-Factor

Worm-Anti-Worm

检测

良性蠕虫抑制恶性蠕虫

GrIDS

Honeypot

防御

Reactive Antibody Defense需要较长反应时间

Reactive Address Blacklisting需识别感染的机器,过滤它们的数据包

Proactive Protection 攻击概率p,须尝试1/p次

Local Containment, hit-list扫描不易识别, N大则α往往较小

博弈论建模

参与人集合P={Pa,Ps}

参与人策略集合S={Sa,Ss}, 攻击策略Sa={随机扫描,hit-list扫描}, 防御策略Ss={将大量目标地址随机的交换机端口暂时关闭,蠕虫对抗蠕虫}, 或防御策略Ss={Reactive Antibody Defense,Proactive Protection}

收益, 因子, 感染比例I(t), 参数说明, α Deployment ratio, β Vulnerable host contact rate, β1 Throttle rate, δa Reaction time (Antibody), δb Reaction time (Blacklist), p Protection probability, t Timestamp, C # of initial infected hosts = I(0), I(t) # of hosts infected at time t, Ip(t) # of participating hosts infected at time t, Inp(t) # of non-participating hosts infected at time t, 参数, 随机扫描, Antibody:δa=10hour,β=1000host/sec, Local Containment :δ=0,β=1000host/sec,β1=100host/sec, hit-list扫描, Antibody:δa=10hour,β=3000host/sec, Local Containment :δ=0,β=3000host/sec,β1=2800host/sec, 是否引入参数N?, 公式, Reactive Antibody Defense较复杂, Local Containment简单, 误判比例E(t)/N, 蠕虫占用的带宽B(t), 随机扫描:6MB*I(t)*N, hit-list扫描:100B*N*I(t)*N, N小时,随机扫描带宽大;N大时,hit-list扫描占带宽大, "当列表大于6M(估算N>60000)时, hit-list蠕虫传播速度比随机扫描还慢", 公式, 攻击方收益Ua, Untitled, a>0, b、c的正负取决于蠕虫的类型, 若以降低目标系统的可用性为目标,则b、c大于0, 若以控制目标系统为目标,则b、c小于0, 积分表示对系统的累加影响,是否使用?, 防御方收益Us, Untitled, x<0,y<0,z<0

博弈树, 随机扫描, 将大量目标地址随机的交换机端口暂时关闭, Untitled, 路由器扫描, 将大量目标地址随机的交换机端口暂时关闭, Untitled

博弈矩阵

DDoS

使用石盼的模型

改进