基于脆弱性变换的网络动态防御有效性分析方法

有效性分析对合理制订最优网络动态防御策略至关重要.首先利用随机抽样模型从脆弱性变换角度给出入侵成功概率计算公式，用于刻画变换空间、变换周期及脆弱性数量对网络入侵过程的影响；然后针对单、多脆弱性变换两种情况，分别给出相应的入侵成功概率极限定理并予以证明，同时给出两种情况下的最优变换空间计算方法；仿真结果表明，增大单条入侵路径上依次攻击的脆弱性数量、减小变换周期可持续提高网络动态防御有效性，而增大变换空间初始可以提升网络动态防御有效性，但是由于入侵成功概率会随变换空间的持续增大而逐渐收敛，在入侵成功概率收敛时，有效性无法持续提高.

Effectiveness Analysis Approach Based on Vulnerability Mutation for Network Dynamic Defense

Effectiveness analysis is critical for making optimal network dynamic defense (NDD) strategies.Firstly,the attack success probability formula is derived by constructing the random sampling model from the perspective of vulnerability mutation,which can depict the influence caused by the mutation space,the mutation period and the number of vulnerabilities on the process of network attack.Then,two limit theorems of attack success probability are given and proved in single and multiple vulnerabilities cases respectively,and the calculating methods of optimal mutation space are given according to the two theorems.The simulation results show that the NDD's effectiveness improves with the mutation period reducing and the number of vulnerability attacked successively on a single attack path growing,meanwhile,although enlarging the mutation space is beneficial to improving the NDD's effectiveness in the beginning,the attack success probability would converge with the persistent enlargement of mutation space,which limits the continuous improvement of NDD's effectiveness.