关键基础设施网络安全的"体系"建模与关键技术研究

项目名称： 关键基础设施网络安全的"体系"建模与关键技术研究

项目编号： No.61202486

项目类型： 青年科学基金项目

立项/批准年度： 2013

项目学科： 计算机科学学科

项目作者： 邓文平

作者单位： 中国人民解放军国防科学技术大学

项目金额： 24万元

中文摘要： 关键基础设施涵盖了电力、交通、能源、通信等核心公共基础资源服务系统，是国家安全、社会稳定、经济发展、人民日常生活的重要保障。随着基础设施规模日渐庞大，系统日趋复杂，多种基础设施系统之间相互关联耦合，形成了复杂庞大的"体系"。关键基础设施网络的安全性随之面临了自然灾害、恶意攻击以及随机故障的多方面威胁，传统的理论方法与技术手段已不能满足其安全性的研究需求。本项目研究国家关键基础设施网络的安全模型与安全增强机制，主要工作包括：（i）全面挖掘与刻画基础设施网络之间的关联，研究基础设施网络的"体系"建模方法；（ii）从社会-信息-物理多域融合的角度，结合攻击树模型，研究基础设施网络的安全威胁模型；（iii）研究基础设施网络的拓扑容错性设计和安全协议机制。本项目的理论与技术研究为增强基础设施安全防护能力提供理论支撑与技术手段。

中文关键词： 基础设施；信息安全；网络安全；僵尸网络；异常流量检测

英文摘要： Critical infrastructure covers the power, transportation, energy, communications, and other basic public resource service systems. It is the important guarantee for national security, social stability, economic development and people's daily life. As the infrastructure is getting larger and more complicated, and various systems are interdependent to each other, critical infrastructure has become a large-scale and complicated "System of Systems". The security of critical infrastructure networks is threatened by natural disasters, malicious attacks and random failures, as a result, traditional theoretical methods and techniques can no longer meet its security needs. This project investigates security models and security enhancement mechanisms for critical infrastructure from the following aspects: (i) grubbing and describing interdependencies among different systems, seeking for modeling the critical infrastructure system based on "System-of-Systems" approach; (ii) combined with attack-tree model, researching the network security threat model from a social-cyber-physical converged perspective; (iii) investigating the tolerance design of its network topology and security protocol mechanisms. The research results of this project can provide theoretical support and technical means to improve capabilities of the infra

英文关键词： Critical infrastructure；Information security；Network security；Botnet；Abnormal traffic detection