中文摘要：

Web服务器系统作为重要的服务承载和提供平台,面临的安全问题日益严重.已有的防御技术主要基于已知攻击方法或漏洞信息进行防御,导致难以很好地应对未知攻击的威胁,从而难以全面防护Web服务器系统的安全.首先提出了攻击链模型,对已有技术的问题和不足进行了深入的分析.在此基础上,提出了基于＂动态异构冗余＂结构的拟态防御模型,并描述了拟态防御模型的防御原理和特点.基于拟态防御模型构建了拟态防御Web服务器,介绍了其架构,分析了拟态原理在Web服务器上的实现.安全性和性能测试结果显示,拟态防御Web服务器能够在较小开销的前提下防御测试中的全部攻击类型.说明拟态防御Web服务器能够有效地提升系统安全性,验证了拟态防御技术的有效性和可行性.最后讨论了拟态防御技术今后的研究前景和挑战.

英文摘要：

The Web server system, being the most important platform of supporting and providing network services, is facing serious security problem. The existing defending technologies mainly deal with the known attacking methods or the known vulnerabilities, and therefore are not effective in case of the unknown threats and do not provide overall defense. This paper first proposes an attacking model to analyze the shortcomings of existing defending technologies. Next, a dynamic heterogeneous redundancy structure based mimic defending model is proposed, and its defending principles and the characteristics are interpreted. Then, the mimic defending Web server is designed on the mimic defending model, and the structure and the implementation principles in the Web server design are introduced. The results of security and performance tests show that the presented mimic defending Web server can defend against all kinds of attacks in the tests with little performance loss, which verifies the effectiveness and the practicability of the mimic defending technology. Finally a perspective of the future work and challenges of mimic defending technology is discussed.