拟态防御架构设计方法研究进展
Summary of research on mimic defense architecture design methods
- 2024年29卷第8期 页码:2319-2332
纸质出版日期: 2024-08-16
DOI: 10.11834/jig.230310
移动端阅览
浏览全部资源
扫码关注微信
纸质出版日期: 2024-08-16 ,
移动端阅览
李淇, 段鹏松, 曹仰杰, 张大龙, 杨晓晗, 王宇静. 2024. 拟态防御架构设计方法研究进展. 中国图象图形学报, 29(08):2319-2332
Li Qi, Duan Pengsong, Cao Yangjie, Zhang Dalong, Yang Xiaohan, Wang Yujing. 2024. Summary of research on mimic defense architecture design methods. Journal of Image and Graphics, 29(08):2319-2332
随着互联网技术的普及和发展,用户数据和隐私的保护已经成为一个热门的研究领域。网络空间安全防御从被动防御发展到主动防御,防御性能和成功率获得了显著的提升。然而,传统的被动防御和主动防御本质上都是功能和安全松耦合的外壳式防御,对未知攻击的防御性能较差。网络空间拟态防御(cyberspace mimic defense, CMD)是在传统网络安全防御方式上发展出来的网络内生安全实现形式,核心架构为动态异构冗余架构,架构实现主体主要由异构执行体集合、分发器、拟态变换器和表决器4部分组成,同时以CMD三定理及网络安全不完全交集定理为理论基础。其中,通过异构执行体增加系统的异构性,并由表决算法决定异构执行体中上下线的个体,最终由调度算法完成系统中执行体的上下线过程。本文主要从网络空间安全发展的历史沿革出发,对比传统防御方式与拟态防御的差异,着重介绍拟态架构中异构策略、调度策略以及表决策略的具体实现形式,并罗列在实践过程中融合拟态防御思想的应用实例。拟态防御已经在各个领域有了较为广泛的应用基础,在此基础上的研究可以将现有网络安全体系推进到新的阶段。
The popularization and development of the Internet technology have facilitated extensive research on the protection of user’s data and privacy. Cyberspace security defense has developed from passive defense to active Defense in recent years, and the performance and success rate of the new defense technologies have been significantly improved. Typical applications for passive defense are known as access control, firewall, and virtual local area network; those for active defense are honeypot technology, digital watermarking, intrusion detection, and flow cleaning. However, the traditional passive defense and active defense are shell defense loosely coupled with function and security, and their defense performance against unknown attacks is poor. Its defects can be summarized as the “impossible triangle”, which means that a traditional defense system cannot simultaneously meet the three defense elements of dynamics, variety, and redundancy. The three elements can be combined in pairs to form a defensive domain. The typical technical representative of DV domain is mobile target defense, DR domain is dynamic isomorphic redundancy, and VR domain is non-similar redundancy architecture. Our research aims to find a defense technology that can reach the DVR domain. Cyberspace mimic defense (CMD) was proposed by Academician Wu Jiangxing in 2016. It aims to address the issue of cyberspace mimic security, which is an implementation form of network endogenous security developed from traditional cybersecurity defense methods. Its core architecture is a dynamic heterogeneous redundant architecture, which mainly consists of four parts: a set of heterogeneous execution entities, a distributor, a mimetic transformer, and a voter. It is also based on the three theorems of CMD and the theorem of network security incomplete intersection as the theoretical foundation. Among them, the heterogeneity of the system is increased through heterogeneous execution entities, and the voting algorithm determines the individuals which go online and offline in the heterogeneous execution entities. The heterogeneous strategy can be divided into four areas: single source closed, single source open, multi source closed, and multi source open. This classification depends on whether the system is open source and whether the source code has been modified. In the selection of heterogeneous components, similarity should be avoided as much as possible. Thus, system redundancy will be improved to prevent collaborative attacks from breaking through mimic defense and causing damage to the system. The hybrid heterogeneous method can serve as a direction for further research on heterogeneous methods. It utilizes cloud computing resources to break through the limitations of single computer software and hardware, and it consolidates the diversity and reliability of heterogeneous systems. The core idea of the mimic voting method is that the mimic system needs to monitor the “process data and process element resources” of the execution entity, discover the attacked execution entity through voting, and determine the final result value output by the system to the user I/O. The evolution process of voting algorithms is mainly reflected in the use of diverse modules to repeatedly verify the voting results to improve their credibility, and multimodal adjudication is also an important guarantee for the dynamics of simulated systems. At the end of the mimic defense process, the scheduling algorithm completes the online and offline process of the execution entities in the system. For scheduling algorithms, the standard of whether the system obtains historical data is adopted. This division divides algorithms into two categories: open-loop external feedback algorithms and closed-loop self-feedback algorithms. A positive external feedback scheduling algorithm can improve performance to a certain extent. However, the lack of analysis of the historical state of a system will reduce its sensitivity to attacks that have occurred, which weakens the dynamics of the mimic system. Therefore, scheduling strategies with self-feedback algorithms have better effectiveness and performance in adversarial experimental results. This study mainly starts from the historical evolution of cyberspace security development, compares the differences between traditional defense methods and mimic defense, focuses on introducing the specific implementation forms of heterogeneous strategies, scheduling strategies, and voting strategies in mimic architecture, and lists application examples that integrate mimic defense ideas in practice. The mainstream mimic defense applications are mimic router, mimic Web server, mimic distributed application, and mimic Internet of Things. Mimic defense has now gained a wide application foundation in various fields, and research based on this foundation can advance the existing network security system to a new stage.
网络安全内生安全拟态防御冗余性动态异构
network securityendogenous securitymimic defenseredundancydynamic isomerism
Bangalore A K and Sood A K. 2009. Securing web servers using self cleansing intrusion tolerance (SCIT)//Proceedings of the 2nd International Conference on Dependability. Athens, Greece: IEEE, 2009: 60-65 [DOI: 10.1109/DEPEND.2009.15http://dx.doi.org/10.1109/DEPEND.2009.15]
Bass J M. 1995. Voting in Real-Time Distributed Computer Control Systems. Sheffield, UK: The University of Sheffield
Chen P, Su M C, Chen H X, Wang S H, Deng L M and Cao A J. 2022. Research on mimicry defense design of internet of vehicles system based on reinforcement learning. Journal of Information Security Research, 8(6): 545-553
陈平, 苏牧辰, 陈浩贤, 汪仕浩, 邓黎明, 曹岸杰. 2022. 基于强化学习的车联网系统拟态防御设计研究. 信息安全研究, 8(6): 545-553 [DOI: 10.12379/j.issn.2096-1057.2022.06.04http://dx.doi.org/10.12379/j.issn.2096-1057.2022.06.04]
Jamali N and Sammut C. 2011. Majority voting: material classification by tactile sensing using surface texture. IEEE Transactions on Robotics, 27(3): 508-521 [DOI: 10.1109/TRO.2011.2127110http://dx.doi.org/10.1109/TRO.2011.2127110]
Kanekawa N, Maejima H, Kato H and Ihara H. 1989. Dependable onboard computer systems with a new method-stepwise negotiating voting//Proceedings of the 9th International Symposium on Fault-Tolerant Computing. Digest of Papers. Chicago, USA: IEEE Press: 13-19 [DOI: 10.1109/FTCS.1989.105536http://dx.doi.org/10.1109/FTCS.1989.105536]
Kreibich C and Crowcroft J. 2004. Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM Computer Communication Review, 34(1): 51-56 [DOI: 10.1145/972374.972384http://dx.doi.org/10.1145/972374.972384]
Lamport L. 1978. The implementation of reliable distributed multiprocess systems. Computer Networks(1976), 2(2): 95-114
Li C H, Tang J J, Chen Y T, Lei R, Chen C and Wang W M. 2022. Dynamic scheduling method of service function chain executors based on the mimic defense architecture. Telecommunications Science, 38(4): 101-112
李传煌, 唐晶晶, 陈泱婷, 雷睿, 陈超, 王伟明. 2022. 基于拟态防御架构的服务功能链执行体动态调度方法. 电信科学, 38(4): 101-112 [DOI: 10.11959/j.issn.1000-0801.2022070http://dx.doi.org/10.11959/j.issn.1000-0801.2022070]
Li L S. 2021. Research on Key Technologies of Mimic SaaS Cloud Security Architecture. Zhengzhou: PLA Strategic Support Force Information Engineering University
李凌书. 2021. 拟态SaaS云安全架构及关键技术研究. 郑州: 战略支援部队信息工程大学 [DOI: 10.27188/d.cnki.gzjxu.2021.000020http://dx.doi.org/10.27188/d.cnki.gzjxu.2021.000020]
Li Q M and Sang X N. 2020. Mimicry defense dynamic scheduling method based on multi-stage queues. CN, 111556030A
李千目, 桑笑楠. 2020. 一种基于多级队列的拟态防御动态调度方法. 中国, 111556030A
Liu H. 2020. Research on Heterogeneous Software Deployment Strategy for Mimic Defense System. Zhengzhou: PLA Strategic Support Force Information Engineering University
刘浩. 2020. 面向拟态防御系统的异构软件部署策略研究. 郑州: 战略支援部队信息工程大学 [DOI: 10.27188/d.cnki.gzjxu.2020.000101http://dx.doi.org/10.27188/d.cnki.gzjxu.2020.000101]
Liu Q R, Lin S J and Gu Z Y. 2018. Heterogeneous redundancies scheduling algorithm for mimic security defense. Journal on Communications, 39(7): 188-198
刘勤让, 林森杰, 顾泽宇. 2018. 面向拟态安全防御的异构功能等价体调度算法. 通信学报, 39(7): 188-198 [DOI: 10.11959/j.issn.1000-436x.2018124http://dx.doi.org/10.11959/j.issn.1000-436x.2018124]
Lorczak P R, Caglayan A K and Eckhardt D E. 1989. A theoretical investigation of generalized voters for redundant systems//Proceedings of the 9th International Symposium on Fault-Tolerant Computing. Digest of Papers. Chicago, USA: IEEE: 1989: 444-451 [DOI: 10.1109/FTCS.1989.105617http://dx.doi.org/10.1109/FTCS.1989.105617]
Ma H L, Jiang Y M, Bai B and Zhang J H. 2017. Tests and analyses for mimic defense ability of routers. Journal of Cyber Security, 2(1): 43-53
马海龙, 江逸茗, 白冰, 张建辉. 2017. 路由器拟态防御能力测试与分析. 信息安全学报, 2(1): 43-53 [DOI: 10.19363/j.cnki.cn10-1380/tn.2017.01.004http://dx.doi.org/10.19363/j.cnki.cn10-1380/tn.2017.01.004]
Ma H L, Wang L, Hu T, Jiang Y M and Qu Y Z. 2022. Survey on the development of mimic defense in cyberspace: from mimic concept to “mimic+” ecology. Chinese Journal of Network and Information Security, 8(2): 15-38
马海龙, 王亮, 胡涛, 江逸茗, 曲彦泽. 2022. 网络空间拟态防御发展综述: 从拟态概念到“拟态+”生态. 网络与信息安全学报, 8(2): 15-38 [DOI: 10.11959/j.issn.2096-109x.2022018http://dx.doi.org/10.11959/j.issn.2096-109x.2022018]
Maraninchi F and RéMond Y. 2001. Argos: an automaton-based synchronous language. Computer Languages, 27(1/3): 61-92 [DOI: 10.1016/S0096-0551(01)00016-9http://dx.doi.org/10.1016/S0096-0551(01)00016-9]
Ouyang C T, Wang X and Zheng J. 2011. Adaptive consensus voting algorithm. Computer Science, 38(7): 130-133
欧阳城添, 王曦, 郑剑. 2011. 自适应一致表决算法. 计算机科学, 38(7): 130-133 [DOI: 10.3969/j.issn.1002-137X.2011.07.029http://dx.doi.org/10.3969/j.issn.1002-137X.2011.07.029]
Parhami B. 1994. Voting algorithms. IEEE Transactions on Reliability, 43(4): 617-629 [DOI: 10.1109/24.370218http://dx.doi.org/10.1109/24.370218]
Qiu Q C, Liang Y, Wu C M and Wu J X. 2020. A multimode decision system based on time iteration and negative feedback mechanism. CN, 111385299A
邱启仓, 梁元, 吴春明, 邬江兴. 2020. 一种基于时间迭代与负反馈机制的多模裁决系统. 中国, 111385299A
Qiu Q C, Liang Y, Yao S F, Chen F H and Shi Y. 2022. A multimode decision negative feedback system based on multiobjective optimization algorithm. CN, 114826782A
邱启仓, 梁元, 姚少峰, 陈福辉, 石玉. 2022. 一种基于多目标优化算法的多模裁决负反馈系统. 中国, 114826782A
She P, Li N B, Xie B and Li C. 2018. The model of storage verification under mimic defense theory. Digital Technology and Application, 36(9): 54-56, 58
佘平, 李宁波, 谢彬, 李程. 2018. 面向拟态防御系统的存储校验模型. 数字技术与应用, 36(9): 54-56, 58 [DOI: 10.19695/j.cnki.cn12-1369.2018.09.26http://dx.doi.org/10.19695/j.cnki.cn12-1369.2018.09.26]
Si X M, Wang W, Zeng J J, Yang B C, Li G S, Yuan C and Zhang F. 2016. A review of the basic theory of mimic defense. Strategic Study of CAE, 18(6): 62-68
斯雪明, 王伟, 曾俊杰, 杨本朝, 李光松, 苑超, 张帆. 2016. 拟态防御基础理论研究综述. 中国工程科学, 18(6): 62-68 [DOI: 10.15302/J-SSCAE-2016.06.013http://dx.doi.org/10.15302/J-SSCAE-2016.06.013]
Song G, Yang Z M, Zhou H R, Yang L and Ye T T. 2022. Study on multi-mode decision attack and defense strategy in active CMD. Electronic Technology, 51(6): 38-41
宋歌, 杨哲明, 周豪睿, 杨柳, 叶婷婷. 2022. 拟态主动防御中的多模裁决攻击与防御策略. 电子技术(上海), 51(6): 38-41
Stroud R, Welch I, Warne J and Ryan P. 2004. A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture//Proceedings of 2004 International Conference on Dependable Systems and Networks, 2004. Florence, Italy: IEEE: 453-461 [DOI: 10.1109/DSN.2004.1311915http://dx.doi.org/10.1109/DSN.2004.1311915]
Tong Q, Zhang Z, Zhang W H and Wu J X. 2017. Design and implementation of mimic defense web server. Journal of Software, 28(4): 883-897
仝青, 张铮, 张为华, 邬江兴. 2017. 拟态防御Web服务器设计与实现. 软件学报, 28(4): 883-897 [DOI: 10.13328/j.cnki.jos.005192http://dx.doi.org/10.13328/j.cnki.jos.005192]
Wang F T, Zhang S Y, Li C L and Luo B. 2022. RGBT tracking based on dynamic modal interaction and adaptive feature fusion. Journal of Image and Graphics, 27(10): 3010-3021
王福田, 张淑云, 李成龙, 罗斌. 2022. 动态模态交互和特征自适应融合的RGBT跟踪. 中国图象图形学报, 27(10): 3010-3021 [DOI: 10.11834/jig.210287http://dx.doi.org/10.11834/jig.210287]
Wang F Y and Upppalli R. 2003. SITAR: a scalable intrusion-tolerant architecture for distributed services-a technology summary//Proceedings of 2003 DARPA Information Survivability Conference and Exposition (DISCEX). Washington, USA: IEEE: 153-155 [DOI: 10.1109/DISCEX.2003.1194957http://dx.doi.org/10.1109/DISCEX.2003.1194957]
Wang R C. 2016. Research on the Address Space Layout Randomization Technology Based on Windows Platform. Beijing: Beijing University of Posts and Telecommunications
王睿宸. 2016. 基于Windows平台的地址空间布局随机化技术的研究. 北京: 北京邮电大学
Wang S, Wang H J, Qin X P and Zhou X. 2011. Architecting big data: challenges, studies and forecasts. Chinese Journal of Computers, 34(10): 1741-1752
王珊, 王会举, 覃雄派, 周烜. 2011. 架构大数据: 挑战、现状与展望. 计算机学报, 34(10): 1741-1752 [DOI: 10.3724/SP.J.1016.2011.01741http://dx.doi.org/10.3724/SP.J.1016.2011.01741]
Wang X M, Yang W H, Zhang W and Yang Z. 2018. Research on scheduling strategy of mimic Web server based on BSG. Journal on Communications, 39(S2): 112-120
王晓梅, 杨文晗, 张维, 杨镇. 2018. 基于BSG的拟态Web服务器调度策略研究. 通信学报, 39(S2): 112-120 [DOI: 10.11959/j.issn.1000-436x.2018272http://dx.doi.org/10.11959/j.issn.1000-436x.2018272]
Wu J X. 2016. Research on cyber mimic defense. Journal of Cyber Security, 1(4): 1-10
邬江兴. 2016. 网络空间拟态防御研究. 信息安全学报, 1(4): 1-10 [DOI: 10.19363/j.cnki.cn10-1380/tn.2016.04.001http://dx.doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001]
Wu J X. 2018. The principle of cyberspace mimetic defense: generalized robust control and endogenous security Volume1. Beijing: Science Press
邬江兴. 2018. 网络空间拟态防御原理:广义鲁棒控制与内生安全. 上册. 北京:科学出版社
Wu J X.2020. Endogenous security in cyberspace: mimetic defense and generalized robust control Volume 1. Beijing: Science Press
邬江兴. 2020.网络空间内生安全: 拟态防御与广义鲁棒控制. 上册. 北京: 科学出版社
Wu Z Q, Zhang F, Guo W, Wei J and Xie G W. 2020. A mimic arbitration optimization method based on heterogeneous degree of executors. Computer Engineering, 46(5): 12-18
武兆琪, 张帆, 郭威, 卫今, 谢光伟. 2020. 一种基于执行体异构度的拟态裁决优化方法. 计算机工程, 46(5): 12-18 [DOI: 10.19678/j.issn.1000-3428.0055996http://dx.doi.org/10.19678/j.issn.1000-3428.0055996]
Yang W J, Liu X Y, Zhang Y, Zhang X M and Zhang R Y. 2022. A method for arbitration and scheduling of mimicry industrial controllers. Journal of Information Security Research, 8(6): 534-544
杨汶佼, 刘星宇, 张奕, 张兴明, 张汝云. 2022. 一种针对拟态工业控制器的裁决及调度方法. 信息安全研究, 8(6): 534-544 [DOI: 10.12379/j.issn.2096-1057.2022.06.03http://dx.doi.org/10.12379/j.issn.2096-1057.2022.06.03]
Yegneswaran V, Giffin J T, Barford P and Jha S. 2005. An architecture for generating semantic-aware signatures//Proceedings of the 14th conference on USENIX Security Symposium. Baltimore, USA: USENIX Association, 14: #7 [DOI: 10.5555/1251398.1251405]
Yue Y Y, Xu D, He K J and Zhang H. 2023. An adaptive occlusion-aware multiple targets tracking algorithm for low viewpoint. Journal of Image and Graphics, 28(2): 441-457
乐应英, 徐丹, 贺康建, 张浩. 2023. 低视点下遮挡自适应感知的多目标跟踪算法. 中国图象图形学报, 28(2): 441-457 [DOI: 10.11834/jig.210853http://dx.doi.org/10.11834/jig.210853]
Zhang F, Xie G W, Guo W, Hu H C, Zhang R Y and Liu W Y. 2021. Key technologies and implementation methods of endogenous safety and security cloud data center based on mimic architecture. Telecommunications Science, 37(3): 37-48
张帆, 谢光伟, 郭威, 扈红超, 张汝云, 刘文彦. 2021. 基于拟态架构的内生安全云数据中心关键技术和实现方法. 电信科学, 37(3): 37-48 [DOI: 10.11959/j.issn.1000-0801.2021056http://dx.doi.org/10.11959/j.issn.1000-0801.2021056]
Zhang Q Q, Tang H B, You W and Pu L M. 2022. Dynamic scheduling strategy of NFV mimic defense architecture based on evolutionary game. Computer Engineering, 48(4): 30-38, 49
张青青, 汤红波, 游伟, 普黎明. 2022. 基于演化博弈的NFV拟态防御架构动态调度策略. 计算机工程, 48(4): 30-38, 49 [DOI: 10.19678/j.issn.1000-3428.0061282http://dx.doi.org/10.19678/j.issn.1000-3428.0061282]
Zhang S S, Bu Y J, Chen B, Wang H, Chen Y and Cai H Z. 2022. Research and design of a mimic Web honeypot. Industrial Control Computer, 35(1): 78-80
张双双, 卜佑军, 陈博, 王涵, 陈韵, 蔡翰智. 2022. 拟态Web蜜罐的研究与设计. 工业控制计算机, 35(1): 78-80 [DOI: 10.3969/j.issn.1001-182X.2022.01.028http://dx.doi.org/10.3969/j.issn.1001-182X.2022.01.028]
Zheng Y, Li Z, Xu X L and Zhao Q Z. 2022. Dynamic defenses in cyber security: techniques, methods and challenges. Digital Communications and Networks, 8(4): 422-435 [DOI: 10.1016/j.dcan.2021.07.006http://dx.doi.org/10.1016/j.dcan.2021.07.006]
Zhou H T and Zhu J H. 2005. Majority voting algorithm based on self-test. Journal of Tsinghua University (Science and Technology), 45(4): 488-491
周海涛, 朱纪洪. 2005. 基于自检测的多数一致表决算法. 清华大学学报(自然科学版), 45(4): 488-491 [DOI: 10.16511/j.cnki.qhdxxb.2005.04.015http://dx.doi.org/10.16511/j.cnki.qhdxxb.2005.04.015]
相关文章
相关作者
相关机构