PDF(186 KB)
PDF(186 KB)
PDF(186 KB)
拟态防御技术
Mimic Defense Technology
网络空间安全处于易攻难守的非平衡态势,主动防御技术作为网络空间防御技术的新星,其研究热度不断提高。本文以入侵容忍技术和移动目标防御技术为主线概括了主动防御技术的发展,并介绍了拟态防御技术理论、工程实践以及测试情况。通过分析对比拟态防御和入侵容忍、移动目标的异同,提出网络安全再平衡战略的研究重点和方向,为国家网络空间安全发展提供借鉴和参考。
Cybersecurity is in an unbalanced situation: It is easy to attack cybersecurity but difficult to defend it. Active defense technology is a new direction in cybersecurity research that has attracted more and more attention. This paper summarizes the development of active defense via the introduction of intrusion tolerance technology and moving target defense technology. We then introduce the theory, implementation, and testing of mimic defense. By comparing mimic defense with intrusion tolerance and moving target defense, we propose a research direction and a key point in the cybersecurity rebalancing strategy in order to provide a reference for the development of national cybersecurity.
mimic defense / active defense technology / cybersecurity rebalance
| [1] |
Kenkre P S, Pai A, Colaco L. Real time intrusion detection and pre-vention system[C] //Satapathy S C, Biswal B N, Udgata S K, et al. Proceedings of the 3rd international conference on frontiers of intelli-gent computing: Theory and applications (FICTA)2014.
|
| [2] |
Wu J X. Mimic security defense in cyber space [J]. Secrecy Science and Technology, 2014, 10(1): 4–9.
|
| [3] |
Powell D, Stroud R. Project IST-1999-11583 malicious- and acciden-tal-fault tolerance for internet applications: Conceptual model and ar-chitecture of MAFTIA [R]. Newcastle: University of Newcastle upon Tyne, 2003.
|
| [4] |
Jajodia S, Ghosh A K, Swarup V, et al. Moving target defense: Creat-ing asymmetric uncertainty for cyber threats [M]. New York: Springer, 2011.
|
| [5] |
Gupta V, Lam V, Ramasamy HG V, et al. Dependability and perfor-mance evaluation of intrusion-tolerant server architectures [M]. Berlin: Springer, 2003.
|
| [6] |
Wang F, Jou F, Gong F, et al. SITAR: A scalable intrusion-tolerant architecture for distributed services [C]// Proceedings of the 2001 IEEE— Workshop on information assurance and security. New York: United States Military Academy, 2003.
|
| [7] |
Malkhi D, Reiter M. Byzantine quorum systems [J]. Distributed Com-puting, 1998, 11(4): 203–213.
|
| [8] |
Kewley D L, Bouchard J F. DARPA information assurance program dynamic defense experiment summary [J]. IEEE Transactions on Systems, Man, and Cybernetics. Part A, Systems and Humans, 2001, 31(4): 331–336.
|
| [9] |
Okhravi H, Hobson T, Bigelow D, et al. Finding focus in the blur of moving-target techniques [J]. IEEE Security & Privacy, 2014, 12(2): 16–26.
|
/
| 〈 |
|
〉 |
