PDF(1828 KB)
PDF(1828 KB)
PDF(1828 KB)
数据基础设施抗测绘理论与技术发展研究
Advances in Anti-Surveying-and-Mapping Theory and Technologies for Data Infrastructure
当前,我国正全面深化数字化转型,推动“数据要素×”行动计划,这对数据基础设施建设提出了新要求。作为一类新型基础设施,数据基础设施和传统信息基础设施一样,应具备抗测绘能力,防止被单向透明探测。数据基础设施的抗测绘能力成为数据空间安全的基本要求,直接关系到国家、社会和个人的信息安全。本文概述了数据基础设施测绘及抗测绘的基本概念,分析了主流抗测绘技术的发展现状、主要特点以及存在的关键问题,提出了内生安全抗测绘的理论、方法和关键技术,以解决现有网络架构下数据资产固有可测性这一关键问题。研究建议:尽快开展数据空间抗测绘基础理论和关键技术研究,将抗测绘能力纳入国家数据基础设施建设基本要求和基础能力之中,加快数据基础设施关键技术研发和攻关力度,高度关注新兴技术带来的“被测绘”风险,加强数据基础设施抗测绘产业的扶持力度,推动多学科交叉融合和产教融合,尽快形成我国在数据空间的抗测绘能力。
China is deepening its digital transformation and promoting a data-driven action plan, proposing new requirements for the construction of data infrastructure. Like conventional information infrastructure types, data infrastructure needs to possess an anti-surveying-and-mapping capability to avoid being detected in one-way and transparent manners. The anti-surveying-and-mapping capability of data infrastructure has become a fundamental requirement for data space security, directly related to the information security of a country, society, and individuals. This study outlines the basic concepts of data infrastructure surveying-and-mapping and anti-surveying-and-mapping, analyzes the development status, major characteristics, and key problems of mainstream anti-surveying-and-mapping technologies, and proposes the theory, methods, and key technologies of anti-surveying-and-mapping with endogenous security, to solve the key problem of inherent measurability of data assets under the existing network architecture. To this end, the following suggestions are proposed: strengthening research on the basic theories and key technologies regarding data space anti-surveying-and-mapping; taking anti-surveying-and-mapping capability as the basic requirement of national data infrastructure construction; and increasing support for key technology research, industry incubation, multidisciplinary integration, and industry-university-research collaboration.
data space / data infrastructure / anti-surveying-and-mapping / endogenous safety
| [1] |
李国杰, 程学旗. 大数据研究: 未来科技及经济社会发展的重大战略领域——大数据的研究现状与科学思考 [J]. 中国科学院院刊, 2012, 27(6): 647‒657.
Li G J, Cheng X Q. Research status and scientific thinking of big data [J]. Bulletin of Chinese Academy of Sciences, 2012, 27(6): 647‒657.
|
| [2] |
程啸. 论大数据时代的个人数据权利 [J]. 中国社会科学, 2018 (3): 102‒122, 207‒208.
Cheng X. Personal data rights in the era of big data [J]. Social Sciences in China, 2018 (3): 102‒122, 207‒208.
|
| [3] |
许宪春, 任雪, 常子豪. 大数据与绿色发展 [J]. 中国工业经济, 2019 (4): 5‒22.
Xu X C, Ren X, Chang Z H. Big data and green development [J]. China Industrial Economics, 2019 (4): 5‒22.
|
| [4] |
常晓素. 大数据在税收风险管理中的应用探析 [J]. 税务研究, 2019 (6): 78‒81.
Chang X S. Application of big data in tax risk management [J]. Taxation Research, 2019 (6): 78‒81.
|
| [5] |
赵帆, 罗向阳, 刘粉林. 网络空间测绘技术研究 [J]. 网络与信息安全学报, 2016, 2(9): 1‒11.
Zhao F, Luo X Y, Liu F L. Research on cyberspace surveying and mapping technology [J]. Chinese Journal of Network and Information Security, 2016, 2(9): 1‒11.
|
| [6] |
陈涛, 程丽君, 李明桂, 等. 网络空间测绘系统及应用研究 [J]. 通信技术, 2020, 53(11): 2832‒2837.
Chen T, Cheng L J, Li M G, et al. Cyberspace surveying and mapping system and application [J]. Communications Technology, 2020, 53(11): 2832‒2837.
|
| [7] |
陈钟, 孟宏伟, 关志. 未来互联网体系结构中的内生安全研究 [J]. 信息安全学报, 2016, 1(2): 36‒45.
Chen Z, Meng H W, Guan Z. Research on intrinsic security in future Internet architecture [J]. Journal of Cyber Security, 2016, 1(2): 36‒45.
|
| [8] |
张伟丽, 贺磊. 关于新型内生安全信息基础设施的思考 [J]. 无线电通信技术, 2020, 46(4): 399‒404.
Zhang W L, He L. Consideration of new endogenous security information infrastructure [J]. Radio Communications Technology, 2020, 46(4): 399‒404.
|
| [9] |
江伟玉, 刘冰洋, 王闯. 内生安全网络架构 [J]. 电信科学, 2019, 35(9): 20‒28.
Jiang W Y, Liu B Y, Wang C. Network architecture with intrinsic security [J]. Telecommunications Science, 2019, 35(9): 20‒28.
|
| [10] |
周杨, 徐青, 罗向阳, 等. 网络空间测绘的概念及其技术体系的研究 [J]. 计算机科学, 2018, 45(5): 1‒7.
Zhou Y, Xu Q, Luo X Y, et al. Research on definition and technological system of cyberspace surveying and mapping [J]. Computer Science, 2018, 45(5): 1‒7.
|
| [11] |
刘红, 姚旺君, 孙彻, 等. 网络空间测绘系统分类及应用综述 [J]. 信息技术与网络安全, 2021, 40(10): 16‒21, 28.
Liu H, Yao W J, Sun C, et al. Classification and application of cyberspace surveying and mapping system [J]. Information Technology and Network Security, 2021, 40(10): 16‒21, 28.
|
| [12] |
宋苑, 卢扬明. 网络安全扫描技术综述 [J]. 广东通信技术, 2004, 24(8): 58‒60, 64.
Song Y, Lu Y M. Overview of network security scanning technology [J]. Guangdong Communication Technology, 2004, 24(8): 58‒60, 64.
|
| [13] |
张义荣, 赵志超, 鲜明, 等. 计算机网络扫描技术研究 [J]. 计算机工程与应用, 2004, 40(2): 173‒176.
Zhang Y R, Zhao Z C, Xian M, et al. A study on computer network scanning techniques [J]. Computer Engineering and Applications, 2004, 40(2): 173‒176.
|
| [14] |
唐小明, 梁锦华, 蒋建春, 等. 网络端口扫描及其防御技术研究 [J]. 计算机工程与设计, 2002, 23(9): 15‒17.
Tang X M, Liang J H, Jiang J C, et al. Research about technology of port scan and port scan detect [J]. Computer Engineering and Design, 2002, 23(9): 15‒17.
|
| [15] |
冯贵兰, 李正楠, 周文刚. 大数据分析技术在网络领域中的研究综述 [J]. 计算机科学, 2019, 46(6): 1‒20.
Feng G L, Li Z N, Zhou W G. Research on application of big data analytics in network [J]. Computer Science, 2019, 46(6): 1‒20.
|
| [16] |
姜开达, 李霄, 孙强. 基于网络流量元数据的安全大数据分析 [J]. 信息网络安全, 2014, 14(5): 37‒40.
Jiang K D, Li X, Sun Q. Big data analysis on security based on network traffic metadata [J]. Netinfo Security, 2014, 14(5): 37‒40.
|
| [17] |
李晓会, 陈潮阳, 伊华伟, 等. 基于云计算和大数据分析的大规模网络流量预测 [J]. 吉林大学学报(工学版), 2021, 51(3): 1034‒1039.
Li X H, Chen C Y, Yi H W, et al. Large scale network traffic prediction based on cloud computing and big data analysis [J]. Journal of Jilin University (Engineering and Technology Edition), 2021, 51(3): 1034‒1039.
|
| [18] |
许子明, 田杨锋. 云计算的发展历史及其应用 [J]. 信息记录材料, 2018, 19(8): 66‒67.
Xu Z M, Tian Y F. The development history and application of cloud computing [J]. Information Recording Materials, 2018, 19(8): 66‒67.
|
| [19] |
王勇, 周慧怡, 俸皓, 等. 基于深度卷积神经网络的网络流量分类方法 [J]. 通信学报, 2018, 39(1): 14‒23.
Wang Y, Zhou H Y, Feng H, et al. Network traffic classification method basing on CNN [J]. Journal on Communications, 2018, 39(1): 14‒23.
|
| [20] |
石乐义, 李阳, 马猛飞. 蜜罐技术研究新进展 [J]. 电子与信息学报, 2019, 41(2): 498‒508.
Shi L Y, Li Y, Ma M F. Latest research progress of honeypot technology [J]. Journal of Electronics & Information Technology, 2019, 41(2): 498‒508.
|
| [21] |
Pan L, Yang J H, He L, et al. Your router is my prober: Measuring IPv6 networks via ICMP rate limiting side channels [R]. San Diego: Proceedings 2023 Network and Distributed System Security Symposium, 2023.
|
| [22] |
包正晶, 苏马婧, 康彬, 等. 域名画像系统的设计与实现 [J]. 信息技术与网络安全, 2021, 40(6): 1‒8.
Bao Z J, Su M J, Kang B, et al. Design and implementation of domain Name portrait system [J]. Information Technology and Network Security, 2021, 40(6): 1‒8.
|
| [23] |
王进, 郝子龙, 温尚国, 等. 一种基于知识图谱的分布式云安全画像和风险预警模型研究 [J]. 通信技术, 2023, 56(10): 1184‒1190.
Wang J, Hao Z L, Wen S G, et al. A distributed cloud security profile and risk precaution model based on knowledge graph [J]. Communications Technology, 2023, 56(10): 1184‒1190.
|
| [24] |
高春东, 郭启全, 江东, 等. 网络空间地理学的理论基础与技术路径 [J]. 地理学报, 2019, 74(9): 1709‒1722.
Gao C D, Guo Q Q, Jiang D, et al. The theoretical basis and technical path of cyberspace geography [J]. Acta Geographica Sinica, 2019, 74(9): 1709‒1722.
|
| [25] |
郭启全, 高春东, 郝蒙蒙, 等. 发展网络空间可视化技术支撑网络安全综合防控体系建设 [J]. 中国科学院院刊, 2020, 35(7): 917‒924.
Guo Q Q, Gao C D, Hao M M, et al. Develop visualization technology of cyberspace to support construction of comprehensive prevention and control system of cyber security [J]. Bulletin of Chinese Academy of Sciences, 2020, 35(7): 917‒924.
|
| [26] |
游建舟, 吕世超, 孙玉砚, 等. 物联网蜜罐综述 [J]. 信息安全学报, 2020, 5(4): 138‒156.
You J Z, Lyu S C, Sun Y Y, et al. A survey on honeypots of Internet of Things [J]. Journal of Cyber Security, 2020, 5(4): 138‒156.
|
| [27] |
李凌书, 邬江兴, 刘文彦. SaaS云环境下基于容器指纹匿名的网络欺骗方法 [J]. 信息安全学报, 2022, 7(2): 72‒86.
Li L S, Wu J X, Liu W Y. An anonymous network deception method based on container fingerprint modification for SaaS applications [J]. Journal of Cyber Security, 2022, 7(2): 72‒86.
|
| [28] |
吴云坤, 姜博, 潘瑞萱, 等. 一种基于零信任的SDN网络访问控制方法 [J]. 信息网络安全, 2020, 20(8): 37‒46.
Wu Y K, Jiang B, Pan R X, et al. A SDN access control mechanism based on zero trust [J]. Netinfo Security, 2020, 20(8): 37‒46.
|
| [29] |
姚忠将, 葛敬国, 张潇丹, 等. 流量混淆技术及相应识别、追踪技术研究综述 [J]. 软件学报, 2018, 29(10): 3205‒3222.
Yao Z J, Ge J G, Zhang X D, et al. Research review on traffic obfuscation and its corresponding identification and tracking technologies [J]. Journal of Software, 2018, 29(10): 3205‒3222.
|
| [30] |
卢先锋, 杨频, 梁刚. 基于动态IP黑名单的入侵防御系统模型 [J]. 计算机工程与设计, 2011, 32(1): 10‒13.
Lu X F, Yang P, Liang G. Model of intrusion prevention system based on dynamic IP blacklist [J]. Computer Engineering and Design, 2011, 32(1): 10‒13.
|
| [31] |
王平水, 王建东. 匿名化隐私保护技术研究综述 [J]. 小型微型计算机系统, 2011, 32(2): 248‒252.
Wang P S, Wang J D. Survey of research on anonymization privacy-preserving techniques [J]. Journal of Chinese Computer Systems, 2011, 32(2): 248‒252.
|
| [32] |
白紫星, 戴华昇, 宋怡景, 等. 基于多内核的操作系统内生安全技术 [J]. 集成电路与嵌入式系统, 2024, 24(1): 58‒63.
Bai Z X, Dai H S, Song Y J, et al. Endogenous security technology based on multi-kernel operating system [J]. Integrated Circuits and Embedded Systems, 2024, 24(1): 58‒63.
|
| [33] |
聂凯君, 曹傧, 彭木根. 6G内生安全: 区块链技术 [J]. 电信科学, 2020, 36(1): 21‒27.
Nie K J, Cao B, Peng M G. 6G endogenous security: Blockchain technology [J]. Telecommunications Science, 2020, 36(1): 21‒27.
|
| [34] |
邬江兴, 邹宏, 薛向阳, 等. 内生安全赋能网络弹性的构想、方法与策略 [J]. 中国工程科学, 2023, 25(6): 106‒115.
Wu J X, Zou H, Xue X Y, et al. Cyber resilience enabled by endogenous security and safety: Vision, techniques, and strategies [J]. Strategic Study of CAE, 2023, 25(6): 106‒115.
|
| [35] |
邬江兴. 网络空间拟态防御研究 [J]. 信息安全学报, 2016, 1(4): 1‒10.
Wu J X. Research on cyber mimic defense [J]. Journal of Cyber Security, 2016, 1(4): 1‒10.
|
| [36] |
王伟, 曾俊杰, 李光松, 等. 动态异构冗余系统的安全性分析 [J]. 计算机工程, 2018, 44(10): 42‒45, 50.
Wang W, Zeng J J, Li G S, et al. Security analysis of dynamic heterogeneous redundant system [J]. Computer Engineering, 2018, 44(10): 42‒45, 50.
|
/
| 〈 |
|
〉 |
