Deception defense,as the most promising technology in proactive defense,aids defenders in facing highly covert and unknown threats,turning passivity into proactivity,and breaking the inherent imbalance between offense and defense.In the face of potential threat scenarios,how to effectively use deception defense technology to help defenders anticipate threats,perceive threats,and entrap threats,is a key issue that currently need to be addressed.Game theory and attack graph models provide strong support in formulating active defense strategies and analyzing potential risks.We summarize and review the recent work of both in the realm of deception defense.With the rapid development of large language model technology and its increasingly close integration with the field of cybersecurity,we review traditional deception defense technology and propose a large language model-based intelligent external network HoneyPoint generation technique.Experimental analysis validates the effectiveness of external network HoneyPoint in capturing network threats,showing improvements over traditional Web honeypots in aspects like simulation,stability,and flexibility.To enhance the collaborative cooperation between HoneyPoints and improve the capabilities for threatening exploration and perception,the concept of Honey-Landscape is introduced.We provide an outlook on how to utilize HoneyPoint and Honey-Landscape technologies to construct an integrated active defense mechanism that includes threat prediction,threat perception,and threat entrapment.
关键词
欺骗防御/大语言模型/攻击图/博弈论/蜜点/蜜阵
Key words
deception defense/large language model/attack graph/game theory/HoneyPoint/Honey-Landscape
引用本文复制引用
基金项目
国家自然科学基金(U20B2046)
国家重点研发计划(2021YFB2012402)
广东省高等学校珠江学者计划(2019)(U20B2046)
国家重点研发计划(2021YFB2012402)
Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme(2019)()
维普
万方数据