Summary of research on mimic defense architecture design methods
The popularization and development of the Internet technology have facilitated extensive research on the protec-tion of user's data and privacy.Cyberspace security defense has developed from passive defense to active Defense in recent years,and the performance and success rate of the new defense technologies have been significantly improved.Typical applications for passive defense are known as access control,firewall,and virtual local area network;those for active defense are honeypot technology,digital watermarking,intrusion detection,and flow cleaning.However,the traditional passive defense and active defense are shell defense loosely coupled with function and security,and their defense perfor-mance against unknown attacks is poor.Its defects can be summarized as the"impossible triangle",which means that a tra-ditional defense system cannot simultaneously meet the three defense elements of dynamics,variety,and redundancy.The three elements can be combined in pairs to form a defensive domain.The typical technical representative of DV domain is mobile target defense,DR domain is dynamic isomorphic redundancy,and VR domain is non-similar redundancy architec-ture.Our research aims to find a defense technology that can reach the DVR domain.Cyberspace mimic defense(CMD)was proposed by Academician Wu Jiangxing in 2016.It aims to address the issue of cyberspace mimic security,which is an implementation form of network endogenous security developed from traditional cybersecurity defense methods.Its core architecture is a dynamic heterogeneous redundant architecture,which mainly consists of four parts:a set of heterogeneous execution entities,a distributor,a mimetic transformer,and a voter.It is also based on the three theorems of CMD and the theorem of network security incomplete intersection as the theoretical foundation.Among them,the heterogeneity of the system is increased through heterogeneous execution entities,and the voting algorithm determines the individuals which go online and offline in the heterogeneous execution entities.The heterogeneous strategy can be divided into four areas:single source closed,single source open,multi source closed,and multi source open.This classification depends on whether the system is open source and whether the source code has been modified.In the selection of heterogeneous components,simi-larity should be avoided as much as possible.Thus,system redundancy will be improved to prevent collaborative attacks from breaking through mimic defense and causing damage to the system.The hybrid heterogeneous method can serve as a direction for further research on heterogeneous methods.It utilizes cloud computing resources to break through the limita-tions of single computer software and hardware,and it consolidates the diversity and reliability of heterogeneous systems.The core idea of the mimic voting method is that the mimic system needs to monitor the"process data and process element resources"of the execution entity,discover the attacked execution entity through voting,and determine the final result value output by the system to the user I/O.The evolution process of voting algorithms is mainly reflected in the use of diverse modules to repeatedly verify the voting results to improve their credibility,and multimodal adjudication is also an important guarantee for the dynamics of simulated systems.At the end of the mimic defense process,the scheduling algo-rithm completes the online and offline process of the execution entities in the system.For scheduling algorithms,the stan-dard of whether the system obtains historical data is adopted.This division divides algorithms into two categories:open-loop external feedback algorithms and closed-loop self-feedback algorithms.A positive external feedback scheduling algo-rithm can improve performance to a certain extent.However,the lack of analysis of the historical state of a system will reduce its sensitivity to attacks that have occurred,which weakens the dynamics of the mimic system.Therefore,schedul-ing strategies with self-feedback algorithms have better effectiveness and performance in adversarial experimental results.This study mainly starts from the historical evolution of cyberspace security development,compares the differences between traditional defense methods and mimic defense,focuses on introducing the specific implementation forms of heterogeneous strategies,scheduling strategies,and voting strategies in mimic architecture,and lists application examples that integrate mimic defense ideas in practice.The mainstream mimic defense applications are mimic router,mimic Web server,mimic distributed application,and mimic Internet of Things.Mimic defense has now gained a wide application foundation in various fields,and research based on this foundation can advance the existing network security system to a new stage.
NETL
NSTL
万方数据
