网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (2): 15-38.doi: 10.11959/j.issn.2096-109x.2022018
马海龙1, 王亮1,2, 胡涛1, 江逸茗1, 曲彦泽1
修回日期:
2022-03-01
出版日期:
2022-04-15
发布日期:
2022-04-01
作者简介:
马海龙(1980− ),男,山东沂水人,信息工程大学副研究员,主要研究方向为网络空间内生安全、网络威胁智能感知及新型网络体系基金资助:
Hailong MA1, Liang WANG1,2, Tao HU1, Yiming JIANG1, Yanze QU1
Revised:
2022-03-01
Online:
2022-04-15
Published:
2022-04-01
Supported by:
摘要:
网络空间拟态防御(CMD,cyberspace mimic defense)基于动态异构冗余架构实现多体执行、多模裁决和多维重构,以不确定性系统应对网络空间泛在化的不确定性威胁。从纵向、横向、当前、发展和未来5个视角对其8年来的演进进行系统综述:纵向观,概述了CMD从概念提出,到理论、实践层面形成发展的历程;横向观,阐述了CMD的DHR(dynamical heterogeneous redundancy)核心架构、以CMD三定理为支柱的原理、安全增益、性能开销,将其与入侵容忍、移动目标防御、零信任架构、可信计算和计算机免疫学 5 类其他主动防御技术进行了综合对比辨析;当前观,综述了拟态路由器、拟态处理机、拟态 DNS服务器、拟态云平台等 11 类现有主要拟态产品的实现要素、性能表现、系统架构、异构策略、调度策略、表决策略等共性技术模式与特性技术特点;发展观,结合人工智能、物联网、云计算、大数据和软件定义网络5类新型技术探讨了“拟态+”AICDS(拟态+AI/ IoT/Cloud/Data/SDN)共生生态,提出了相应技术结合点和交叉研究价值;未来观,展望了未来拟态基线 2.0 产品生态、“拟态+5G/6G”“拟态+边缘计算”“拟态+云”和“拟态+区块链”5 类“拟态+”应用场景,分析归纳了拟态防御技术面临的存在多模决策攻击逃逸空间、异构与同步互制约、安全与功能难平衡和现有内生安全组件变换空间有限4点挑战。
中图分类号:
马海龙, 王亮, 胡涛, 江逸茗, 曲彦泽. 网络空间拟态防御发展综述:从拟态概念到“拟态+”生态[J]. 网络与信息安全学报, 2022, 8(2): 15-38.
Hailong MA, Liang WANG, Tao HU, Yiming JIANG, Yanze QU. Survey on the development of mimic defense in cyberspace:from mimic concept to “mimic+” ecology[J]. Chinese Journal of Network and Information Security, 2022, 8(2): 15-38.
表1
拟态多执行体调度算法综合对比Table 1 Comprehensive comparison of mimicry multi-executor scheduling algorithms"
调度算法 | 动态性指标(取值1~5) | 平均失效率 | 异构度 | 系统开销 | 服务质量 |
MD | 1 | 1.14×10-4 | 0.114 3 | O(1) | — |
OMD | 1 | 3.60×10-4 | 0.218 3 | O(1) | 0.450 3 |
随机调度 | 5 | 7.66×10-4 | 0.272 3 | O(1) | — |
RSMS[ | 2 | 2.77×10-4 | 0.155 0 | O(n) | — |
PSPT[ | 5 | — | 0.249 0 | O(1) | — |
RSMHQ[ | 2 | — | 0.376 8 | O(n) | 0.519 3 |
RSMHQH[ | 2 | — | — | O(1) | — |
基于正态分布[ | 4 | — | — | O(2n) | — |
基于BSG[ | 2 | — | MOSS | O(n) | — |
基于反馈判决[ | 3 | — | MOSS | O(n) | — |
基于自学习[ | 3 | — | — | O(2n) | — |
基于安全策略[ | 2 | — | — | O(n) | — |
基于滑动窗口[ | 4 | — | — | O(n) | — |
注:动态性指标取值越大表示动态性越强,MOSS表示采用基于软件相似性度量衡量执行体间异构度,“—”表示研究未衡量该指标。 |
表2
主要主动防御技术对比Table 2 Comparison of major active defense technologies"
技术 | 发布时间 | 技术本质 | 核心特性 | 典型架构 | 具体实现 | 先验知识无关性 | 组件动态水平 | 风险感知能力 | 威胁规避能力 |
CMD | 2016年 | 异构执行体策略裁决与动态调度 | 动态、异构、冗余 | DHR | 拟态交换机/路由器/处理机等 | 5 | 5 | 4 | 5 |
入侵容忍 | 1985年 | 配置冗余资源容忍入侵 | 冗余 | 基于入侵检测的容忍触发、算法驱动、周期性恢复 | SITAR/MAFTIA/SCIT | 2 | 3 | 3 | 4 |
MTD | 2009年 | 移动攻击面 | 多样、动态、随机 | 动态网络+动态平台+动态环境+动态应用+动态数据 | MUTE/MAS | 5 | 5 | 3 | 5 |
ZTA | 2010年 | 基于信任传递建立信任关系 | 信任授权 | 强认证+最小特权授权 | 无 | 1 | 4 | 5 | 5 |
TC | 1985年 | 以身份取代传统网络边界 | 信任授权 | TPM+TSS+应用 | SGX[ | 5 | 1 | 1 | 5 |
计算机免疫学 | 20 世纪90年代 | 将网络威胁视为待优化问题求解 | 免疫 | 抗原识别+抗体群体产生+群体更新 | IMMSIM/ARTIS/Multi-Agent | 1 | 1 | 4 | 4 |
表3
主要拟态平台共性技术实现Table 3 Realization of generic technology of main mimicry platform"
拟态平台 | 系统架构 | 异构策略 | 调度策略 | 表决策略 |
拟态蜜罐[ | 拟态蜜罐子系统+宿主机操作系统+物理硬件 | Web中间件+操作系统 | 状态回滚+轮换 | 行为记录、告警数据对比 |
拟态防火墙[ | 分布式处理架构 | 硬件平台+操作系统+安全引擎 | 未明确 | 分层次、分阶段裁决 |
拟态交换机[ | 异构执行体集+拟态调度器+交换芯片 | CPU+操作系统 | 定时清洗+裁决清洗 | 基于信任权值的自清洗大数表决 |
拟态路由器 | 应用层+控制层+设备层 | 路由器+操作系统 | 执行体可信度+执行体性能权重 | 择多判决、权重判决、随机判决 |
拟态处理机[ | 拟态调度器+异构处理机集+外围电路 | 操作系统 | 基于状态保存的两步清洗降级调度 | 基于可信度的比较择多策略+基于抽样择多的复合单选表决 |
拟态存储器 | 拟态调度器+异构处理机集+外围电路 | 存储编码 | 输出结果哈希值比对+纠删码 | 未明确 |
拟态Web服务器[ | 中心调度器+动态执行体调度器+服务器池+请求分发均衡模块+表决器[ | 服务器软件+文件系统+虚拟机操作系统+物理机操作系统[ | 基于可构成异构构件集种类数的执行体调度[ | 多模裁决前端表决+SQL语句审查后端表决[ |
拟态DNS服务器[ | 异构DNS服务器池+选调器 | DNS软件 | 基于执行体可信度、负载量确定选取系数的调度 | 大数表决+预表决 |
拟态计算服务器 | CPU+GPU+FPGA+DSP+HRCA+RIC计算部件+其余部分 | 计算部件与结构 | 未明确 | 未明确 |
拟态云平台[ | 基础设施层+异构网络交换层+拟态化括号层+拟态云管理器/拟态化 SaaS 应用层+运维管理层[ | 拟态存储+拟态云管+异构网络交换[ | 基于拟态表决、业务迁移和数据同步的调度[ | 大数表决[ |
拟态网络操作系统[ | 应用层+控制层+拟态层+数据层 | NOS+控制器 | 基于异构度增益的调度 | 基于博弈策略 |
表4
主要拟态平台性能表现Table 4 Performance of major mimicry platforms"
拟态平台 | 测试方案 | 安全性能(攻击成功概率) | 开销(平均时延) | ||
扫描 | 漏洞利用 | 后门利用 | |||
拟态交换机[ | √ | √ | — | 5项测试均通过 | 10 ms |
漏洞利用率35%(余度为3) | 32 ms(500条路由) | ||||
拟态路由器[ | √ | √ | √ | 漏洞利用率18%(余度为7) | |
后门利用率4%以下 | 52 ms(1 500条路由) | ||||
拟态处理机[ | √ | √ | √ | 3个测试项均通过 | 未测试 |
拟态存储器 | — | — | — | 100个文件经1 000次拟态变换持续可用 | 0.2~1s |
拟态Web服务器[ | √ | √ | √ | 13项测试均通过 | 未测试 |
拟态DNS服务器[ | — | √ | √ | 攻击难度提升1010个数量级 | 506 ms(余度为5) |
拟态云平台[ | — | √ | 3项测试均通过 | 530 ms(余度为3) | |
拟态网络操作系统[ | — | √ | √ | 0.3%~2% | 20 ms |
表5
现有拟态平台异构构件测试集Table 5 Heterogeneous component test set of existing mimicry platforms"
软件 | 硬件 | ||||||||||
应用软件[ | 服务器软件[ | 数据库/SQL脚本[ | SDN控制器[ | 文件系统[ | 虚拟/物理主机操作系统[ | CPU[ | 其他计算部件[ | 路由器[ | 路由器控制方式[ | 防火墙[ | |
RedHat 7 | Ubuntu | ||||||||||
Windows 7 | Floodlight | Windows Server 2003/ | |||||||||
Debian 7.0 | OpenDaylight | 2008/2012/2016/2018 | Intel | GPU | Quagga0.99.22.4 | 软件迁移 | Linux | ||||
Windows | RYU | ext2 | RedHat 7 | Atom | DSP | XORP1.8.5 | 控制路由 | NGTOS | |||
PHP | Server | 未异构化 | NOX | ext4 | IIS 6.0 | AMD | HRCA | 思科c2600 | 器接口改 | IPS | |
2012 | 处理 | ONOS | FAT | CentOS | E3930 | RIC | Juniper10.2 | 造组合运 | SSL | ||
IIS 6.0 | BEACON | Windows XP | 龙芯 | FPGA | MP3900 | 用实体设 | DLP | ||||
Apache | MAESTRO | Windows 7 | ZXR10 | 备和SDN | |||||||
Lightpd | RAW | Vx Works | 交换机 | ||||||||
Nginx | 中标麒麟 |
[1] | 邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10. |
WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10. | |
[2] | 王珊, 王会举, 覃雄派 ,等. 架构大数据:挑战、现状与展望[J]. 计算机学报, 2011,34(10): 1741-1752. |
WANG S , WANG H J , QIN X P ,et al. Architecting big data:chal-lenges,studies and forecasts[J]. Chinese Journal of Computers, 2011,34(10): 1741-1752. | |
[3] | 陈钟, 孟宏伟, 关志 . 未来互联网体系结构中的内生安全研究[J]. 信息安全学报, 2016,1(2): 36-45. |
CHEN Z , MENG H W , GUAN Z . Research on intrinsic security in future Internet architecture[J]. Journal of Cyber Security, 2016,1(2): 36-45. | |
[4] | 邬江兴 . 拟态计算与拟态安全防御的原意和愿景[J]. 电信科学, 2014,30(7): 2-7. |
WU J X . Meaning and vision of mimic computing and mimic secu-rity defense[J]. Telecommunications Science, 2014,30(7): 2-7. | |
[5] | 邬江兴 . 网络空间拟态防御原理简介(下)[J]. 网信军民融合, 2017(2): 43-47. |
WU J X . An introduction to principles of mimic defense in cyber-space(Part 2)[J]. Civil-Military Integration on Cyberspace, 2017(2): 43-47. | |
[6] | 佘平, 李宁波, 谢彬 ,等. 面向拟态防御系统的存储校验模型[J]. 数字技术与应用, 2018,36(9): 54-56,58. |
SHE P , LI N B , XIE B ,et al. The model of storage verification un-der mimic defense theory[J]. Digital Technology & Application, 2018,36(9): 54-56,58. | |
[7] | 宋克, 刘勤让, 魏帅 ,等. 基于拟态防御的以太网交换机内生安全体系结构[J]. 通信学报, 2020,41(5): 18-26. |
SONG K , LIU Q R , WEI S ,et al. Endogenous security architecture of Ethernet switch based on mimic defense[J]. Journal on Commu-nications, 2020,41(5): 18-26. | |
[8] | 仝青, 张铮, 张为华 ,等. 拟态防御 Web 服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897. |
TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implemen-tation of mimic defense web server[J]. Journal of Software, 2017,28(4): 883-897. | |
[9] | 王涵, 卜佑军, 江逸茗 ,等. 一种拟态蜜罐系统的设计与研究[J]. 网络安全技术与应用, 2021(2): 1-3. |
WANG H , BU Y J , JIANG Y M ,et al. Design and research of a mimic honeypot system[J]. Network Security Technology and Ap-plication, 2021(2): 1-3. | |
[10] | 朱正彬, 刘勤让, 刘冬培 ,等. 拟态多执行体调度算法研究进展[J]. 通信学报, 2021,42(5): 179-190. |
ZHU Z B , LIU Q R , LIU D P ,et al. Research progress of mimic multi-execution scheduling algorithm[J]. Journal on Communica-tions, 2021,42(5): 179-190. | |
[11] | 姚文斌, 杨孝宗 . 相异性软件组件选择算法设计[J]. 哈尔滨工业大学学报, 2003,35(3): 261-264. |
YAO W B , YANG X Z . The design of different software component selection algorithm[J]. Journal of Harbin Institute of Technology, 2003,35(3): 261-264. | |
[12] | 吕迎迎, 郭云飞, 王禛鹏 ,等. SDN中基于历史信息的负反馈调度算法[J]. 网络与信息安全学报, 2018,4(6): 45-51. |
LYU Y Y , GUO Y F , WANG Z P ,et al. Negative feedback schedul-ing algorithm based on historical information in SDN[J]. Chinese Journal of Network and Information Security, 2018,4(6): 45-51. | |
[13] | 张震骁 . 拟态防御动态调度策略研究[D]. 郑州:郑州大学, 2018. |
ZHANG Z X . Research on dynamic dispatch strategy of mimic de-fense[D]. Zhengzhou:Zhengzhou University, 2018. | |
[14] | LI J F , WU J X , HU Y X ,et al. DSL:dynamic and self-learning schedule method of multiple controllers in SDN[J]. ETRI Journal, 2017,39(3): 364-372. |
[15] | 沈丛麒, 陈双喜, 吴春明 ,等. 基于信誉度与相异度的自适应拟态控制器研究[J]. 通信学报, 2018,39(S2): 173-180. |
SHEN C Q , CHEN S X , WU C M ,et al. Adaptive mimic defensive controller framework based on reputation and dissimilarity[J]. Journal on Communications, 2018,39(S2): 173-180. | |
[16] | 王晓梅, 杨文晗, 张维 ,等. 基于BSG的拟态Web服务器调度策略研究[J]. 通信学报, 2018,39(S2): 112-120. |
WANG X M , YANG W H , ZHANG W ,et al. Research on schedul-ing strategy of mimic Web server based on BSG[J]. Journal on Communications, 2018,39(S2): 112-120. | |
[17] | 李传煌, 任云方, 汤中运 ,等. SDN中服务部署的拟态防御方法[J]. 通信学报, 2018,39(S2): 121-130. |
LI C H , REN Y F , TANG Z Y ,et al. Mimic defense method for ser-vice deployment in SDN[J]. Journal on Communications, 2018,39(S2): 121-130. | |
[18] | TWU P , MOSTOFI Y , EGERSTEDT M . A measure of heterogeneity in multi-agent systems[C]// Proceedings of 2014 American Control Conference. 2014: 3972-3977. |
[19] | 张杰鑫, 庞建民, 张铮 ,等. 面向拟态构造Web服务器的执行体调度算法[J]. 计算机工程, 2019,45(8): 14-21. |
ZHANG J X , PANG J M , ZHANG Z ,et al. Executors scheduling algorithm for Web server with mimic structure[J]. Computer Engi-neering, 2019,45(8): 14-21. | |
[20] | GARCIA M , BESSANI A , GASHI I ,et al. Analysis of operating system diversity for intrusion tolerance[J]. Software:Practice and Experience, 2014,44(6): 735-770. |
[21] | 普黎明, 刘树新, 丁瑞浩 ,等. 面向拟态云服务的异构执行体调度算法[J]. 通信学报, 2020,41(3): 17-24. |
PU L M , LIU S X , DING R H ,et al. Heterogeneous executor sche-duling algorithm for mimic cloud service[J]. Journal on Communi-cations, 2020,41(3): 17-24. | |
[22] | WU Z Q , WEI J . Heterogeneous executors scheduling algorithm for mimic defense systems[C]// Proceedings of 2019 IEEE 2nd International Conference on Computer and Communication Engineering Technology. 2019: 279-284. |
[23] | QIU D H , LI H , SUN J L . Measuring software similarity based on structure and property of class diagram[C]// Proceedings of 2013 Sixth International Conference on Advanced Computational Intelligence (ICACI). 2013: 75-80. |
[24] | 顾泽宇, 张兴明, 林森杰 . 基于安全策略的负载感知动态调度机制[J]. 计算机应用, 2017,37(11): 3304-3310. |
GU Z Y , ZHANG X M , LIN S J . Load-aware dynamic scheduling mechanism based on security strategies[J]. Journal of Computer Applications, 2017,37(11): 3304-3310. | |
[25] | 高明, 罗锦, 周慧颖 ,等. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020,36(5): 73-82. |
GAO M , LUO J , ZHOU H Y ,et al. A differential feedback sche-duling decision algorithm based on mimic defense[J]. Telecommu-nications Science, 2020,36(5): 73-82. | |
[26] | LU Z P , CHEN F C , CHENG G Z ,et al. Towards a dynamic controller scheduling-timing problem in software-defined networking[J]. China Communications, 2017,14(10): 26-38. |
[27] | GUO W , WU Z Q , ZHANG F ,et al. Scheduling sequence control method based on sliding window in cyberspace mimic defense[J]. IEEE Access, 2019,8: 1517-1533. |
[28] | 魏帅, 于洪, 顾泽宇 ,等. 面向工控领域的拟态安全处理机架构[J]. 信息安全学报, 2017,2(1): 54-73. |
WEI S , YU H , GU Z Y ,et al. Architecture of mimic security pro-cessor for industry control system[J]. Journal of Cyber Security, 2017,2(1): 54-73. | |
[29] | 王禛鹏, 扈红超, 程国振 . MNOS:拟态网络操作系统设计与实现[J]. 计算机研究与发展, 2017,54(10): 2321-2333. |
WANG Z P , HU H C , CHENG G Z . Design and implementation of mimic network operating system[J]. Journal of Computer Research and Development, 2017,54(10): 2321-2333. | |
[30] | 胡爱群, 方兰婷, 李涛 . 基于仿生机理的内生安全防御体系研究[J]. 网络与信息安全学报, 2021,7(1): 11-19. |
HU A Q , FANG L T , LI T . Research on bionic mechanism based endogenous security defense system[J]. Chinese Journal of Network and Information Security, 2021,7(1): 11-19. | |
[31] | 张启浩, 邓中, 周冬梅 . 拟态防御与国外网络安全研究成果比较分析[J]. 智能建筑, 2018(8): 17-22. |
ZHANG Q , DENG Z , ZHOU D M . Comparative analysis of mimic defense and foreign network security research results[J]. Intelligent Building, 2018(8): 17-22. | |
[32] | 张举, 耿海军, 刘洁琦 . 基于网络熵的域内节能路由方案[J]. 计算机科学, 2019,46(2): 76-80. |
ZHANG J , GENG H J , LIU J Q . Intra-domain energy efficiency routing scheme based on network entropy[J]. Computer Science, 2019,46(2): 76-80. | |
[33] | TAN P N , STEINBACK M , KUMAR V . Introduction to data mining[M]. Posts & Telecom Press, 2006. |
[34] | 陈福才, 扈红超, 刘文彦 ,等. 网络空间主动防御技术[M]. 北京: 科学出版社, 2018: 260-264. |
CHEN F CI , HU H C , LIU W Y ,et al. Active defense technology in cyberspace[M]. Beijing: Science Press, 2018: 260-264. | |
[35] | 北京天融信网络安全技术有限公司,等. 一种基于网络的数据处理方法及电子设备:中国,110311850A[P]. 2019-10-08. |
Beijing Topsec Network Security Technology Co.,Ltd..,et al. A network-based data processing method and electronic equipment:China,110311850A[P]. 2019-10-08. | |
[36] | 刘勤让, 林森杰, 顾泽宇 . 面向拟态安全防御的异构功能等价体调度算法[J]. 通信学报, 2018,39(7): 188-198. |
LIU Q R , LIN S J , GU Z Y . Heterogeneous redundancies schedul-ing algorithm for mimic security defense[J]. Journal on Communi-cations, 2018,39(7): 188-198. | |
[37] | 杨维永, 廖鹏, 刘金锁 ,等. 应对新型网络威胁下的数据保护技术研究[J]. 电力信息与通信技术, 2014,12(5): 136-139. |
YANG W Y , LIAO P , LIU J S ,et al. Research on data protection technology in response to new cyber threats[J]. Electric Power In-formation and Communication Technology, 2014,12(5): 136-139. | |
[38] | ZHENG L , NIE X Q , TAO Y ,et al. Applications of intrusion-tolerance pre-response in the grid enterprises[C]// Proceedings of 2012 Fourth International Conference on Computational and Information Sciences. 2012: 985-988. |
[39] | 扈红超, 陈福才, 王禛鹏 . 拟态防御 DHR 模型若干问题探讨和性能评估[J]. 信息安全学报, 2016,1(4): 40-51. |
HU H C , CHEN F C , WANGZ P . Performances valuations on DHR for cyberspace mimic defense[J]. Journal of Cyber Security, 2016,1(4): 40-51. | |
[40] | ROBERTM G . Entropy and information theory[M]. Berlin: Springer, 2011. |
[41] | 潘计辉, 张盛兵, 张小林 ,等. 三余度机载计算机设计与实现[J]. 西北工业大学学报, 2013,31(5): 798-802. |
PAN J H , ZHANG S B , ZHANG X L ,et al. Design and implemen-tation of airborne computer with triple degrees[J]. Journal of Northwestern Polytechnical University, 2013,31(5): 798-802. | |
[42] | LI Z J , HU B , LU T Q ,et al. Research on risk prevention and control strategy of power grid CPS system based on intrusion tolerance[J]. IOP Conference Series:Earth and Environmental Science, 2021,675(1): 147-156. |
[43] | WANG F Y , UPPPALLI R . SITAR:a scalable intrusion-tolerant architecture for distributed services-a technology summary[C]// Proceedings of Proceedings DARPA Information Survivability Conference and Exposition. 2003: 153-155. |
[44] | STROUD R , WELCH I , WARNE J ,et al. A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture[C]// Proceedings of International Conference on Dependable Systems and Networks. 2004: 453-461. |
[45] | BANGALORE A K , SOOD A K . Securing web servers using self cleansing intrusion tolerance (SCIT)[C]// Proceedings of 2009 Second International Conference on Dependability. 2009: 60-65. |
[46] | DAI Q N , TIAN Y H . Optimal design of MTD filter based on FIR[C]// Proceedings of 2019 IEEE International Conference on Signal,Information and Data Processing. 2019: 1-4. |
[47] | KAMPANAKIS P , PERROS H , BEYENE T . SDN-based solutions for Moving Target Defense network protection[C]// Proceedings of Proceeding of IEEE International Symposium on a World of Wireless,Mobile and Multimedia Networks 2014. 2014: 1-6. |
[48] | 樊琳娜, 马宇峰, 黄河 ,等. 移动目标防御技术研究综述[J]. 中国电子科学研究院学报, 2017,12(2): 209-214. |
FAN L N , MA Y F , HUANG H ,et al. The research summary of moving target defense technology[J]. Journal of China Academy of Electronics and Information Technology, 2017,12(2): 209-214. | |
[49] | PENG W , LI F , HUANG C T ,et al. A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces[C]// Proceedings of 2014 IEEE International Conference on Communications. 2014: 804-809. |
[50] | HU P F , LI H X , FU H ,et al. Dynamic defense strategy against advanced persistent threat with insiders[C]// Proceedings of 2015 IEEE Conference on Computer Communications. 2015: 747-755. |
[51] | SEO J , LEE B , KIM S ,et al. SGX-shield:enabling address space layout randomization for SGX programs[C]// Proceedings 2017 Network and Distributed System Security Symposium. 2017. |
[52] | WANG J , YAO Y , ZHANG G F ,et al. Defense method of ruby code injection attack based on instruction set randomization[C]// Proceedings of ICCCM'20:Proceedings of the 8th International Conference on Computer and Communications Management. 2020: 63-67. |
[53] | WANG H X , SHU N N , WANG Y J ,et al. Survey of software defined network and mutable network[C]// Proceedings of the International Conference on Communication and Electronic Information Engineering (CEIE 2016). 2017. |
[54] | HUANG Y , GHOSH A K . Introducing diversity and uncertainty to create moving attack surfaces for Web services[R]. 2011. |
[55] | TAO C , LV Y , QI Z ,et al. An implementation method of zero-trust architecture[J]. Journal of Physics:Conference Series, 2020,1651(1). |
[56] | GARBIS J , CHAPMAN J W . Zero trust architectures[R]. 2021. |
[57] | 秦中元, 胡爱群 . 可信计算系统及其研究现状[J]. 计算机工程, 2006,32(14): 111-113. |
QIN Z Y , HU A Q . Trusted computing system and its current re-search[J]. Computer Engineering, 2006,32(14): 111-113. | |
[58] | 樊佩佩, 杨德义 . 浅析计算机网络入侵检测中免疫机制的应用[J]. 科学技术创新, 2018(18): 69-70. |
FAN P P , YANG D Y . Analysis of the application of immune me-chanism in computer network intrusion detection[J]. Scientific and Technological Innovation, 2018(18): 69-70. | |
[59] | 王亚奇, 蒋国平 . 考虑网络流量的无标度网络病毒免疫策略研究[J]. 物理学报, 2011,60(6): 6-13. |
WANG Y Q , JIANG G P . Epidemic immunization on scale-free networks with traffic flow[J]. Acta Physica Sinica, 2011,60(6): 6-13. | |
[60] | 张楠, 张建华, 陈建英 . WSN中基于免疫Multi-Agent的入侵检测机制[J]. 计算机工程与科学, 2010,32(5): 10-14. |
ZHANG N , ZHANG J H , CHEN J Y . An intrusion detection me-chanism based on immune multi-agents in WSN[J]. Computer En-gineering & Science, 2010,32(5): 10-14. | |
[61] | 侯家利, 朱梅阶, 彭宏 . 模块化免疫神经网络的模型研究[J]. 电子学报, 2005,33(8): 1502-1505. |
HOU J L , ZHU M J , PENG H . Research on modular-based immune neural network model[J]. Acta Electronica Sinica, 2005,33(8): 1502-1505. | |
[62] | 王禛鹏, 扈红超, 程国振 . 一种基于拟态安全防御的 DNS 框架设计[J]. 电子学报, 2017,45(11): 2705-2714. |
WANG Z P , HU H C , CHENG G Z . A DNS architecture based on mimic security defense[J]. Acta Electronica Sinica, 2017,45(11): 2705-2714. | |
[63] | 张帆, 谢光伟, 郭威 ,等. 基于拟态架构的内生安全云数据中心关键技术和实现方法[J]. 电信科学, 2021,37(3): 39-48. |
ZHANG F , XIE G W , GUO W ,et al. Key technologies and imple-mentation methods of endogenous safety and security cloud data center based on mimic architecture[J]. Telecommunications Science, 2021,37(3): 39-48. | |
[64] | 普黎明, 卫红权, 李星 ,等. 面向云应用的拟态云服务架构[J]. 网络与信息安全学报, 2021,7(1): 101-112. |
PU L M , WEI H Q , LI X ,et al. Mimic cloud service architecture for cloud applications[J]. Chinese Journal of Network and Informa-tion Security, 2021,7(1): 101-112. | |
[65] | 马海龙, 伊鹏, 江逸茗 ,等. 基于动态异构冗余机制的路由器拟态防御体系结构[J]. 信息安全学报, 2017,2(1): 29-42. |
MA H L , YI P , JIANG Y M ,et al. Router mimic defense architec-ture based on dynamic heterogeneous redundancy mechan-ism[J]. Journal of Information Security[J].Journal of Cyber Security, 2017,2(1): 29-42. | |
[66] | LARSEN P , HOMESCU A , BRUNTHALER S ,et al. SoK:automated software diversity[C]// Proceedings of 2014 IEEE Symposium on Security and Privacy. 2014: 276-291. |
[67] | 姚东, 张铮, 张高斐 ,等. 多变体执行安全防御技术研究综述[J]. 信息安全学报, 2020,5(5): 77-94. |
YAO D , ZHANG Z , ZHANG G F ,et al. A survey on multi-variant execution security defense technology[J]. Journal of Cyber Security, 2020,5(5): 77-94. | |
[68] | 张铮, 李方云, 邬江兴 ,等. 一种网络攻击防御方法及系统:CN110012038A[P].20190712. |
ZHANG Z , LI F Y , WU J X ,et al. Network attack defense method and system:CN110012038A[P].20190712. | |
[69] | 信息处理装置及信息处理装置的控制方法:CN101963926A[P]. 2011-02-02. |
Information processing apparatus and control method of the infor-mation processing apparatus:CN101963926A[P]. 2011-02-02. | |
[70] | 马海龙, 江逸茗, 白冰 ,等. 路由器拟态防御能力测试与分析[J]. 信息安全学报, 2017,2(1): 43-53. |
MA H L , JIANG Y M , BAI B ,et al. Tests and analyses for mimic de-fense ability of routers[J]. Journal of Cyber Security, 2017,2(1): 43-53. | |
[71] | 王强, 姚磊, 李团营 . 业务板间信息的同步方法、装置、存储介质及计算机设备:CN108093061A[P]. 2018-05-29. |
WANG Q , YAO L , LI T Y . Synchronization method and device of information between service boards,storage medium and computer equipment:CN108093061A[P]. 2018-05-29. | |
[72] | 崔冰萌, 倪明, 凌幸华 . 基于FPGA的拟态服务器设计[J]. 计算机系统应用, 2018,27(4): 219-225. |
CUI B M , NI M , LING X H . Design of mimicry computing server with FPGA[J]. Computer Systems & Applications, 2018,27(4): 219-225. | |
[73] | LORCZAK P R , CAGLAYAN A K , ECKHARDT D E . A theoretical investigation of generalized voters for redundant systems[C]// Proceedings of the Nineteenth International Symposium on Fault-Tolerant Computing.Digest of Papers. 1989: 444-451. |
[74] | BASS J M . Voting in real-time distributed computer control systems[D]. Sheffield,UK:The University of Sheffield. 1995. |
[75] | KANEKAWAN , MAEJIMA H , KATO H , et al . Dependable onboard computer systems with a new method-stepwise negotiating voting[C]// Proceedings of the Nineteenth International Symposium on Fault-Tolerant Computing.Digest of Papers. Piscataway:IEEE Press, 1989: 13-19. |
[76] | MOORE J S . A fast majority vote algorithm[J]. Springer Netherlands, 2000. |
[77] | 周海涛, 朱纪洪 . 基于自检测的多数一致表决算法[J]. 清华大学学报(自然科学版), 2005,45(4): 488-491. |
ZHOU H T , ZHU J H . Majority voting algorithm based on self-test[J]. Journal of Tsinghua University (Science and Technolo-gy), 2005,45(4): 488-491. | |
[78] | 俞功兵, 王俊峰 . 基于自检测的自适应一致表决算法[J]. 电子设计工程, 2012,20(21): 19-21. |
YU G B , WANG J F . Adaptive consensus voting algorithm based on self-test[J]. Electronic Design Engineering, 2012,20(21): 19-21. | |
[79] | 欧阳城添, 王曦, 郑剑 . 自适应一致表决算法[J]. 计算机科学, 2011,38(7): 130-133. |
OUYANG C T , WANG X , ZHENG J . Adaptive consensus voting algorithm[J]. Computer Science, 2011,38(7): 130-133. | |
[80] | 吴一凡, 冉晓旻 . CNN 神经网络在航迹预测中的应用[J]. 电子设计工程, 2019,27(12): 13-20. |
WU Y F , RAN X M . Application of CNN neural network in route forecasting[J]. Electronic Design Engineering, 2019,27(12): 13-20. | |
[81] | KONG J , HUANG J , YU H ,et al. RNN-based default logic for route planning in urban environments[J]. Neurocomputing, 2019,338: 307-320. |
[82] | BUSCH J , KOCHETUROV A , TRESP V ,et al. NF-GNN:network flow graph neural networks for malware detection and classification[R]. 2021. |
[83] | FU R , ZHANG Z , LI L . Using LSTM and GRU neural network methods for traffic flow prediction[C]// Proceedings of 2016 31st Youth Academic Annual Conference of Chinese Association of Automation (YAC). 2016: 324-328. |
[84] | LIN C K , WILD A , CHINYA G N ,et al. Programming spiking neural networks on intel's loihi[J]. Computer, 2018,51(3): 52-61. |
[85] | 宫学源 . 英特尔发布神经拟态计算芯片,可模拟人类大脑自主学习[J]. 科技中国, 2018. |
GONG X Y . Intel released a neuromorphic computing chip that can simulate the autonomous learning of the human brain[J]. Technol-ogy China, 2018. | |
[86] | MICHAUD F . EMIB-computational architecture based on emotion and motivation for intentional selection and configuration of behaviour-producing modules[J]. Clinical Advances in Hematology &Oncology, 2004. |
[87] | PRASAD C , CHUGH S , GREVE H ,et al. Silicon reliability characterization of intel's foveros 3D integration technology for logic-on-logic Die stacking[C]// Proceedings of 2020 IEEE International Reliability Physics Symposium. 2020: 1-5. |
[88] | 李卫超, 张铮, 王立群 ,等. 一种拟态构造的Web威胁态势分析方法[J]. 计算机工程, 2019,45(8): 1-6. |
LI W C , ZHANG Z , WANG L Q ,et al. A web threat situation anal-ysis method for mimic structure[J]. Computer Engineering, 2019,45(8): 1-6. | |
[89] | GUBBI J , BUYYA R , MARUSIC S ,et al. Internet of things (IoT):a vision,architectural elements,and future directions[J]. Future Generation Computer Systems, 2013,29(7): 1645-1660. |
[90] | ZHANG Z K , CHO M C Y , WANG C W ,et al. IoT security:ongoing challenges and research opportunities[C]// Proceedings of 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications. Piscataway:IEEE Press, 2014: 230-234. |
[91] | 何意, 刘兴伟, 马宏亮 . 车联网拟态防御系统研究[J]. 信息安全研究, 2020,6(3): 244-251. |
HE Y , LIU X W , MA H L . Research on mimic defense system of Internet of vehicles[J]. Journal of Information Security Research, 2020,6(3): 244-251. | |
[92] | 普黎明, 柏溢, 游伟 ,等. 面向拟态云服务的异构执行体输出裁决方法[J]. 信息工程大学学报, 2020,21(3): 344-351. |
PU L M , BAI Y , YOU W ,et al. Heterogeneous executors output de-cision method for mimic cloud service[J]. Journal of Information Engineering University, 2020,21(3): 344-351. | |
[93] | 陈福才, 周梦丽, 刘文彦 ,等. 云环境下面向拟态防御的反馈控制方法[J]. 信息网络安全, 2021,21(1): 49-56. |
CHEN F C , ZHOU M L , LIU W Y ,et al. Feedback control method for mimic defense in cloud environment[J]. Netinfo Security, 2021,21(1): 49-56. | |
[94] | 徐悦, 倪明, 余新胜 ,等. 云环境下拟态应用行为预测方法研究[J]. 信息技术, 2021,45(1): 53-59. |
XU Y , NI M , YU X S ,et al. Research on prediction method of mimic application behavior in cloud environment[J]. Information Technology, 2021,45(1): 53-59. | |
[95] | 于敏 . 基于ARIMA的云资源编排优化[D]. 北京:北京工业大学, 2019. |
YU M . ARIMA-based cloud resource orchestration optimization[D]. Beijing:Beijing University of Technology, 2019. | |
[96] | 赵双蕊, 闫弈棋, 韩晓丽 . 基于云理论和 RBF 神经网络的预测模型[J]. 科学导报, 2016,(4): 255-256. |
ZHAO S R , YAN Y Q , HAN X L . Predictive model based on cloud theory and RBF neural network[J]. Science Herald, 2016,(4): 255-256. | |
[97] | GEORGE L , . HBase-the definitive guide:random access to your planet-size data[C]// DBLP, 2011. |
[98] | 黄方, 朱强, 李丽 ,等. 一种基于Web框架的高性能地学计算服务系统:CN106371931B[P]. 2019-11-05. |
WANG F , ZHU Q , LI L ,et al. A high-performance geoscience computing service system based on a Web framework:CN106-371931B[P]. 2019-11-05. | |
[99] | 顾青, 冯四风, 梁佐泉 ,等. 大数据处理方法及其处理系统:CN110209631A[P].20190906 |
GU Q , FENG S F , LIANG Z Q ,et al. Big data processing method and system:CN110209631A[P].20190906 | |
[100] | 李斌, 周清雷, 斯雪明 ,等. 基于拟态计算的大数据高效能平台设计方法[J]. 计算机应用研究, 2019,36(7): 2059-2064. |
LI B , ZHOU Q L , SI X M ,et al. Design method of big data high-efficiency platform based on mimic computing[J]. Application Research of Computers, 2019,36(7): 2059-2064. | |
[101] | 龙虎, 彭志勇 . 基于拟态计算的大数据精准服务架构研究[J]. 信息与电脑(理论版), 2020,32(5): 147-149. |
LONG H , PENG Z Y . Research on big data précis eservice archi-tecture based on mimic computer[J]. China Computer & Commu-nication, 2020,32(5): 147-149. | |
[102] | 龙虎, 王振龙, 杨建菊 . 基于拟态计算的高效能大数据应用平台构建研究[J]. 电脑知识与技术, 2021,17(1): 36-37,40. |
LONG H , WANG Z L , YANG J J . Research on the construction of high performance big data application platform based on mimic computing[J]. Computer Knowledge and Technology, 2021,17(1): 36-37,40. | |
[103] | BRISCOE B . Network functions virtualisation(NFV)[M]// Security Problem Statement. 2014. |
[104] | 黄前淼 . 基于拟态防御的 SDN 服务路径配置及其验证机制研究[D]. 杭州:浙江工商大学. |
HUANG Q M . Research on SDN service path configuration and verification mechanism based on mimic defense[D]. Hangzhou:Zhejiang Gongshang University. | |
[105] | 丁绍虎, 李军飞, 季新生 . 基于拟态防御的 SDN 控制层安全机制研究[J]. 信息安全学报, 2019,4(4): 84-93. |
DING S H , LI J F , JI X S . Research on SDN control layer security based on mimic defense[J]. Journal of Cyber Security, 2019,4(4): 84-93. | |
[106] | 吕迎迎 . 拟态SDN控制器架构安全关键技术研究[D]. 郑州:信息工程大学, 2018. |
LYU Y Y . Research on the key technologies of mimic SDN con-troller architecture security[D]. Zhengzhou:Information Engineer-ing University, 2018. | |
[107] | 高洁, 邬江兴, 李军飞 ,等. 拟态化 SDN 控制层裁决机制研究[J]. 信息工程大学学报, 2018,19(6): 641-646. |
GAO J , WU J X , LI J F ,et al. Research on the arbitrament mechan-ism in the mimic SDN control layer[J]. Journal of Information En-gineering University, 2018,19(6): 641-646. | |
[108] | 雷波, 赵倩颖, 赵慧玲 . 边缘计算与算力网络综述[J]. 中兴通讯技术, 2021,27(3): 3-6. |
LEI B , ZHAO Q Y , ZHAO H L . Overview of edge computing and computing power network[J]. ZTE Technology Journal, 2021,27(3): 3-6. | |
[109] | 梁启锋 . 边缘计算安全威胁现状及防护技术分析[J]. 网络安全技术与应用, 2020(4): 9-10. |
LIANG Q F . The current situation of edge computing security threats and analysis of protection technology[J]. Network Security Technology and Application, 2020(4): 9-10. | |
[110] | 朱泓艺, 陆肖元, 李毅 . 基于拟态防御原理的分布式多接入边缘计算研究[J]. 物联网学报, 2019,3(3): 76-83. |
ZHU H Y , LU X Y , LI Y . Research on distributed multi-access edge computing based on mimic defense theory[J]. Chinese Journal on Internet of Things, 2019,3(3): 76-83. | |
[111] | DELMOLINO K , ARNETT M , KOSBA A ,et al. Step by step towards creating a safe smart contract:lessons and insights from a crypto currency lab[M]// Financial Cryptography and Data Security. Berlin,Heidelberg: Springer Berlin Heidelberg, 2016: 79-94. |
[112] | SAPIRSHTEIN A , SOMPOLINSKY Y , ZOHAR A . Optimal selfish mining strategies in bitcoin[M]// Financial Cryptography and Data Security. Berlin,Heidelberg: Springer Berlin Heidelberg, 2017: 515-532. |
[113] | 徐蜜雪, 苑超, 王永娟 ,等. 拟态区块链:区块链安全解决方案[J]. 软件学报, 2019,30(6): 1681-1691. |
XUM X , YUAN C , WANGY J ,et al. Mimic blockchain—solution to the security of blockchain[J]. Journal of Software, 2019,30(6): 1681-1691. |
[1] | 王艺龙, 李震宇, 巩道福, 刘粉林. 基于块邻域的图像双脆弱水印算法[J]. 网络与信息安全学报, 2023, 9(3): 38-48. |
[2] | 陈任峰, 朱鸿斌. 基于PU learning的信用卡交易安全监管研究[J]. 网络与信息安全学报, 2023, 9(3): 73-78. |
[3] | 冯冠云, 付才, 吕建强, 韩兰胜. 基于操作注意力和数据增强的内部威胁检测[J]. 网络与信息安全学报, 2023, 9(3): 102-112. |
[4] | 谢根琳, 程国振, 王亚文, 王庆丰. 基于gadget特征分析的软件多样性评估方法[J]. 网络与信息安全学报, 2023, 9(3): 161-173. |
[5] | 侯鹏, 李智鑫, 张飞, 孙旭, 陈丹, 崔毅浩, 张寒冰, 荆一楠, 柴洪峰. 金融数据安全治理智能化技术与实践[J]. 网络与信息安全学报, 2023, 9(3): 174-187. |
[6] | 肖敏, 毛发英, 黄永洪, 曹云飞. 基于属性签名的车载网匿名信任管理方案[J]. 网络与信息安全学报, 2023, 9(2): 33-45. |
[7] | 许建龙, 林健, 黎宇森, 熊智. 分布式用户隐私保护可调节的云服务个性化QoS预测模型[J]. 网络与信息安全学报, 2023, 9(2): 70-80. |
[8] | 陈训逊, 李明哲, 吕宁, 黄亮. 内禀安全:网络安全能力体系化构建方法[J]. 网络与信息安全学报, 2023, 9(1): 92-102. |
[9] | 宋佳烁, 李祯祯, 丁海洋, 李子臣. 椭圆曲线上高效可完全模拟的不经意传输协议[J]. 网络与信息安全学报, 2023, 9(1): 158-166. |
[10] | 李凤华, 李晖, 牛犇, 邱卫东. 隐私计算的学术内涵与研究趋势[J]. 网络与信息安全学报, 2022, 8(6): 1-8. |
[11] | 唐飞, 甘宁, 阳祥贵, 王金洋. 基于区块链与国密SM9的抗恶意KGC无证书签名方案[J]. 网络与信息安全学报, 2022, 8(6): 9-19. |
[12] | 白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51. |
[13] | 刘军, 袁霖, 冯志尚. 集群网络密钥管理方案研究综述[J]. 网络与信息安全学报, 2022, 8(6): 52-69. |
[14] | 肖敏, 姚涛, 刘媛妮, 黄永洪. 具有隐私保护的动态高效车载云管理方案[J]. 网络与信息安全学报, 2022, 8(6): 70-83. |
[15] | 林佳滢, 周文柏, 张卫明, 俞能海. 空域频域相结合的唇型篡改检测方法[J]. 网络与信息安全学报, 2022, 8(6): 146-155. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|