Haiyang Yu,Hui Li,Xin Yang,Huajun Ma

DOI: https://doi.org/10.23919/jcc.2021.08.009

2021-01-01

China Communications

Abstract:With the advent of the era of big data, cloud computing, Internet of things, and other information industries continue to develop. There is an increasing amount of unstructured data such as pictures, audio, and video on the Internet. And the distributed object storage system has become the mainstream cloud storage solution. With the increasing number of distributed applications, data security in the distributed object storage system has become the focus. For the distributed object storage system, traditional defenses are means that fix discovered system vulnerabilities and backdoors by patching, or means to modify the corresponding structure and upgrade. However, these two kinds of means are hysteretic and hardly deal with unknown security threats. Based on mimic defense theory, this paper constructs the principle framework of the distributed object storage system and introduces the dynamic redundancy and heterogeneous function in the distributed object storage system architecture, which increases the attack cost, and greatly improves the security and availability of data.

Zhili Lin,Kedan Li,Hanxu Hou,Xin Yang,Hui Li

DOI: https://doi.org/10.1109/bigdata.2017.8258229

2017-01-01

Abstract:As the Internet and the big data system evolve rapidly, the deployment of distributed applications becomes widespread, promoting the development of Distributed File System (DFS). The existing defense technologies for DFS, such as detection or patching, mainly aim to protect the system from known attacks and vulnerabilities. However, it is difficult for those systems to solve the growing security issues from the unknown threats due to their passiveness and hysteresis. In this paper, we propose MDFS, a mimic defense theory based architecture for DFS with the capability to improve the data security. Mimic Defense (MD), a proactive defense embedded in MDFS, emphasizes dynamism, heterogeneity and redundancy. The key benefits of MD are transferring the attack surface as well as increasing the cost of modification.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Jiangxing WU

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001

2016-01-01

Abstract:The unbalance in cyber security and its root is analyzed in this paper, of which a dynamically redundant het-erogeneity architecture and the basic principle to compose an information system of high reliability and high security level with unreliable hardware is mainly discussed. Then, basic concepts about mimic defense is briefly stated. Finally, a test evaluation and preliminary conclusion about the system of mimic defense verification is presented.

LI Dong,GUO Jin,ZHANG JIZHENG,JIA Huibo

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.11.066

2005-01-01

Abstract:Security mechanisms for survivability used in current storage systems are divided into two classes, including distributed data copies on wide scale and self-security storage devices. The data center now this paper deploys employs the method resembling the latter, which sets up access patterns database to identify possible attacks. The paper predicts as storage device becomes more intelligent self-security storage device and combination of different security mechanisms will direct the development of survivable storage system.

Hongchao Hu,Jiangxing Wu,Zhenpeng Wang,Guozhen Cheng

DOI: https://doi.org/10.1049/iet-ifs.2017.0086

2017-01-01

IET Information Security

Abstract:In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs dynamic, heterogeneity, redundancy (DHR)' mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.

Xu Junjie,Junjie Xu

DOI: https://doi.org/10.4236/jcc.2021.97001

2021-01-01

Journal of Computer and Communications

Abstract:With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.

Yibo Cheng,Gang Cui,Lin Zhang,Yunmin Wang,Huajun Ma,Hui Li

DOI: https://doi.org/10.1109/ICCSN49894.2020.9139117

2020-01-01

Abstract:With the development of Industrial Internet, the industrial control systems continue to evolve. Nuclear power industrial control system, as the core information system of nuclear power plants, has extremely high requirements for security. But at present, all industrial security control products still have a large amount of vulnerabilities. Meanwhile, traditional protection methods can only resist known attacks, and have no way to defend against unknown attacks. Based on the mimic defense theory, this paper proposes a mimic object storage system based on multiple erasure codes. In addition to the dynamics, heterogeneity, and redundancy attribute of mimic defense, the use of erasure codes can reduce storage costs and improve data reliability. This paper introduces the system architecture and the laboratory simulation of the system. This system can resist multiple types of attacks and can be used to improve the security level of nuclear industry control systems.

Ya-wen Wang,Jiang-xing Wu,Yun-fei Guo,Hong-chao Hu,Wen-yan Liu,Guo-zhen Cheng

DOI: https://doi.org/10.1631/fitee.1800621

IF: 2.526

2018-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:With more large-scale scientific computing tasks being delivered to cloud computing platforms, cloud workflow systems are designed for managing and arranging these complicated tasks. However, multi-tenant coexistence service mode of cloud computing brings serious security risks, which will threaten the normal execution of cloud workflows. To strengthen the security of cloud workflows, a mimic cloud computing task execution system for scientific workflows is proposed. The idea of mimic defense contains mainly three aspects: heterogeneity, redundancy, and dynamics. For heterogeneity, the diversities of physical servers, hypervisors, and operating systems are integrated to build a robust system framework. For redundancy, each sub-task of the workflow will be executed simultaneously by multiple executors. Considering efficiency and security, a delayed decision mechanism is proposed to check the results of task execution. For dynamics, a dynamic task scheduling mechanism is devised for switching workflow execution environment and shortening the life cycle of executors, which can confuse the adversaries and purify task executors. Experimental results show that the proposed system can effectively strengthen the security of cloud workflow execution.

Qing TONG,Zheng ZHANG,Wei-Hua ZHANG,Jiang-Xing WU

DOI: https://doi.org/10.13328/j.cnki.jos.005192

2017-01-01

Abstract:The Web server system,being the most important platform of supporting and providing network services,is facing serious security problem.The existing defending technologies mainly deal with the known attacking methods or the known vulnerabilities,and therefore are not effective in case of the unknown threats and do not provide overall defense.This paper first proposes an attacking model to analyze the shortcomings of existing defending technologies.Next,a dynamic heterogeneous redundancy structure based mimic defending model is proposed,and its defending principles and the characteristics are interpreted.Then,the mimic defending Web server is designed on the mimic defending model,and the structure and the implementation principles in the Web server design are introduced.The results of security and performance tests show that the presented mimic defending Web server can defend against all kinds of attacks in the tests with little performance loss,which verifies the effectiveness and the practicability of the mimic defending technology.Finally a perspective of the future work and challenges of mimic defending technology is discussed.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Guangsong Li,Wei Wang,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1007/s11265-019-01473-6

2020-04-15

Journal of Signal Processing Systems

Abstract:The long-term existence of various vulnerabilities and backdoors in software and hardware makes security threats of the cyberspace more and more serious. Cyberspace mimic defense tries to use uncertain defense to deal with uncertain threat and construct the risk-controlled information system based on components with security flaws. However, mimic defense system is at a preliminary stage of research. It is necessary to pay more attention to the new theory. This paper further expands the ideas from mimic defense system and proposes a typical framework for the system. Then principles of mimic transformation design are explained. This paper also describes concepts of mimic operator and mimic awareness function. Effectiveness of mimic defense system is showed by simulations of mimic defense web server.

He Jiajun,Yuan Yali,Liang Sichu,Fu Jiale,Zhu Hongyu,Cheng Guang

DOI: https://doi.org/10.23919/jcc.ja.2022-0842

2024-09-10

China Communications

Abstract:In recent years, network attacks have been characterized by diversification and scale, which indicates a requirement for defense strategies to sacrifice generalizability for higher security. As the latest theoretical achievement in active defense, mimic defense demonstrates high robustness against complex attacks. This study proposes a Function-aware, Bayesian adjudication, and Adaptive updating Mimic Defense (FBAMD) theory for addressing the current problems of existing work including limited ability to resist unknown threats, imprecise heterogeneous metrics, and over-reliance on relatively-correct axiom. FBAMD incorporates three critical steps. Firstly, the common features of executors' vulnerabilities are obtained from the perspective of the functional implementation (i.e, input-output relationships extraction). Secondly, a new adjudication mechanism considering Bayes' theory is proposed by leveraging the advantages of both current results and historical confidence. Furthermore, posterior confidence can be updated regularly with prior adjudication information, which provides mimic system adaptability. The experimental analysis shows that FBAMD exhibits the best performance in the face of different types of attacks compared to the state-of-the-art over real-world datasets. This study presents a promising step toward the theoretical innovation of mimic defense.

telecommunications

Jie Lin,Yunliang Zhang,Zhiyong Tan,Yiqi Dai

2009-01-01

Abstract:The paper proposes a novel secure distributed disk system. By dynamically exploiting file-system semantics of on-disk data blocks and sensing activities of the local file system, the disk system can be integrated with the current file systems seamlessly without changing the standard block interface between them and can efficiently manage accesses to the files from multiple hosts. And the disk system adopts a new data distribution scheme to ensure confidentiality, reliability and availability of data, and a credibility evaluation strategy to prevent some attacks from malicious clients and data servers.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Su Yong,Zhou Jingli,Jiang Minghua,Liu Gang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.20.033

2007-01-01

Abstract:In the large-scale distributed object-based storage system, the metadata service system is a latent visit bottleneck. This paper introduces a metadata service system which constructs a shared storage pool by hiberarchy file system and is based on two distributed hash. It has characters of failure- recovery without manual intervention and easy expansibility. What's more , it reduces the physical migration of massive number metadata between MDS. The experiment tests proves the system that have good I/O performance.

Kai Li,Shouming Chen,Yingda Chen,Susheng Zhong,Kaitong Huang,Minnuo He,Lixin Yang,Bo Li,Yi Yan

DOI: https://doi.org/10.1088/1742-6596/1606/1/012018

2020-08-01

Journal of Physics: Conference Series

Abstract:Abstract Distributed storage is the storage part of distributed computing. It is an easy-to-expand and virtualized storage resource pool. In order to meet the needs of large-scale storage structure applications, reliable mass data storage services are provided. Redundant data storage is needed to deal with the data unreliability caused by node failure. The lower the cost of file transmission, the less traffic generated in the network. According to the time logic, the regeneration process is divided into stages: data distribution, data encoding and decoding, data transmission and data reconstruction. The feedback mechanism can reduce the overhead of acquiring the load information of the data server node while ensuring the real-time performance. The determination of the activity factor function of the data block access frequency statistics needs to be established in the performance adaptability of the data block activity factor and the specific access times. The single-point dependency of the centralized storage system on the primary node is changed, which reduces the waiting delay of concurrent users and the average memory usage of the metadata server.

Jiale Fu,Yali Yuan,Jiajun He,Sichu Liang,Zhe Huang,Hongyu Zhu

DOI: https://doi.org/10.48550/arXiv.2208.10276

2022-08-22

Cryptography and Security

Abstract:The current security problems in cyberspace are characterized by strong and complex threats. Defenders face numerous problems such as lack of prior knowledge, various threats, and unknown vulnerabilities, which urgently need new fundamental theories to support. To address these issues, this article proposes a generic theoretical model for cyberspace defense and a new mimic defense framework, that is, Spatiotemporally heterogeneous, Input aware, and Dynamically updated Mimic Defense (SIDMD). We make the following contributions: (1) We first redefine vulnerabilities from the input space perspective to normalize the diverse cyberspace security problem. (2) We propose a novel unknown vulnerability discovery method and a dynamic scheduling strategy considering temporal and spatial dimensions without prior knowledge. Theoretical analysis and experimental results show that SIDMD has the best security performance in complex attack scenarios, and the probability of successful attacks is greatly reduced compared to the state-of-the-art.

Jun Yao,Ji-Wu Shu,Wei-Min Zheng

DOI: https://doi.org/10.1007/s11390-007-9075-x

2007-01-01

Abstract:With the explosion of information nowadays, applying data storage safety requirements has become a new challenge, especially in high data available cluster environments. With the emergence of Storage Area Networks (SANs), storage can be network-based and consolidated, and mass data movements via Fiber Channels (FCs) can be of very high speed. Based on these features, this paper introduces a dual-node storage cluster designed for remote mirroring as a concurrent data replication method to protect data during system failures. This design takes full advantage of a SAN system's benefits, and it adopts a synchronous protocol to guarantee a fully up-to-date data copy on the remote site. By developing a Linux kernel module to control the I/O flow and by using the technologies of software Logic Unit Number (LUN) masking, background online resynchronization and a self-management daemon, we have achieved a reliable mirroring system with the characteristics of server-free data replication, fault tolerance, online disaster recovery and high performance. In this study, we implemented the design in a remote mirror subsystem built on a software Fiber Channel Storage Area Network (FC-SAN) system.

Minghua Jiang,Ming Hu

2007-01-01

Abstract:With the development of distributed systems and network technology, the storage capacity, performance, and scalability of distributed storage systems have increased rapidly. However, distributed storage systems are confronted with great challenges in fault tolerance. As storage systems scale up, they consist of thousands of storage nodes. Multiple failures will occur frequently, which would induce a disaster because of data loss. This paper presents an efficient and reliable fault tolerance mechanism has become a issue that needs to be resolved urgently in distributed storage systems, meanwhile, this paper describes the queue model of storage nodes in the distributed fault tolerant storage system, the mean response time and throughput is given under read/write operation situation.