Haiyang Yu,Hui Li,Xin Yang,Huajun Ma

DOI: https://doi.org/10.23919/jcc.2021.08.009

2021-01-01

China Communications

Abstract:With the advent of the era of big data, cloud computing, Internet of things, and other information industries continue to develop. There is an increasing amount of unstructured data such as pictures, audio, and video on the Internet. And the distributed object storage system has become the mainstream cloud storage solution. With the increasing number of distributed applications, data security in the distributed object storage system has become the focus. For the distributed object storage system, traditional defenses are means that fix discovered system vulnerabilities and backdoors by patching, or means to modify the corresponding structure and upgrade. However, these two kinds of means are hysteretic and hardly deal with unknown security threats. Based on mimic defense theory, this paper constructs the principle framework of the distributed object storage system and introduces the dynamic redundancy and heterogeneous function in the distributed object storage system architecture, which increases the attack cost, and greatly improves the security and availability of data.

Hui Li,Jianwei Hu,Huajun Ma,Ting Huang

DOI: https://doi.org/10.1109/bigdata.2017.8258227

2017-01-01

Abstract:Distributed storage system has been widely used currently. Compared with traditional NAS and SAN storage, distributed storage system has obvious advantages in terms of cost, performance and security. The security of distributed storage system is mainly reflected in the data redundancy level. However, if there are security risks in the operating system and network environment, the security of the data still cannot be guaranteed. How to fundamentally solve the security risks of distributed storage system is an urgent problem. Based on the theory of mimic defense, Storage Architecture for Mimic Defense(SAMD) is put forward in this paper. In the proposed SAMD, dynamic heterogeneous redundancy function is introduced into distributed storage system. During the process of data reading and writing, the execution results are obtained from dynamic heterogeneous executive units, and the processing and judgement are carried out according to the customized strategy. It then dynamically allocates the executive units and storage nodes to achieve the effect of active defense.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Hongchao Hu,Jiangxing Wu,Zhenpeng Wang,Guozhen Cheng

DOI: https://doi.org/10.1049/iet-ifs.2017.0086

2017-01-01

IET Information Security

Abstract:In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs dynamic, heterogeneity, redundancy (DHR)' mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Guangsong Li,Wei Wang,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1007/s11265-019-01473-6

2020-04-15

Journal of Signal Processing Systems

Abstract:The long-term existence of various vulnerabilities and backdoors in software and hardware makes security threats of the cyberspace more and more serious. Cyberspace mimic defense tries to use uncertain defense to deal with uncertain threat and construct the risk-controlled information system based on components with security flaws. However, mimic defense system is at a preliminary stage of research. It is necessary to pay more attention to the new theory. This paper further expands the ideas from mimic defense system and proposes a typical framework for the system. Then principles of mimic transformation design are explained. This paper also describes concepts of mimic operator and mimic awareness function. Effectiveness of mimic defense system is showed by simulations of mimic defense web server.

He Jiajun,Yuan Yali,Liang Sichu,Fu Jiale,Zhu Hongyu,Cheng Guang

DOI: https://doi.org/10.23919/jcc.ja.2022-0842

2024-09-10

China Communications

Abstract:In recent years, network attacks have been characterized by diversification and scale, which indicates a requirement for defense strategies to sacrifice generalizability for higher security. As the latest theoretical achievement in active defense, mimic defense demonstrates high robustness against complex attacks. This study proposes a Function-aware, Bayesian adjudication, and Adaptive updating Mimic Defense (FBAMD) theory for addressing the current problems of existing work including limited ability to resist unknown threats, imprecise heterogeneous metrics, and over-reliance on relatively-correct axiom. FBAMD incorporates three critical steps. Firstly, the common features of executors' vulnerabilities are obtained from the perspective of the functional implementation (i.e, input-output relationships extraction). Secondly, a new adjudication mechanism considering Bayes' theory is proposed by leveraging the advantages of both current results and historical confidence. Furthermore, posterior confidence can be updated regularly with prior adjudication information, which provides mimic system adaptability. The experimental analysis shows that FBAMD exhibits the best performance in the face of different types of attacks compared to the state-of-the-art over real-world datasets. This study presents a promising step toward the theoretical innovation of mimic defense.

telecommunications

Jiale Fu,Yali Yuan,Jiajun He,Sichu Liang,Zhe Huang,Hongyu Zhu

DOI: https://doi.org/10.48550/arXiv.2208.10276

2022-08-22

Cryptography and Security

Abstract:The current security problems in cyberspace are characterized by strong and complex threats. Defenders face numerous problems such as lack of prior knowledge, various threats, and unknown vulnerabilities, which urgently need new fundamental theories to support. To address these issues, this article proposes a generic theoretical model for cyberspace defense and a new mimic defense framework, that is, Spatiotemporally heterogeneous, Input aware, and Dynamically updated Mimic Defense (SIDMD). We make the following contributions: (1) We first redefine vulnerabilities from the input space perspective to normalize the diverse cyberspace security problem. (2) We propose a novel unknown vulnerability discovery method and a dynamic scheduling strategy considering temporal and spatial dimensions without prior knowledge. Theoretical analysis and experimental results show that SIDMD has the best security performance in complex attack scenarios, and the probability of successful attacks is greatly reduced compared to the state-of-the-art.

Xu Junjie,Junjie Xu

DOI: https://doi.org/10.4236/jcc.2021.97001

2021-01-01

Journal of Computer and Communications

Abstract:With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.

Jiangxing WU

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001

2016-01-01

Abstract:The unbalance in cyber security and its root is analyzed in this paper, of which a dynamically redundant het-erogeneity architecture and the basic principle to compose an information system of high reliability and high security level with unreliable hardware is mainly discussed. Then, basic concepts about mimic defense is briefly stated. Finally, a test evaluation and preliminary conclusion about the system of mimic defense verification is presented.

Qing TONG,Zheng ZHANG,Wei-Hua ZHANG,Jiang-Xing WU

DOI: https://doi.org/10.13328/j.cnki.jos.005192

2017-01-01

Abstract:The Web server system,being the most important platform of supporting and providing network services,is facing serious security problem.The existing defending technologies mainly deal with the known attacking methods or the known vulnerabilities,and therefore are not effective in case of the unknown threats and do not provide overall defense.This paper first proposes an attacking model to analyze the shortcomings of existing defending technologies.Next,a dynamic heterogeneous redundancy structure based mimic defending model is proposed,and its defending principles and the characteristics are interpreted.Then,the mimic defending Web server is designed on the mimic defending model,and the structure and the implementation principles in the Web server design are introduced.The results of security and performance tests show that the presented mimic defending Web server can defend against all kinds of attacks in the tests with little performance loss,which verifies the effectiveness and the practicability of the mimic defending technology.Finally a perspective of the future work and challenges of mimic defending technology is discussed.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_8

IF: 2.701

2019-01-01

Wireless Networks

Abstract:DHR, as an innovative and simplified system architecture, can provide general robust control which is not seen in a conventional mode. Not relying on any a priori knowledge and additional security support, it can normalize all uncertain disturbances caused by random faults or attacks based on vulnerabilities or backdoors as classic reliability problems and handle them in the same approach. With its inherent "uncertainty" effect, the DHR framework has an intrinsic defensive function"invisibility." Such invisibility is related not only to the redundancy, heterogeneity, and multimode output vector grammar and semantic abundance of the executors under functional equivalence conditions but also to the multimode decision algorithm set; the executor scheduling policy; the cleaning, restoration, and reorganization and restructuring mechanism; as well as the application of traditional security technology. So now the question is: what driving mechanism and gaming strategy should be adopted to get the desired endogenous security defense effect? The earth biosphere that has been naturally evolving for hundreds of millions of years usually provides a perspective of solving the problem and enlightening us on our creative thinking.

Luo Xingguo,Tong Qing,Zhang Zheng,Wu Jiangxing

DOI: https://doi.org/10.15302/j-sscae-2016.06.014

2016-01-01

Abstract:Cyberspace security is in an unbalanced state, in which it is easy to attack and difficult to defend. Active defense technology is a new direction in cyberspace security research, which is attracting increasing attention. This paper summarizes the development of active defense via the introduction of intrusion-tolerant technology and moving target defense technology. Furthermore, the theory, implementation, and testing of mimic defense are introduced. Based on a comparison of mimic defense with intrusion tolerance and moving target defense, the research direction and the key points of cybersecurity rebalancing strategy are proposed to provide a reference for the development of national cybersecurity.

Xueming Si,Wei Wang,Junjie Zeng,Benchao Yang,Guangsong Li,Chao Yuan,Fan Zhang

DOI: https://doi.org/10.15302/J-SSCAE-2016.06.013

2016-01-01

strategic study of chinese Academy of engineering

Abstract:With the development of the Internet, cyberspace security issues have become a major concern related to national security. This paper ifrst introduces some classic network defense technology. Next, it introduces the technology of mimic defense, including mimic defense systems, related scientiifc problems, and the theoretical framework of mimicry defense. The effectiveness of a mimic defense system is also analyzed in comparison with a traditional network defense technology. Finally, some problems worthy of study are presented regarding the basic theory of mimic defense.

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Wu Jiangxing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2014.07.001

2014-01-01

Abstract:To facilitate high-performance and high-security computing, a technology system based on mimic computing（MC）and mimic security defense（MSD）was proposed. The proposed system focused on both the multi-dimensional reconfigurable and functional architecture and the dynamic varied mechanism. An overview about the concept and mechanism of the MC and MSD was also introduced from the angles of meaning and vision. The science and engineering problems to be further addressed were given in the end.

Yibo Cheng,Gang Cui,Lin Zhang,Yunmin Wang,Huajun Ma,Hui Li

DOI: https://doi.org/10.1109/ICCSN49894.2020.9139117

2020-01-01

Abstract:With the development of Industrial Internet, the industrial control systems continue to evolve. Nuclear power industrial control system, as the core information system of nuclear power plants, has extremely high requirements for security. But at present, all industrial security control products still have a large amount of vulnerabilities. Meanwhile, traditional protection methods can only resist known attacks, and have no way to defend against unknown attacks. Based on the mimic defense theory, this paper proposes a mimic object storage system based on multiple erasure codes. In addition to the dynamics, heterogeneity, and redundancy attribute of mimic defense, the use of erasure codes can reduce storage costs and improve data reliability. This paper introduces the system architecture and the laboratory simulation of the system. This system can resist multiple types of attacks and can be used to improve the security level of nuclear industry control systems.

Xueting Pan,Ziqian Luo,Lisang Zhou

DOI: https://doi.org/10.62836/iaet.v2i1.157

2024-03-23

Abstract:Distributed File Systems (DFS) have emerged as sophisticated solutions for efficient file storage and management across interconnected computer nodes. The main objective of DFS is to achieve flexible, scalable, and resilient file storage management by dispersing file data across multiple interconnected computer nodes, enabling users to seamlessly access and manipulate files distributed across diverse nodes. This article provides an overview of DFS, its architecture, classification methods, design considerations, challenges, and common implementations. Common DFS implementations discussed include NFS, AFS, GFS, HDFS, and CephFS, each tailored to specific use cases and design goals. Understanding the nuances of DFS architecture, classification, and design considerations is crucial for developing efficient, stable, and secure distributed file systems to meet diverse user and application needs in modern computing environments.

Distributed, Parallel, and Cluster Computing,Hardware Architecture

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.