Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Hao YIN,Dongchao GUO,Yongqiang LYU,Peng YANG,Zhiwei ZHAO,Yaoxue ZHANG

DOI: https://doi.org/10.1360/n112017-00171

2019-01-01

Abstract:Cyberspace security is vital to state interest. Recently, there are some challenges in cyber security. In architecture for instance, although protection mechanisms are introduced and applied everywhere, the modern network architecture (well connected and open) still has difficulty in completely ensuring cyber security. It is also observed that contemporary cyber security protection mechanism highly depends on the priori information of security threats and thus will hardly address unknown potential threats. In this paper, a novel cyberspace security protection framework is proposed. A dual-structural Internet scheme that integrates the current Internet architecture with a redundant secondary structure network characterized by its broad-storage scheme, heterogeneous structure, and dynamic protection mechanism is introduced. Also, a novel active defense mechanism that is knowledge-data driven and thus independent of the priori information of the security threat is proposed. Furthermore, some key techniques such as transparent access and prepositive active defense are introduced. The theoretical and technical work proposed in this paper offers a comprehensively evolutionary solution to constructing a cyberspace in which the protection mechanism is more independent and active.

WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

Wu Qiang,Wu Chunming,Yan Xincheng,Cheng Qiumei

DOI: https://doi.org/10.1109/tnsm.2021.3071774

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:With the emergence of cloud native technology, the network slicing enables automatic service orchestration, flexible network scheduling and scalable network resource allocation, which profoundly affects the traditional security solution. Security is regarded as a technology independent of the cloud native architecture in the initial design, traditional passive defense such as “reinforced” and “stacked” is relied on to achieve system security protection. The lack of intrinsic security mechanisms makes the system capability insufficient when faces the uncertain threat brought by vulnerabilities and backdoors under the ecosystem of opening-up and sharing. The static nature of existing networks and computing systems makes them easy to be compromised and hard to defend, and thus it is urgent to provide intrinsic security and proactive protection against the unpredictable attacks. To this end, this paper proposes a novel paradigm named intrinsic cloud security (iCS) from the perspective of dynamic defense. The dynamic defense provides component-level security, and has complementary and consistency with the cloud native environment. In particular, iCS introduces mimic defense and moving target defense (MTD), and makes full use of the new features introduced by cloud native to implement an intrinsic and proactive defense mechanism with acceptable costs and efficiency. The iCS paradigm achieves seamless integration and symbiosis evolution between security and cloud native. We implement a trial of iCS based on 5GC commercial system and evaluate its performance on costs, efficiency and attack success. The result shows that the iCS enhanced mode always can provide a better and more stable defense effects.

Yu Zheng,Zheng Li,Xiaolong Xu,Qingzhan Zhao

DOI: https://doi.org/10.1016/j.dcan.2021.07.006

IF: 6.348

2021-07-01

Digital Communications and Networks

Abstract:Driven by the rapid development of the Internet of Things, cloud computing and other emerging technologies, the connotation of cyber space is constantly expanding and becoming the fifth dimension of human activities. However, security problems in cyber space are becoming serious, and traditional defense measures (e.g., firewall, intrusion detection systems and security audit) often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with higher and higher degree of coordination and intelligence. By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing. Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space. Nonetheless, there are few related works that systematically introduce dynamic defense mechanisms for cyber security. The related concepts and development strategies of dynamic defense are rarely analyzed and summarized. To bridge this gap, we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security. Specifically, we firstly introduce basic concepts and define dynamic defense in cyber security. Next, we review the architectures, enabling techniques and methods for moving target defense and mimic defense. This is followed with taxonomically summarizing the implementation and evaluation of dynamic defense. Finally, we discuss some open challenges and opportunities on dynamic defense in cyber security.

Luo Xingguo,Tong Qing,Zhang Zheng,Wu Jiangxing

DOI: https://doi.org/10.15302/j-sscae-2016.06.014

2016-01-01

Abstract:Cyberspace security is in an unbalanced state, in which it is easy to attack and difficult to defend. Active defense technology is a new direction in cyberspace security research, which is attracting increasing attention. This paper summarizes the development of active defense via the introduction of intrusion-tolerant technology and moving target defense technology. Furthermore, the theory, implementation, and testing of mimic defense are introduced. Based on a comparison of mimic defense with intrusion tolerance and moving target defense, the research direction and the key points of cybersecurity rebalancing strategy are proposed to provide a reference for the development of national cybersecurity.

Tian Zhihong,Fang Binxing,Liao Qing,Sun Yanbin,Wang Ye,Yang Xu,Feng Jiyuan

DOI: https://doi.org/10.15302/j-sscae-2023.06.007

2023-01-01

Abstract:The rapid development of network attack and defense technologies has posed various challenges to current cybersecurity assurance systems.Therefore,studying a new cybersecurity assurance system has become an urgent need to promote the development of information technologies and is of strategic significance for strengthening the network security and availability in China.This study summarizes the operation status of and major security challenges faced by China's current cybersecurity guarantee system that features a self-defense mode.A cybersecurity guarantee system based on a guard mode and its key technical tasks are proposed.Specifically,the tasks include honey point technology based on deep threat perception,honey court technology based on attack observation and discrimination,honey matrix technology based on collaborative linkage,and honey hole technology based on attack deterrence and mapping.Furthermore,we propose the following suggestions:(1)exploring the cybersecurity assurance mechanisms based on the guard mode to comprehensively improving the cybersecurity protection level of China;(2)exploring the research and application of security protection technologies based on the guard mode and achieving the integration of existing and new security protection technologies;(3)exploring a new talent-training model to cultivate innovative and practical professionals in the cybersecurity field.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_3

2020-01-01

Abstract:From the perspective of technology, the current cyberspace defense methods fall into three categories: the first category focuses on the protection of information by strengthening the system with such technologies as firewall, encryption and decryption, data authentication, and access control. They offer basic protection for normal network access, legitimate user identification and rights management, and the security of confidential data. The second category includes mainly intrusion detection and other technologies, such as vulnerability detection, data authentication, traffic analysis, and log auditing. They aim to perceive attacks in real time and initiate immediate defenses according to the known features of an attack. This category relies on dynamic monitoring and alarm system enabled by feature scanning, pattern matching, data comprehensive analysis, and other methods to block or eliminate threats. The third category is network spoofing, represented by honeypot and honeynet. Their basic approach is, before any attack is performed, to actively construct special preset monitoring and sensing environments, serving as “traps,” to lure potential attackers to enter for the purpose of carrying out analysis of possible attack moves and gathering information necessary for cracking down on, tracing back, or countering the attacks.

Zhang Bo,Wen Tao,Lei Jing,Yang Yunxiang,Guo Jing

DOI: https://doi.org/10.1007/978-981-13-6508-9_119

2019-06-14

Abstract:The blurred synthesis evaluation arithmetic based on analytic network process and systemic security evaluation target system is designed, and the main technology and system realization of cyberspace security evaluation system are presented, which is realized based on fight theory’s attack and defense affection evaluation and systemic security evaluation technology. The technology and system can provide a systemic security evaluation to information system target’s security and put forward security resolve scheme suggestions, which have important effect and meaning on accelerating China’s cyberspace war ability.

Chenlin Huang,Wei Chen,Lu Yuan,Yan Ding,Songlei Jian,Yusong Tan,Hua Chen,Dan Chen

DOI: https://doi.org/10.1016/j.jpdc.2020.11.002

IF: 4.542

2021-03-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the rise of concerns over security and privacy in the cloud, the "security-on-demand" service mode dynamically provides cloud customers with trusted computing environments according to their specific security needs. Major challenges, however, remain to achieve this goal: (1) integrating an auditable, tamper-resistant trust-management mechanism into the cloud infrastructure and (2) building a protocol to guarantee the consistency of customers' policies during virtual machine (VM) migrations. This study develops a new security-on-demand framework called a "policy-customized trusted cloud service" (PC-TCS) architecture that comprises two core components: an attribute-based signature (ABS)-based remote-attestation scheme to achieve trusted remote attestation with customized security policies and an ABS- and blockchain-based VM-migration protocol to support policy-customized trusted migration. To prove the availability of this architecture, we implemented a PC-TCS prototype based on Xen Hypervisor, the results of which indicate that (1) PC-TCS can be integrated into cloud infrastructure as part of a trusted computing base; (2) cloud users can customize the security policies of computing environments and validate their enforcement throughout the service life-cycle with the support of PC-TCS; and (3) PC-TCS can support policy-customized remote attestation and policy-customized migration with a minimal impact on performance.</p>

computer science, theory & methods

楼润瑜,王备战,王伟

2010-01-01

Abstract:In order to defend the attacks caused by DDOS and worms(or vicious codes) in large scale network,a general,solid,in-depth and distributed active cooperation defense model is presented.A set of achievable methods ranging from systemic architecture,function mechanisms and algorithm descriptions are given.The model,which is demonstrated by the system architecture,function modules and active cooperation defense to stop the attacks,is the integrated and systemic model.It integrates several role security technologies,such as IDS,firework and honeynet,and achieves a complete set of functional mechanisms for active cooperation defense.By the cooperation from the security components within inside and outside the autonomous system(AS),we realize the active cooperation defense which involves the multi-level defense range from network boundary level,kernel level,sub-network level to host level.As a result,the presented model not only can achieve effectively security defense in the large scale network,but also can have the good generality and scalability.

Yi-Wei Ma,Yi-Hao Tu,Chih-Ting Shen

DOI: https://doi.org/10.1016/j.ijcip.2024.100662

IF: 3.683

2024-02-11

International Journal of Critical Infrastructure Protection

Abstract:Industrial Control Systems (ICS) security happens often, which makes it hard for many organizations to keep a balance between operational efficiency, system efficiency, and security. A major concern is how to protect information security and make sure that ICS keep working. This study thus presents a defense-based system with adaptive cyber resilience (DSACR). DSACR will optimize the configuration with respect to the three indices of operational efficiency, performance, and security. Whenever an assault event happens, DSACR offers protective solutions depending on the threat level to optimize the security and running costs of recovering ICS. In terms of safety and operation, DSACR is superior to other approaches by 3% and 11%, respectively, as shown by the results of the experiments.

engineering, multidisciplinary,computer science, information systems

Wenlian Lu,Shouhuai Xu,Xinlei Yi

DOI: https://doi.org/10.48550/arXiv.1603.08312

2016-03-28

Abstract:Active cyber defense is one important defensive method for combating cyber attacks. Unlike traditional defensive methods such as firewall-based filtering and anti-malware tools, active cyber defense is based on spreading "white" or "benign" worms to combat against the attackers' malwares (i.e., malicious worms) that also spread over the network. In this paper, we initiate the study of {\em optimal} active cyber defense in the setting of strategic attackers and/or strategic defenders. Specifically, we investigate infinite-time horizon optimal control and fast optimal control for strategic defenders (who want to minimize their cost) against non-strategic attackers (who do not consider the issue of cost). We also investigate the Nash equilibria for strategic defenders and attackers. We discuss the cyber security meanings/implications of the theoretic results. Our study brings interesting open problems for future research.

Cryptography and Security,Social and Information Networks,Systems and Control,Dynamical Systems,Optimization and Control

Chengrong WU,Ming YAN,Haolin Jin,Wei LIU,Shiyong ZHANG,Jianping ZENG

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.002

2016-01-01

Abstract:Traditional information security defense techniques have the feature of static and passive. Systems and security mechanisms are relatively fixed in a period of time. So attackers can continuously study the static target, and try to find the vulnerability of it. In order to improve the proactivity of security defense, some research programs that tried to“change the rules of the game”had been initialized throughout the world. MTD (moving target defense) and the Mimic-Defense are the emerging ideas of proactive defense. However, to achieve the purpose of proactive defense, in addition to the separate uses of techniques on key points, we also need a framework. Deferent defense mechanisms can be effectively cooperate in the framework to form a general “moving” and controlled proactive defense system. Traditional information system which does not have the build-in proactive defense mechanism can also run in this framework, and be benefited from the proac-tive defense mechanism to enhance the ability of defense. This paper presents a kind of framework that can effectively integrate different levels of proactive defense techniques and mechanisms, and is compatible with the traditional applica-tions. We call it self-transforming proactive defense network framework. This framework can archive the integration of build-in with bolt-on proactive defense techniques, the integration of multi-level and multi-granularity proactive defense techniques. It is compatible with traditional applications which do not have the build-in proactive defense mechanism, and provides ideas.to form a new generation of build-in proactive defense network architecture in the future.

Yijia Cao

2008-01-01

Abstract:According to the development trend and present condition of security protection of power enterprise information integration,a security protection architecture of power enterprise information integration based on the technology of distributed intrusion tolerance with multi-level defense line is proposed.The intrusion tolerance strategies of the proposed architecture consist of following items:(A) the firewall is used as the fundamental protective measures;(B) at key nodes in non-realtime application network,the mobile agents are configured to implement on-line detection and tracking of internal and external intrusions;(C) after the intruder is successfully confirmed by intrusion detection system,according to the requirement of system security the honeypot technology based intrusion inducting system directionally inducts the locked invading flow,and the active defensive mode protects the legitimate system from invasion;(D) by means of slicing-scattering based distributed document management style,the resilient file system serves as the last defense line of enterprise memory system.Moreover,the key security protection problems pertinent to transverse and longitudinal information integration as well as the application of the technologies,such as mobile agents,honeypot,resilient file system and so on,in security protection system are analyzed.Finally,the application of the proposed secure protection architecture is briefly presented.

Hongchao Hu,Jiangxing Wu,Zhenpeng Wang,Guozhen Cheng

DOI: https://doi.org/10.1049/iet-ifs.2017.0086

2017-01-01

IET Information Security

Abstract:In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs dynamic, heterogeneity, redundancy (DHR)' mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.

Jian-Jun Qi,Zeng-Zhi Li

DOI: https://doi.org/10.1007/11559221_77

2005-01-01

Abstract:This paper proposes a security architecture that employs trust notion to address security issues in active networks. The subjectivity of trust is discussed, and the innovative idea is that how to compute trust should be decided subjectively by an entity. Then, a general framework for a trust system is described. Finally, a flexible trust management model, which employs the features of active networks, is presented. In this model, different entities can use different methods to compute trust, and an entity can change its computing method of trust over time.

Cheng Lei,Hong-Qi Zhang,Jing-Lei Tan,Yu-Chen Zhang,Xiao-Hu Liu

DOI: https://doi.org/10.1155/2018/3759626

IF: 1.968

2018-07-22

Security and Communication Networks

Abstract:As an active defense technique to change asymmetry in cyberattack-defense confrontation, moving target defense research has become one of the hot spots. In order to gain better understanding of moving target defense, background knowledge and inspiration are expounded at first. Based on it, the concept of moving target defense is analyzed. Secondly, literature analysis method is adopted to explain the design principles and system architecture of moving target defense. In addition, some relevant key techniques are introduced from the aspects of strategy generation, shuffling implementation, and performance evaluation. After that, the applications of moving target defense in different network architectures are illustrated. Finally, existing problems and future trend in this field are elaborated so as to provide a basis for further study.

computer science, information systems,telecommunications