Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_8

IF: 2.701

2019-01-01

Wireless Networks

Abstract:DHR, as an innovative and simplified system architecture, can provide general robust control which is not seen in a conventional mode. Not relying on any a priori knowledge and additional security support, it can normalize all uncertain disturbances caused by random faults or attacks based on vulnerabilities or backdoors as classic reliability problems and handle them in the same approach. With its inherent "uncertainty" effect, the DHR framework has an intrinsic defensive function"invisibility." Such invisibility is related not only to the redundancy, heterogeneity, and multimode output vector grammar and semantic abundance of the executors under functional equivalence conditions but also to the multimode decision algorithm set; the executor scheduling policy; the cleaning, restoration, and reorganization and restructuring mechanism; as well as the application of traditional security technology. So now the question is: what driving mechanism and gaming strategy should be adopted to get the desired endogenous security defense effect? The earth biosphere that has been naturally evolving for hundreds of millions of years usually provides a perspective of solving the problem and enlightening us on our creative thinking.

Hongchao Hu,Jiangxing Wu,Zhenpeng Wang,Guozhen Cheng

DOI: https://doi.org/10.1049/iet-ifs.2017.0086

2017-01-01

IET Information Security

Abstract:In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs dynamic, heterogeneity, redundancy (DHR)' mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_10

2019-01-01

Abstract:In Chap. 9, we described the basic principles of mimic defense. In this chapter, we will focus on the basic conditions and constraints for mimic defense engineering and implementation, the key implementation mechanisms, major issues, and possible approaches and solutions. We will also briefly explore how to test and evaluate the mimic defense.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Guangsong Li,Wei Wang,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1007/s11265-019-01473-6

2020-04-15

Journal of Signal Processing Systems

Abstract:The long-term existence of various vulnerabilities and backdoors in software and hardware makes security threats of the cyberspace more and more serious. Cyberspace mimic defense tries to use uncertain defense to deal with uncertain threat and construct the risk-controlled information system based on components with security flaws. However, mimic defense system is at a preliminary stage of research. It is necessary to pay more attention to the new theory. This paper further expands the ideas from mimic defense system and proposes a typical framework for the system. Then principles of mimic transformation design are explained. This paper also describes concepts of mimic operator and mimic awareness function. Effectiveness of mimic defense system is showed by simulations of mimic defense web server.

Jiangxing WU

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001

2016-01-01

Abstract:The unbalance in cyber security and its root is analyzed in this paper, of which a dynamically redundant het-erogeneity architecture and the basic principle to compose an information system of high reliability and high security level with unreliable hardware is mainly discussed. Then, basic concepts about mimic defense is briefly stated. Finally, a test evaluation and preliminary conclusion about the system of mimic defense verification is presented.

Luo Xingguo,Tong Qing,Zhang Zheng,Wu Jiangxing

DOI: https://doi.org/10.15302/j-sscae-2016.06.014

2016-01-01

Abstract:Cyberspace security is in an unbalanced state, in which it is easy to attack and difficult to defend. Active defense technology is a new direction in cyberspace security research, which is attracting increasing attention. This paper summarizes the development of active defense via the introduction of intrusion-tolerant technology and moving target defense technology. Furthermore, the theory, implementation, and testing of mimic defense are introduced. Based on a comparison of mimic defense with intrusion tolerance and moving target defense, the research direction and the key points of cybersecurity rebalancing strategy are proposed to provide a reference for the development of national cybersecurity.

Wenbo Dai,Shengyu Li,Li Lu,Yalan Ye,Fanjun Meng,Dashun Zhang

DOI: https://doi.org/10.1109/iciba52610.2021.9688212

2021-01-01

Abstract:The attacks and defenses in industrial control system(ICS) security has been in an asymmetrical situation. Due to the closeness, specificity and complexity of ICS, it has more vulnerabilities and deeper hidden backdoors. The traditional “remedy” type of defense is difficult to prevent increasingly complex attack methods. Starting from the attack chain model, this paper analyzes shortcomings of traditional ICS defense technology, and proposes an ICS security system structure based on mimic defense. Digital twin technology is used to build executive entities of mimic defense model, and increase the dynamic and heterogeneity of ICS. The system structure based on mimic defense has better protection against unknown vulnerabilities, and reduces the probability of being attacked successfully, improve the ICS's ability to withstand attacks through endogenous security at the system level, and alleviate the passive and lagged situation of ICS defense.

Wu Jiangxing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2014.07.001

2014-01-01

Abstract:To facilitate high-performance and high-security computing, a technology system based on mimic computing（MC）and mimic security defense（MSD）was proposed. The proposed system focused on both the multi-dimensional reconfigurable and functional architecture and the dynamic varied mechanism. An overview about the concept and mechanism of the MC and MSD was also introduced from the angles of meaning and vision. The science and engineering problems to be further addressed were given in the end.

Xu Junjie,Junjie Xu

DOI: https://doi.org/10.4236/jcc.2021.97001

2021-01-01

Journal of Computer and Communications

Abstract:With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.

Xueming Si,Wei Wang,Junjie Zeng,Benchao Yang,Guangsong Li,Chao Yuan,Fan Zhang

DOI: https://doi.org/10.15302/J-SSCAE-2016.06.013

2016-01-01

strategic study of chinese Academy of engineering

Abstract:With the development of the Internet, cyberspace security issues have become a major concern related to national security. This paper ifrst introduces some classic network defense technology. Next, it introduces the technology of mimic defense, including mimic defense systems, related scientiifc problems, and the theoretical framework of mimicry defense. The effectiveness of a mimic defense system is also analyzed in comparison with a traditional network defense technology. Finally, some problems worthy of study are presented regarding the basic theory of mimic defense.

He Jiajun,Yuan Yali,Liang Sichu,Fu Jiale,Zhu Hongyu,Cheng Guang

DOI: https://doi.org/10.23919/jcc.ja.2022-0842

2024-09-10

China Communications

Abstract:In recent years, network attacks have been characterized by diversification and scale, which indicates a requirement for defense strategies to sacrifice generalizability for higher security. As the latest theoretical achievement in active defense, mimic defense demonstrates high robustness against complex attacks. This study proposes a Function-aware, Bayesian adjudication, and Adaptive updating Mimic Defense (FBAMD) theory for addressing the current problems of existing work including limited ability to resist unknown threats, imprecise heterogeneous metrics, and over-reliance on relatively-correct axiom. FBAMD incorporates three critical steps. Firstly, the common features of executors' vulnerabilities are obtained from the perspective of the functional implementation (i.e, input-output relationships extraction). Secondly, a new adjudication mechanism considering Bayes' theory is proposed by leveraging the advantages of both current results and historical confidence. Furthermore, posterior confidence can be updated regularly with prior adjudication information, which provides mimic system adaptability. The experimental analysis shows that FBAMD exhibits the best performance in the face of different types of attacks compared to the state-of-the-art over real-world datasets. This study presents a promising step toward the theoretical innovation of mimic defense.

telecommunications

Shuang-Xi Chen,Xin-Yue Jiang,Gao-Ning Pan,Chun-Ming Wu

DOI: https://doi.org/10.1109/ISNCC.2019.8909166

2019-01-01

Abstract:Resource Scheduling Strategy on heterogeneous executives, which is the “real” service provider, is studied in this paper based on Mimic Defense Theory. Since the redundancy and heterogeneity of executives, their response times differ. In order to mitigate the Bucket Effect on the response time of heterogeneous executives in the existing mimic defense methods, this paper proposes a method based on feedback control model that executive source allocation is adjusted dynamically to improve the response time of the executive set. The comparative experiment shows that this scheduling strategy has a great improvement in response process time, comparing with the existing scheduling strategy.

Jiale Fu,Yali Yuan,Jiajun He,Sichu Liang,Zhe Huang,Hongyu Zhu

DOI: https://doi.org/10.48550/arXiv.2208.10276

2022-08-22

Cryptography and Security

Abstract:The current security problems in cyberspace are characterized by strong and complex threats. Defenders face numerous problems such as lack of prior knowledge, various threats, and unknown vulnerabilities, which urgently need new fundamental theories to support. To address these issues, this article proposes a generic theoretical model for cyberspace defense and a new mimic defense framework, that is, Spatiotemporally heterogeneous, Input aware, and Dynamically updated Mimic Defense (SIDMD). We make the following contributions: (1) We first redefine vulnerabilities from the input space perspective to normalize the diverse cyberspace security problem. (2) We propose a novel unknown vulnerability discovery method and a dynamic scheduling strategy considering temporal and spatial dimensions without prior knowledge. Theoretical analysis and experimental results show that SIDMD has the best security performance in complex attack scenarios, and the probability of successful attacks is greatly reduced compared to the state-of-the-art.

CHEN Liyue,SUN Xin,CHENG Tiansheng,WU Chunming,CHEN Shuangxi

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020142

2020-01-01

Abstract:Rootkit is a set of persistent and undetectable attack technologies,which can hide their attack behavior and backdoor trace by modifying software or kernel in operating system and changing execution path of instruction.Firstly,the basic definition and evolution of Rootkit were introduced,then the operating principle,current mainstream technology and detection methods of Rootkit were discussed.Then,through comparative experiments on performance and security,the application of mimic defense system was described for Web based on dynamic,heterogeneous,redundant structure under Trojan Horse attack.Experiments show that mimic defense system can effectively defend against Trojan Horse in tests in the premise of low overhead.At last,the opportunities and challenges of the DHR system were summarized.

Yibo Cheng,Gang Cui,Lin Zhang,Yunmin Wang,Huajun Ma,Hui Li

DOI: https://doi.org/10.1109/ICCSN49894.2020.9139117

2020-01-01

Abstract:With the development of Industrial Internet, the industrial control systems continue to evolve. Nuclear power industrial control system, as the core information system of nuclear power plants, has extremely high requirements for security. But at present, all industrial security control products still have a large amount of vulnerabilities. Meanwhile, traditional protection methods can only resist known attacks, and have no way to defend against unknown attacks. Based on the mimic defense theory, this paper proposes a mimic object storage system based on multiple erasure codes. In addition to the dynamics, heterogeneity, and redundancy attribute of mimic defense, the use of erasure codes can reduce storage costs and improve data reliability. This paper introduces the system architecture and the laboratory simulation of the system. This system can resist multiple types of attacks and can be used to improve the security level of nuclear industry control systems.

Qing TONG,Zheng ZHANG,Wei-Hua ZHANG,Jiang-Xing WU

DOI: https://doi.org/10.13328/j.cnki.jos.005192

2017-01-01

Abstract:The Web server system,being the most important platform of supporting and providing network services,is facing serious security problem.The existing defending technologies mainly deal with the known attacking methods or the known vulnerabilities,and therefore are not effective in case of the unknown threats and do not provide overall defense.This paper first proposes an attacking model to analyze the shortcomings of existing defending technologies.Next,a dynamic heterogeneous redundancy structure based mimic defending model is proposed,and its defending principles and the characteristics are interpreted.Then,the mimic defending Web server is designed on the mimic defending model,and the structure and the implementation principles in the Web server design are introduced.The results of security and performance tests show that the presented mimic defending Web server can defend against all kinds of attacks in the tests with little performance loss,which verifies the effectiveness and the practicability of the mimic defending technology.Finally a perspective of the future work and challenges of mimic defending technology is discussed.

Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Zequan Chen,Jifen Sun,Xin Yang,Gang Cui,Hui Li

DOI: https://doi.org/10.1145/3447654.3447660

2020-01-01

Abstract:Mimic defense (MD) is a novel architecture which takes the dynamic and heterogeneous security of redundant executors, and prevents further attacks through multi-mode decision feedback mechanism. However, there is a lack of effective analysis and evaluation on the defense cost and risk of multi-mode decision output. In this paper, we proposed the idea of Bayesian decision-making with minimum risk combined with the failure probability of the executor and the output of multi-mode decision. After considering the impact of failed defense and defensive cost on strategy generation, the optimal cleaning strategy is designed to ensuring the validity of optimal strategy. Finally, simulation experiments confirm the effectiveness of the model.

Zhili Lin,Kedan Li,Hanxu Hou,Xin Yang,Hui Li

DOI: https://doi.org/10.1109/bigdata.2017.8258229

2017-01-01

Abstract:As the Internet and the big data system evolve rapidly, the deployment of distributed applications becomes widespread, promoting the development of Distributed File System (DFS). The existing defense technologies for DFS, such as detection or patching, mainly aim to protect the system from known attacks and vulnerabilities. However, it is difficult for those systems to solve the growing security issues from the unknown threats due to their passiveness and hysteresis. In this paper, we propose MDFS, a mimic defense theory based architecture for DFS with the capability to improve the data security. Mimic Defense (MD), a proactive defense embedded in MDFS, emphasizes dynamism, heterogeneity and redundancy. The key benefits of MD are transferring the attack surface as well as increasing the cost of modification.