QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Shuang-Xi Chen,Xin-Yue Jiang,Gao-Ning Pan,Chun-Ming Wu

DOI: https://doi.org/10.1109/ISNCC.2019.8909166

2019-01-01

Abstract:Resource Scheduling Strategy on heterogeneous executives, which is the “real” service provider, is studied in this paper based on Mimic Defense Theory. Since the redundancy and heterogeneity of executives, their response times differ. In order to mitigate the Bucket Effect on the response time of heterogeneous executives in the existing mimic defense methods, this paper proposes a method based on feedback control model that executive source allocation is adjusted dynamically to improve the response time of the executive set. The comparative experiment shows that this scheduling strategy has a great improvement in response process time, comparing with the existing scheduling strategy.

Qing TONG,Zheng ZHANG,Wei-Hua ZHANG,Jiang-Xing WU

DOI: https://doi.org/10.13328/j.cnki.jos.005192

2017-01-01

Abstract:The Web server system,being the most important platform of supporting and providing network services,is facing serious security problem.The existing defending technologies mainly deal with the known attacking methods or the known vulnerabilities,and therefore are not effective in case of the unknown threats and do not provide overall defense.This paper first proposes an attacking model to analyze the shortcomings of existing defending technologies.Next,a dynamic heterogeneous redundancy structure based mimic defending model is proposed,and its defending principles and the characteristics are interpreted.Then,the mimic defending Web server is designed on the mimic defending model,and the structure and the implementation principles in the Web server design are introduced.The results of security and performance tests show that the presented mimic defending Web server can defend against all kinds of attacks in the tests with little performance loss,which verifies the effectiveness and the practicability of the mimic defending technology.Finally a perspective of the future work and challenges of mimic defending technology is discussed.

Hongchao Hu,Jiangxing Wu,Zhenpeng Wang,Guozhen Cheng

DOI: https://doi.org/10.1049/iet-ifs.2017.0086

2017-01-01

IET Information Security

Abstract:In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs dynamic, heterogeneity, redundancy (DHR)' mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.

Xueming Si,Wei Wang,Junjie Zeng,Benchao Yang,Guangsong Li,Chao Yuan,Fan Zhang

DOI: https://doi.org/10.15302/J-SSCAE-2016.06.013

2016-01-01

strategic study of chinese Academy of engineering

Abstract:With the development of the Internet, cyberspace security issues have become a major concern related to national security. This paper ifrst introduces some classic network defense technology. Next, it introduces the technology of mimic defense, including mimic defense systems, related scientiifc problems, and the theoretical framework of mimicry defense. The effectiveness of a mimic defense system is also analyzed in comparison with a traditional network defense technology. Finally, some problems worthy of study are presented regarding the basic theory of mimic defense.

Jiangxing WU

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001

2016-01-01

Abstract:The unbalance in cyber security and its root is analyzed in this paper, of which a dynamically redundant het-erogeneity architecture and the basic principle to compose an information system of high reliability and high security level with unreliable hardware is mainly discussed. Then, basic concepts about mimic defense is briefly stated. Finally, a test evaluation and preliminary conclusion about the system of mimic defense verification is presented.

Guangsong Li,Wei Wang,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1007/s11265-019-01473-6

2020-04-15

Journal of Signal Processing Systems

Abstract:The long-term existence of various vulnerabilities and backdoors in software and hardware makes security threats of the cyberspace more and more serious. Cyberspace mimic defense tries to use uncertain defense to deal with uncertain threat and construct the risk-controlled information system based on components with security flaws. However, mimic defense system is at a preliminary stage of research. It is necessary to pay more attention to the new theory. This paper further expands the ideas from mimic defense system and proposes a typical framework for the system. Then principles of mimic transformation design are explained. This paper also describes concepts of mimic operator and mimic awareness function. Effectiveness of mimic defense system is showed by simulations of mimic defense web server.

Guoliang Hu,Guofang Gong,Huayong Yang

DOI: https://doi.org/10.3969/j.issn.1000-1298.2007.01.042

2007-01-01

Abstract:Aiming at the questions existed in the simulating test of shield tunnelling machine, a condition monitoring system of simulator test rig for shield tunnelling machine was designed using common configuration software “Kingview”, and the structure characteristics of hardware and software were also analyzed. The human machine interface of condition monitoring system was developed and designed, and the design idea was also expounded in detail. The experimental results show that the designed condition monitoring system has good operation performance and high security, which has been applied in the simulator tunnelling successfully.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_10

2019-01-01

Abstract:In Chap. 9, we described the basic principles of mimic defense. In this chapter, we will focus on the basic conditions and constraints for mimic defense engineering and implementation, the key implementation mechanisms, major issues, and possible approaches and solutions. We will also briefly explore how to test and evaluate the mimic defense.

Xu Junjie,Junjie Xu

DOI: https://doi.org/10.4236/jcc.2021.97001

2021-01-01

Journal of Computer and Communications

Abstract:With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.

Luo Xingguo,Tong Qing,Zhang Zheng,Wu Jiangxing

DOI: https://doi.org/10.15302/j-sscae-2016.06.014

2016-01-01

Abstract:Cyberspace security is in an unbalanced state, in which it is easy to attack and difficult to defend. Active defense technology is a new direction in cyberspace security research, which is attracting increasing attention. This paper summarizes the development of active defense via the introduction of intrusion-tolerant technology and moving target defense technology. Furthermore, the theory, implementation, and testing of mimic defense are introduced. Based on a comparison of mimic defense with intrusion tolerance and moving target defense, the research direction and the key points of cybersecurity rebalancing strategy are proposed to provide a reference for the development of national cybersecurity.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_11

2020-01-01

Abstract:As pointed out in the previous chapter, the mimic defense is essentially an endogenous security effect formed by the combination of the generalized robust control DHR architecture and the mimic disguise mechanism. It is especially suitable for highly reliable, available, and credible applications that require stability robustness and quality robustness and enjoy better universality in areas such as IT, ICT, CPS, and intelligent control. The related technologies can be used for low-complexity applications such as various software and hardware components, modules, middleware, and IP cores and can also be used for various information processing in control equipment, devices, systems, platforms, facilities, network elements, and even in network environments. Its endogenous security functions should be one of the iconic features of a new generation of information systems. However, the target systems based on the DHR architecture require dedicated or COTS IT products, advanced development tools, and diverse product ecosystems to reduce implementation complexity and cost. The following technological advances or trends have laid an important foundation for the engineering application of mimic defense.

Wu Jiangxing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2014.07.001

2014-01-01

Abstract:To facilitate high-performance and high-security computing, a technology system based on mimic computing（MC）and mimic security defense（MSD）was proposed. The proposed system focused on both the multi-dimensional reconfigurable and functional architecture and the dynamic varied mechanism. An overview about the concept and mechanism of the MC and MSD was also introduced from the angles of meaning and vision. The science and engineering problems to be further addressed were given in the end.

Mengxiang Liu,Zexuan Jin,Jinhui Xia,Mingyang Sun,Ruilong Deng,Peng Cheng

DOI: https://doi.org/10.1109/infocomwkshps51825.2021.9484453

2021-01-01

Abstract:In DC microgrids (DCmGs), distributed control is becoming a promising framework due to prominent scalability and efficiency. To transmit essential data and information for system control, various communication network topologies and protocols have been employed in modern DCmGs. However, such communication also exposes the DCmG to unexpected cyber attacks. In this demo, a scalable cyber security testbed is established for conducting hardware-in-the-loop (HIL) exper-iments and comprehensively investigating the security impact on DCmGs. Specifically, the testbed employs a Typhoon HIL 602+ emulator, which is professional in power electronics system emulation, to demonstrate four (12 at most) distributed energy resources (DERs). The communication network is implemented through the self-loop RS-232 interface. Based on the testbed, we systematically investigate the impact of two kinds of typical cyber attacks (i.e., false data injection and replay attacks). Experimental results show that both attacks will deteriorate the point-of-common coupling (PCC) voltages of the DERs and jeopardize the stability of the whole DCmG.

Wenbo Dai,Shengyu Li,Li Lu,Yalan Ye,Fanjun Meng,Dashun Zhang

DOI: https://doi.org/10.1109/iciba52610.2021.9688212

2021-01-01

Abstract:The attacks and defenses in industrial control system(ICS) security has been in an asymmetrical situation. Due to the closeness, specificity and complexity of ICS, it has more vulnerabilities and deeper hidden backdoors. The traditional “remedy” type of defense is difficult to prevent increasingly complex attack methods. Starting from the attack chain model, this paper analyzes shortcomings of traditional ICS defense technology, and proposes an ICS security system structure based on mimic defense. Digital twin technology is used to build executive entities of mimic defense model, and increase the dynamic and heterogeneity of ICS. The system structure based on mimic defense has better protection against unknown vulnerabilities, and reduces the probability of being attacked successfully, improve the ICS's ability to withstand attacks through endogenous security at the system level, and alleviate the passive and lagged situation of ICS defense.

Jiale Fu,Yali Yuan,Jiajun He,Sichu Liang,Zhe Huang,Hongyu Zhu

DOI: https://doi.org/10.48550/arXiv.2208.10276

2022-08-22

Cryptography and Security

Abstract:The current security problems in cyberspace are characterized by strong and complex threats. Defenders face numerous problems such as lack of prior knowledge, various threats, and unknown vulnerabilities, which urgently need new fundamental theories to support. To address these issues, this article proposes a generic theoretical model for cyberspace defense and a new mimic defense framework, that is, Spatiotemporally heterogeneous, Input aware, and Dynamically updated Mimic Defense (SIDMD). We make the following contributions: (1) We first redefine vulnerabilities from the input space perspective to normalize the diverse cyberspace security problem. (2) We propose a novel unknown vulnerability discovery method and a dynamic scheduling strategy considering temporal and spatial dimensions without prior knowledge. Theoretical analysis and experimental results show that SIDMD has the best security performance in complex attack scenarios, and the probability of successful attacks is greatly reduced compared to the state-of-the-art.

Liming Pu,Jiangxing Wu,Hailong Ma,Yuhang Zhu,Yingle Li

DOI: https://doi.org/10.23919/jcc.2021.01.018

2021-01-01

China Communications

Abstract:In recent years, an increasing number of application services are deployed in the cloud.However, the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors. Many researchers have studied the Cyber Mimic Defense（CMD） technologies of the cloud services. However, there is a shortage of tools that enable researchers to evaluate their newly proposed cloud service CMD mechanisms, such as scheduling and decision mechanisms. To fill this gap, we propose MimicCloudSim as a mimic cloud service simulation system based on the basic functionalities of CloudSim.MimicCloudSim supports the simulation of dynamic heterogeneous redundancy（DHR） structure which is the core architecture of CMD technology, and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper, we firstly describes the architecture and implementation of MimicCloudSim, and then discusses the simulation process. Finally, we demonstrate the capabilities of MimicCloudSim by using a decision mechanism. In addition, we tested the performance of MimicCloudSim, the conclusion shows that MimicCloudSim is highly scalable.

Lei He,Quan Ren,Bolin Ma,Weili Zhang,Jiangxing Wu

DOI: https://doi.org/10.23919/jcc.2021.00.011

2022-01-01

China Communications

Abstract:With the rapid development of information technology, the cyberspace security problem is increasingly serious. Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense. This paper aims to describe the architecture and analyze the performance of Cyberspace Mimic DNS based on generalized stochastic Petri net. We propose a general method of anti-attacking analysis. For general attack and special attack model, the available probability, escaped probability and non-special awareness probability are adopted to quantitatively analyze the system performance. And we expand the GSPN model to adjust to engineering practice by specifying randomness of different output vectors. The result shows that the proposed method is effective, and Mimic system has high anti-attacking performance. To deal with the special attack, we can integrate the traditional defense mechanism in engineering practice. Besides, we analyze the performance of mimic DNSframework based on multi-ruling proxy and input-output desperation, the results represent we can use multi ruling or high-speed cache servers to achieve the consistent cost of delay, throughput compared with single authorized DNS, it can effectively solve 10% to 20% performance loss caused by general ruling proxy.

Bin Li,Qinglei Zhou,Xueming Si,Jinhua Fu

DOI: https://doi.org/10.1109/access.2018.2869174

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the rapid development of the Internet, increasingly more attention has been paid to network security problems. A network security defense technology has become a very important research field. Currently, most network equipment transmits data in plaintext at the data link layer, which exposes important information, such as IP addresses, port numbers, and application protocols, to an attacker and provides an opportunity for network attacks. To protect a network against attacks and ensure its security, this paper proposes a mimic encryption system for network security. Based on the concepts of moving target defense and mimic security defense, using the principles of randomization, dynamism, and diversification, a data link layer mimic encryption system is constructed from the underlying network of an information system. By transforming the frame format, a reconfigurable encryption algorithm, an hash algorithm, and a pseudo-random number generator are used to design different combination encryption modes. Then, the hash value of an encrypted frame is obtained by performing the hash operation, and feedback update is performed to generate new key parameters for the hash key pool. In addition, the pseudo-random selection of combinations of encryption algorithms and keys is performed to achieve "one frame-one key''. Finally, an FPGA is used as the network encryption card, and a CPU is used to realize two-party key agreement and the upper layer application. Using the FPGA + CPU hardware and software collaboration, the attack surface is expanded. Taking advantage of the high anti-interference property of an FPGA, part of the attack against the software system is filtered. The experimental results and analysis show that the encryption and decryption performance of this system in a 10 G network are approximately 500 MB/s. Thus, the system can effectively prevent the leakage of user data and resist network sniffing, vulnerability attacks, exhaustive key search attacks, and ciphertext-only attacks. Moreover, this system provides high security.

Yibo Cheng,Gang Cui,Lin Zhang,Yunmin Wang,Huajun Ma,Hui Li

DOI: https://doi.org/10.1109/ICCSN49894.2020.9139117

2020-01-01

Abstract:With the development of Industrial Internet, the industrial control systems continue to evolve. Nuclear power industrial control system, as the core information system of nuclear power plants, has extremely high requirements for security. But at present, all industrial security control products still have a large amount of vulnerabilities. Meanwhile, traditional protection methods can only resist known attacks, and have no way to defend against unknown attacks. Based on the mimic defense theory, this paper proposes a mimic object storage system based on multiple erasure codes. In addition to the dynamics, heterogeneity, and redundancy attribute of mimic defense, the use of erasure codes can reduce storage costs and improve data reliability. This paper introduces the system architecture and the laboratory simulation of the system. This system can resist multiple types of attacks and can be used to improve the security level of nuclear industry control systems.