With the advent of the era of big data,cloud computing,Internet of things,and other information industries continue to develop.There is an increasing amount of unstructured data such as pictures,audio,and video on the...With the advent of the era of big data,cloud computing,Internet of things,and other information industries continue to develop.There is an increasing amount of unstructured data such as pictures,audio,and video on the Internet.And the distributed object storage system has become the mainstream cloud storage solution.With the increasing number of distributed applications,data security in the distributed object storage system has become the focus.For the distributed object storage system,traditional defenses are means that fix discovered system vulnerabilities and backdoors by patching,or means to modify the corresponding structure and upgrade.However,these two kinds of means are hysteretic and hardly deal with unknown security threats.Based on mimic defense theory,this paper constructs the principle framework of the distributed object storage system and introduces the dynamic redundancy and heterogeneous function in the distributed object storage system architecture,which increases the attack cost,and greatly improves the security and availability of data.展开更多
In recent years,network attacks have been characterized by diversification and scale,which indicates a requirement for defense strategies to sacrifice generalizability for higher security.As the latest theoretical ach...In recent years,network attacks have been characterized by diversification and scale,which indicates a requirement for defense strategies to sacrifice generalizability for higher security.As the latest theoretical achievement in active defense,mimic defense demonstrates high robustness against complex attacks.This study proposes a Function-aware,Bayesian adjudication,and Adaptive updating Mimic Defense(FBAMD)theory for addressing the current problems of existing work including limited ability to resist unknown threats,imprecise heterogeneous metrics,and over-reliance on relatively-correct axiom.FBAMD incorporates three critical steps.Firstly,the common features of executors’vulnerabilities are obtained from the perspective of the functional implementation(i.e,input-output relationships extraction).Secondly,a new adjudication mechanism considering Bayes’theory is proposed by leveraging the advantages of both current results and historical confidence.Furthermore,posterior confidence can be updated regularly with prior adjudication information,which provides mimic system adaptability.The experimental analysis shows that FBAMD exhibits the best performance in the face of different types of attacks compared to the state-of-the-art over real-world datasets.This study presents a promising step toward the theo-retical innovation of mimic defense.展开更多
With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target sy...With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.展开更多
The Mimic Defense(MD)is an endogenous security technology with the core technique of Dynamic Heterogeneous Redundancy(DHR)architecture.It can effectively resist unknown vulnerabilities,backdoors,and other security thr...The Mimic Defense(MD)is an endogenous security technology with the core technique of Dynamic Heterogeneous Redundancy(DHR)architecture.It can effectively resist unknown vulnerabilities,backdoors,and other security threats by schedule strategy,negative feedback control,and other mechanisms.To solve the problem that Cyber Mimic Defense devices difficulty of supporting the TCP protocol.This paper proposes a TCP protocol normalization scheme for DHR architecture.Theoretical analysis and experimental results show that this scheme can realize the support of DHR-based network devices to TCP protocol without affecting the security of mimicry defense architecture.展开更多
As modern systems widely deploy protective measures for control data in memory,such as Control-Flow Integrity(CFI),attackers'ability to manipulate control data is greatly restricted.Consequently,attackers are turn...As modern systems widely deploy protective measures for control data in memory,such as Control-Flow Integrity(CFI),attackers'ability to manipulate control data is greatly restricted.Consequently,attackers are turning to opportunities to manipulate non-control data in memory(known as Data-Oriented Attacks,or DOAs),which have been proven to pose significant security threats to memory.However,existing techniques to mitigate DOAs often introduce significant overhead due to the indiscriminate protection of a large range of data objects.To address this challenge,this paper adopts a Cyberspace Mimic Defense(CMD)strategy,a generic framework for addressing endogenous security vulnerabilities,to prevent attackers from executing DOAs using known or unknown security flaws.Specifically,we introduce a formalized expression algorithm that assesses whether DOA attackers can construct inputs to exploit vulnerability points.Building on this,we devise a key-area CMD strategy that modifies the coded pathway from input to the vulnerability point,thereby effectively thwarting the activation of the vulnerability.Finally,our experiments on real-world applications and simulation demonstrate that the key-area CMD strategy can effectively prevent DOAs by selectively diversifying parts of the program code.展开更多
Users usually focus on the application-level requirements which are quite friendly and direct to them.However,there are no existing tools automating the application-level requirements to infrastructure provisioning an...Users usually focus on the application-level requirements which are quite friendly and direct to them.However,there are no existing tools automating the application-level requirements to infrastructure provisioning and application deployment.Although some security issues have been solved during the development phase,the undiscovered vulnerabilities remain hidden threats to the application’s security.Cyberspace mimic defense(CMD)technologies can help to enhance the application’s security despite the existence of the vulnerability.In this paper,the concept of SECurity-as-a-Service(SECaaS)is proposed with CMD technologies in cloud environments.The experiment on it was implemented.It is found that the application’s security is greatly improved to meet the user’s security and performance requirements within budgets through SECaaS.The experimental results show that SECaaS can help the users to focus on application-level requirements(monetary costs,required security level,etc.)and automate the process of application orchestration.展开更多
Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.Howe...Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.展开更多
In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers ha...In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers have studied the Cyber Mimic Defense(CMD)technologies of the cloud services.However,there is a shortage of tools that enable researchers to evaluate their newly proposed cloud service CMD mechanisms,such as scheduling and decision mechanisms.To fill this gap,we propose MimicCloudSim as a mimic cloud service simulation system based on the basic functionalities of CloudSim.MimicCloudSim supports the simulation of dynamic heterogeneous redundancy(DHR)structure which is the core architecture of CMD technology,and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper,we firstly describes the architecture and implementation of MimicCloudSim,and then discusses the simulation process.Finally,we demonstrate the capabilities of MimicCloudSim by using a decision mechanism.In addition,we tested the performance of MimicCloudSim,the conclusion shows that MimicCloudSim is highly scalable.展开更多
Mimic active defense technology effectively disrupts attack routes and reduces the probability of successful attacks by using a dynamic heterogeneous redundancy(DHR)architecture.However,current approaches often overlo...Mimic active defense technology effectively disrupts attack routes and reduces the probability of successful attacks by using a dynamic heterogeneous redundancy(DHR)architecture.However,current approaches often overlook the adaptability of the adjudication mechanism in complex and variable network environments,focusing primarily on system security while neglecting performance considerations.To address these limitations,we propose an output difference feedback and system benefit control based DHR architecture.This architecture introduces an adjudication mechanism based on output difference feedback,which enhances adaptability by considering the impact of each executor's output deviation on the global decision.Additionally,the architecture incorporates a scheduling strategy based on system benefit,which models the quality of service and switching overhead as a bi-objective optimization problem,balancing security with reduced computational costs and system overhead.Simulation results demonstrate that our architecture improves adaptability towards different network environments and effectively reduces both the attack success rate and average failure rate.展开更多
基金National Keystone R&D Program of China(No.2017YFB0803204)Shenzhen Research Programs(JCYJ20170306092030521)+3 种基金the PCL Future Regional Network Facilities for Largescale Experiments and Applications(LZC0019)ZTE University Funding,Natural Science Foundation of China(NSFC)(No.61671001)GuangDong Prov.,R&D Key Program(No.2019B010137001)the Shenzhen Municipal Development and Reform Commission(Disciplinary Development Program for Data Science and Intelligent Computing).
文摘With the advent of the era of big data,cloud computing,Internet of things,and other information industries continue to develop.There is an increasing amount of unstructured data such as pictures,audio,and video on the Internet.And the distributed object storage system has become the mainstream cloud storage solution.With the increasing number of distributed applications,data security in the distributed object storage system has become the focus.For the distributed object storage system,traditional defenses are means that fix discovered system vulnerabilities and backdoors by patching,or means to modify the corresponding structure and upgrade.However,these two kinds of means are hysteretic and hardly deal with unknown security threats.Based on mimic defense theory,this paper constructs the principle framework of the distributed object storage system and introduces the dynamic redundancy and heterogeneous function in the distributed object storage system architecture,which increases the attack cost,and greatly improves the security and availability of data.
基金supported by the National Key Research and Development Program of China(Grant No.2020YFB1804604).
文摘In recent years,network attacks have been characterized by diversification and scale,which indicates a requirement for defense strategies to sacrifice generalizability for higher security.As the latest theoretical achievement in active defense,mimic defense demonstrates high robustness against complex attacks.This study proposes a Function-aware,Bayesian adjudication,and Adaptive updating Mimic Defense(FBAMD)theory for addressing the current problems of existing work including limited ability to resist unknown threats,imprecise heterogeneous metrics,and over-reliance on relatively-correct axiom.FBAMD incorporates three critical steps.Firstly,the common features of executors’vulnerabilities are obtained from the perspective of the functional implementation(i.e,input-output relationships extraction).Secondly,a new adjudication mechanism considering Bayes’theory is proposed by leveraging the advantages of both current results and historical confidence.Furthermore,posterior confidence can be updated regularly with prior adjudication information,which provides mimic system adaptability.The experimental analysis shows that FBAMD exhibits the best performance in the face of different types of attacks compared to the state-of-the-art over real-world datasets.This study presents a promising step toward the theo-retical innovation of mimic defense.
文摘With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.
基金supported by the National Key Research and Development Project of China(Grant No.2020YFB1804600)the Major Scientific Project of Zhejiang Lab(2018FD0ZX01).
文摘The Mimic Defense(MD)is an endogenous security technology with the core technique of Dynamic Heterogeneous Redundancy(DHR)architecture.It can effectively resist unknown vulnerabilities,backdoors,and other security threats by schedule strategy,negative feedback control,and other mechanisms.To solve the problem that Cyber Mimic Defense devices difficulty of supporting the TCP protocol.This paper proposes a TCP protocol normalization scheme for DHR architecture.Theoretical analysis and experimental results show that this scheme can realize the support of DHR-based network devices to TCP protocol without affecting the security of mimicry defense architecture.
基金supported by the National Key R&D Program of China(2022YFB3102800)
文摘As modern systems widely deploy protective measures for control data in memory,such as Control-Flow Integrity(CFI),attackers'ability to manipulate control data is greatly restricted.Consequently,attackers are turning to opportunities to manipulate non-control data in memory(known as Data-Oriented Attacks,or DOAs),which have been proven to pose significant security threats to memory.However,existing techniques to mitigate DOAs often introduce significant overhead due to the indiscriminate protection of a large range of data objects.To address this challenge,this paper adopts a Cyberspace Mimic Defense(CMD)strategy,a generic framework for addressing endogenous security vulnerabilities,to prevent attackers from executing DOAs using known or unknown security flaws.Specifically,we introduce a formalized expression algorithm that assesses whether DOA attackers can construct inputs to exploit vulnerability points.Building on this,we devise a key-area CMD strategy that modifies the coded pathway from input to the vulnerability point,thereby effectively thwarting the activation of the vulnerability.Finally,our experiments on real-world applications and simulation demonstrate that the key-area CMD strategy can effectively prevent DOAs by selectively diversifying parts of the program code.
基金National Key Research and Development Program of China(2017YFB0803202)Major Scientific Research Project of Zhejiang Lab(No.2018FD0ZX01)+1 种基金National Core Electronic Devices,High-end Generic Chips and Basic Software Major Projects(2017ZX01030301)the National Natural Science Foundation of China(No.61309020)and the National Natural Science Fund for Creative Research Groups Project(No.61521003).
文摘Users usually focus on the application-level requirements which are quite friendly and direct to them.However,there are no existing tools automating the application-level requirements to infrastructure provisioning and application deployment.Although some security issues have been solved during the development phase,the undiscovered vulnerabilities remain hidden threats to the application’s security.Cyberspace mimic defense(CMD)technologies can help to enhance the application’s security despite the existence of the vulnerability.In this paper,the concept of SECurity-as-a-Service(SECaaS)is proposed with CMD technologies in cloud environments.The experiment on it was implemented.It is found that the application’s security is greatly improved to meet the user’s security and performance requirements within budgets through SECaaS.The experimental results show that SECaaS can help the users to focus on application-level requirements(monetary costs,required security level,etc.)and automate the process of application orchestration.
基金supported by the Financial and Science Technology Plan Project of Xinjiang Production and Construction Corps,under grants No.2020DB005 and No.2017DB005supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions fund.
文摘Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.
基金This work was supported by the National Science and Technology Major Project of China(No.2018ZX03002002)the Foundation for Innovative Research Groups of the National Natural Science Foundation of China(No.61521003).
文摘In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers have studied the Cyber Mimic Defense(CMD)technologies of the cloud services.However,there is a shortage of tools that enable researchers to evaluate their newly proposed cloud service CMD mechanisms,such as scheduling and decision mechanisms.To fill this gap,we propose MimicCloudSim as a mimic cloud service simulation system based on the basic functionalities of CloudSim.MimicCloudSim supports the simulation of dynamic heterogeneous redundancy(DHR)structure which is the core architecture of CMD technology,and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper,we firstly describes the architecture and implementation of MimicCloudSim,and then discusses the simulation process.Finally,we demonstrate the capabilities of MimicCloudSim by using a decision mechanism.In addition,we tested the performance of MimicCloudSim,the conclusion shows that MimicCloudSim is highly scalable.
基金supported by the National Key R&D Program of China(Nos.2023YFB2904004 and 2023YFB2904000)the JiangsuKey Development Planning Project(No.BE2023004-2)+1 种基金the Natural Science Foundation of Jiangsu Province(Higher Education Institutions)(No.20KJA520001)the Postgraduate Research Practice Innovation Program of Jiangsu Province(No.KYCX22_1021)。
文摘Mimic active defense technology effectively disrupts attack routes and reduces the probability of successful attacks by using a dynamic heterogeneous redundancy(DHR)architecture.However,current approaches often overlook the adaptability of the adjudication mechanism in complex and variable network environments,focusing primarily on system security while neglecting performance considerations.To address these limitations,we propose an output difference feedback and system benefit control based DHR architecture.This architecture introduces an adjudication mechanism based on output difference feedback,which enhances adaptability by considering the impact of each executor's output deviation on the global decision.Additionally,the architecture incorporates a scheduling strategy based on system benefit,which models the quality of service and switching overhead as a bi-objective optimization problem,balancing security with reduced computational costs and system overhead.Simulation results demonstrate that our architecture improves adaptability towards different network environments and effectively reduces both the attack success rate and average failure rate.
