The information security and functional safety are fundamental issues of wireless communications sytems.The endogenous security principle based on Dynamic Heterogeneous Redundancy provides a direction for the developm...The information security and functional safety are fundamental issues of wireless communications sytems.The endogenous security principle based on Dynamic Heterogeneous Redundancy provides a direction for the development of wireless communication security and safety technology.This paper introduces the concept of wireless endogenous security from the following four aspects.First,we sorts out the endogenous security problems faced by the current wireless communications system,and then analyzes the endogenous security and safety attributes of the wireless channel.After that,the endogenous security and safety structure of the wireless communications system is given,and finally the applications of the existing wireless communication endogenous security and safety functions are listed.展开更多
The integration of digital twin(DT)and 6G edge intelligence provides accurate forecasting for distributed resources control in smart park.However,the adverse impact of model poisoning attacks on DT model training cann...The integration of digital twin(DT)and 6G edge intelligence provides accurate forecasting for distributed resources control in smart park.However,the adverse impact of model poisoning attacks on DT model training cannot be ignored.To address this issue,we firstly construct the models of DT model training and model poisoning attacks.An optimization problem is formulated to minimize the weighted sum of the DT loss function and DT model training delay.Then,the problem is transformed and solved by the proposed Multi-timescAle endogenouS securiTy-aware DQN-based rEsouRce management algorithm(MASTER)based on DT-assisted state information evaluation and attack detection.MASTER adopts multi-timescale deep Q-learning(DQN)networks to jointly schedule local training epochs and devices.It actively adjusts resource management strategies based on estimated attack probability to achieve endogenous security awareness.Simulation results demonstrate that MASTER has excellent performances in DT model training accuracy and delay.展开更多
The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become ...The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become a promising solution to guarantee the Quality of Service(QoS).However, the current routing algorithms mainly focus on the QoS of the service, rarely considering the security requirement of flow. To realize the secure transmission of flows in SAGIN, we propose an intelligent flow forwarding scheme with endogenous security based on Mimic Defense(ESMD-Flow). In this scheme, SDN controller will evaluate the reliability of nodes and links, isolate malicious nodes based on the reliability evaluation value, and adapt multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths. In addition, in order to meet the security requirement of flows, we introduce the programming data plane to design a multiprotocol forwarding strategy for realizing the multiprotocol dynamic forwarding of flows. ESMD-Flow can reduce the network attack surface and improve the secure transmission capability of flows by implementing multipath routing and multi-protocol hybrid forwarding mechanism. The extensive simulations demonstrate that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while improving the network throughput and reducing the average packet delay.展开更多
With the rapid development of information technologies,industrial Internet has become more open,and security issues have become more challenging.The endogenous security mechanism can achieve the autonomous immune mech...With the rapid development of information technologies,industrial Internet has become more open,and security issues have become more challenging.The endogenous security mechanism can achieve the autonomous immune mechanism without prior knowledge.However,endogenous security lacks a scientific and formal definition in industrial Internet.Therefore,firstly we give a formal definition of endogenous security in industrial Internet and propose a new industrial Internet endogenous security architecture with cost analysis.Secondly,the endogenous security innovation mechanism is clearly defined.Thirdly,an improved clone selection algorithm based on federated learning is proposed.Then,we analyze the threat model of the industrial Internet identity authentication scenario,and propose cross-domain authentication mechanism based on endogenous key and zero-knowledge proof.We conduct identity authentication experiments based on two types of blockchains and compare their experimental results.Based on the experimental analysis,Ethereum alliance blockchain can be used to provide the identity resolution services on the industrial Internet.Internet of Things Application(IOTA)public blockchain can be used for data aggregation analysis of Internet of Things(IoT)edge nodes.Finally,we propose three core challenges and solutions of endogenous security in industrial Internet and give future development directions.展开更多
The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security....The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.展开更多
Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"...Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"dark functions"such as system vulnerabilities and backdoors,and points out that endogenous security problems cannot be completely eliminated at the theoretical and engineering levels;rather,it is necessary to develop or utilize the endogenous security functions of the system architecture itself.In addition,this paper gives a definition for and lists the main technical characteristics of endogenous safety and security in cyberspace,introduces endogenous safety and security mechanisms and characteristics based on dynamic heterogeneous redundancy(DHR)architecture,and describes the theoretical implications of a coding channel based on DHR.展开更多
The sixth-generation mobile communication(6G)networks will face more complex endogenous security problems,and it is urgent to propose new universal security theories and establish new practice norms to deal with the&#...The sixth-generation mobile communication(6G)networks will face more complex endogenous security problems,and it is urgent to propose new universal security theories and establish new practice norms to deal with theªunknown unknownºsecurity threats in cyberspace.This paper first expounds the new paradigm of cyberspace endogenous security and introduces the vision of 6G cyberspace security.Then,it analyzes the security problems faced by the 6G core network,wireless access network,and emerging associated technologies in detail,as well as the corresponding security technology development status and the integrated development of endogenous security and traditional security.Furthermore,this paper describes the relevant security theories and technical concepts under the guidance of the new paradigm of endogenous security.展开更多
The open and broadcast nature of wireless channels leads to the inherent security problem of information leakage in wireless communication.We can utilize endogenous security functions to resolve this problem.The funda...The open and broadcast nature of wireless channels leads to the inherent security problem of information leakage in wireless communication.We can utilize endogenous security functions to resolve this problem.The fundamental solution is channel-based mechanisms,like physical layer secret keys.Unfortunately,current investigations have not fully exploited the randomness of wireless channels,making secret key rates not high.Consequently,user data can be encrypted by reducing the data rate to match the secret key rate.Based on the analysis of the endogenous wireless security principle,we proposed that the channel-based endogenous secret key rate can nearly match the maximum data rate in the fast-fading environments.After that,we validated the proposition in an instantiation system with multiple phase shift keying(MPSK)inputs from the perspectives of both theoretical analysis and simulation experiments.The results indicate that it is possible to accomplish the onetime pad without decreasing the data rate via channelbased endogenous keys.Besides,we can realize highspeed endogenously secure transmission by introducing independent channels in the domains of frequency,space,or time.The conclusions derived provide a new idea for wireless security and promote the application of the endogenous security theory.展开更多
Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is fac...Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is facing challenges.To solve the above problems,we propose a flexible and secure SDP mechanism named Mimic SDP(MSDP).MSDP consists of endogenous secure controllers and a dynamic gateway.The controllers avoid single point failure by heterogeneity and redundancy.And the dynamic gateway realizes flexible forwarding in programmable data plane by changing the processing of packet construction and deconstruction,thereby confusing the potential adversary.Besides,we propose a Markov model to evaluate the security of our SDP framework.We implement a prototype of MSDP and evaluate it in terms of functionality,performance,and scalability in different groups of systems and languages.Evaluation results demonstrate that MSDP can provide a secure connection of 93.38%with a cost of 6.34%under reasonable configuration.展开更多
The rapid development of deep learning(DL) models has been accompanied by various safety and security challenges, such as adversarial attacks and backdoor attacks.By analyzing the current literature on attacks and def...The rapid development of deep learning(DL) models has been accompanied by various safety and security challenges, such as adversarial attacks and backdoor attacks.By analyzing the current literature on attacks and defenses in DL, we find that the ongoing adaptation between attack and defense makes it impossible to completely resolve these issues.In this paper, we propose that this situation is caused by the inherent flaws of DL models,namely non-interpretability, non-recognizability, and non-identifiability. We refer to these issues as the Endogenous Safety and Security(ESS) problems. To mitigate the ESS problems in DL, we propose using the Dynamic Heterogeneous Redundant(DHR) architecture. We believe that introducing diversity is crucial for resolving the ESS problems. To validate the efectiveness of this approach, we conduct various case studies across multiple application domains of DL. Our experimental results confirm that constructing DL systems based on the DHR architecture is more efective than existing DL defense strategies.展开更多
To address the serious imbalance between the supply and demand of the cybersecurity workforce, this paper proposes to embrace the latest trend of a fundamental shift in the“underlying dynamics of the digital ecosyste...To address the serious imbalance between the supply and demand of the cybersecurity workforce, this paper proposes to embrace the latest trend of a fundamental shift in the“underlying dynamics of the digital ecosystem”, focusing on a shared liability for cybersecurity between the application side and the manufacturing side. Assuming that product providers shall take more responsibility by implementing secure defaults, this paper explores the establishment of an S&S talent cultivation system to strike the right balance of cybersecurity liabilities by nurturing more responsible developers. This paper proposes a Knowledge, Skill, and Awareness(KSA) model for Security and Safety(S&S) talent cultivation, proves the feasibility of this model by analyzing the theoretical, disciplinary, methodological, practical, and societal foundations of S&S talent cultivation. Additionally, this paper proposes principles and strategies for building a S&S talent cultivation system based on its unique characteristics and patterns. It gives a talent cultivation scheme, supported by an “Independent Knowledge System, Education and Cultivation System, Practice and Training system, Evaluation and Certification system,and Awareness Popularization System”. Finally, this paper puts forward a proposal for coordinating efforts and adopting multiple measures to accelerate the cultivation of S&S talents.展开更多
Recent advances in deep learning have led to disruptive breakthroughs in artificial intelligence(AI),fueling the jump in ChatGPT-like large language models(LLMs).As with any emerging technology,it is a two-sided coin,...Recent advances in deep learning have led to disruptive breakthroughs in artificial intelligence(AI),fueling the jump in ChatGPT-like large language models(LLMs).As with any emerging technology,it is a two-sided coin,bringing not only vast social impacts but also significant security concerns,especially in the socio-cognitive domain.Against this back-ground,this work starts with an inherent mechanism analysis of cognitive domain games,from which it proceeds to explore the security concerns facing the cognitive domain as well as to analyze the formation mechanisms of a cognitive immune system.Finally,inspired by behavioral mimicry in biology,this work will elaborate on new approaches to cognitive security from three aspects:Mimicry Computing,Mimicry Defense,and Mimicry Intelligence.展开更多
With the rapid development of information technology,data has become the cornerstone of digitalization,networking,and intelligence,profoundly impacting various sectors including production,distribution,circulation,con...With the rapid development of information technology,data has become the cornerstone of digitalization,networking,and intelligence,profoundly impacting various sectors including production,distribution,circulation,consumption,and social service management.As the core resource of the digital economy and information society,the economic and social value of big data is increasingly prominent,yet it has also become a prime target for cyberattacks.In the face of a complex and ever-changing data environment and advanced cyber threats,traditional big data security technologies such as Hadoop and other mainstream technologies are proving inadequate in ensuring data security and compliance.Consequently,cryptography-based technologies such as fully encrypted execution environments and efficient data encryption and decryption have emerged as new directions for security protection in the field of big data.This paper delves into the latest advancements and challenges in this area by exploring the current state of big data security,the principles of endogenous security technologies,practical applications,and future prospects.展开更多
The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical s...The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical system(CPS),functional safety and cyber security are increasingly intertwined and inseparable,which evolve into the generalized functional safety(S&S)problem.The conventional reliability and cybersecurity technologies are unable to provide security assurance with quanti able design and veri cation metrics in response to the cyberattacks in hardware and software with common endogenous security problems,and the functional safety of CPS facilities or device has become a frightening ghost.The dynamic heterogeneity redundancy(DHR)architecture and coding channel theory(CCT)proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner,and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation.As a generalized functional safety enabling structure,DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary elds of cyberspace.展开更多
In this paper,we propose a conjecture that endogenous security without any prior knowledge is similar to perfect secrecy without any prior knowledge.To prove the conjecture,we first establish a cryptography model of i...In this paper,we propose a conjecture that endogenous security without any prior knowledge is similar to perfect secrecy without any prior knowledge.To prove the conjecture,we first establish a cryptography model of instinct function security to transform the security problem in the network domain into an encryption problem in the cryptographic domain.Then,we inherit and apply the established ideas and means of Perfect Secrecy,and propose the concept,definition and corollaries of the perfect instinct function security(PIFS)corresponding to Perfect Secrecy.Furthermore,we take the DHR system as a concrete implementation of PIFS and propose the DHR Perfect Security Theorem corresponding to Shannon’s Perfect Secrecy Theorem.Finally,we prove that the DHR satisfying the“OneTime Reconstruction”constraint is the sufficient and necessary condition to achieve perfect security.This means that the existence of PIFS is also proven.The analysis shows that any reconfigurable system can be encrypted by its construct and that the PIFS converts the oneway transparent superiority of the attacker into a double-blind problem for both the attacker and the defender,which leads to that the attacker is impossible to obtain useful construction information from the attacks and unable to find a better way than blind trial-and-error or brute-force attacks.Since the attackers are required to have the new powerful ability to crack the structure cryptogram,the threshold of cyber security is raised to at least the same level as cryptogram deciphering,thereafter the ubiquitous cyber threats are destined to be significantly reduced.展开更多
According to the essential characteristic of industrial control system(ICS),endogenous safety and security(ESS)can be achieved by merging cyber security(CS)into functional safety(FS).In this paper,the basic principles...According to the essential characteristic of industrial control system(ICS),endogenous safety and security(ESS)can be achieved by merging cyber security(CS)into functional safety(FS).In this paper,the basic principles,functional requirements and protection architecture(TEMt)of ESS are proposed,and the successful experience of an electric power control system is introduced.展开更多
基金National Natural Science Foundation of China(No.61941114 and No.61521003)Key Universities and Academic Disciplines Contruction Project。
文摘The information security and functional safety are fundamental issues of wireless communications sytems.The endogenous security principle based on Dynamic Heterogeneous Redundancy provides a direction for the development of wireless communication security and safety technology.This paper introduces the concept of wireless endogenous security from the following four aspects.First,we sorts out the endogenous security problems faced by the current wireless communications system,and then analyzes the endogenous security and safety attributes of the wireless channel.After that,the endogenous security and safety structure of the wireless communications system is given,and finally the applications of the existing wireless communication endogenous security and safety functions are listed.
基金supported by the Science and Technology Project of State Grid Corporation of China under Grant Number 52094021N010 (5400-202199534A-05-ZN)。
文摘The integration of digital twin(DT)and 6G edge intelligence provides accurate forecasting for distributed resources control in smart park.However,the adverse impact of model poisoning attacks on DT model training cannot be ignored.To address this issue,we firstly construct the models of DT model training and model poisoning attacks.An optimization problem is formulated to minimize the weighted sum of the DT loss function and DT model training delay.Then,the problem is transformed and solved by the proposed Multi-timescAle endogenouS securiTy-aware DQN-based rEsouRce management algorithm(MASTER)based on DT-assisted state information evaluation and attack detection.MASTER adopts multi-timescale deep Q-learning(DQN)networks to jointly schedule local training epochs and devices.It actively adjusts resource management strategies based on estimated attack probability to achieve endogenous security awareness.Simulation results demonstrate that MASTER has excellent performances in DT model training accuracy and delay.
基金supported by the National Key Research and Development Program of China under Grant 2020YFB1804803the National Natural Science Foundation of China under Grant 61872382the Research and Development Program in Key Areas of Guangdong Province under Grant No.2018B010113001。
文摘The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become a promising solution to guarantee the Quality of Service(QoS).However, the current routing algorithms mainly focus on the QoS of the service, rarely considering the security requirement of flow. To realize the secure transmission of flows in SAGIN, we propose an intelligent flow forwarding scheme with endogenous security based on Mimic Defense(ESMD-Flow). In this scheme, SDN controller will evaluate the reliability of nodes and links, isolate malicious nodes based on the reliability evaluation value, and adapt multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths. In addition, in order to meet the security requirement of flows, we introduce the programming data plane to design a multiprotocol forwarding strategy for realizing the multiprotocol dynamic forwarding of flows. ESMD-Flow can reduce the network attack surface and improve the secure transmission capability of flows by implementing multipath routing and multi-protocol hybrid forwarding mechanism. The extensive simulations demonstrate that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while improving the network throughput and reducing the average packet delay.
基金supported by the National Key Research and Development Program of China(No.2018YFB0803403)Fundamental Research Funds for the Central Universities(Nos.FRF-AT-19-009Z and FRF-AT-20-11)from the Ministry of Education of China.
文摘With the rapid development of information technologies,industrial Internet has become more open,and security issues have become more challenging.The endogenous security mechanism can achieve the autonomous immune mechanism without prior knowledge.However,endogenous security lacks a scientific and formal definition in industrial Internet.Therefore,firstly we give a formal definition of endogenous security in industrial Internet and propose a new industrial Internet endogenous security architecture with cost analysis.Secondly,the endogenous security innovation mechanism is clearly defined.Thirdly,an improved clone selection algorithm based on federated learning is proposed.Then,we analyze the threat model of the industrial Internet identity authentication scenario,and propose cross-domain authentication mechanism based on endogenous key and zero-knowledge proof.We conduct identity authentication experiments based on two types of blockchains and compare their experimental results.Based on the experimental analysis,Ethereum alliance blockchain can be used to provide the identity resolution services on the industrial Internet.Internet of Things Application(IOTA)public blockchain can be used for data aggregation analysis of Internet of Things(IoT)edge nodes.Finally,we propose three core challenges and solutions of endogenous security in industrial Internet and give future development directions.
文摘The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.
基金supported by the National Natural Science Foundation Innovation Group Project(61521003)。
文摘Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"dark functions"such as system vulnerabilities and backdoors,and points out that endogenous security problems cannot be completely eliminated at the theoretical and engineering levels;rather,it is necessary to develop or utilize the endogenous security functions of the system architecture itself.In addition,this paper gives a definition for and lists the main technical characteristics of endogenous safety and security in cyberspace,introduces endogenous safety and security mechanisms and characteristics based on dynamic heterogeneous redundancy(DHR)architecture,and describes the theoretical implications of a coding channel based on DHR.
基金the National Key Research and Development Program of China(Nos.2020YFB1806607 and 2022YFB2902202)the National Natural Science Foundation of China(Nos.61521003 and 61701538)。
文摘The sixth-generation mobile communication(6G)networks will face more complex endogenous security problems,and it is urgent to propose new universal security theories and establish new practice norms to deal with theªunknown unknownºsecurity threats in cyberspace.This paper first expounds the new paradigm of cyberspace endogenous security and introduces the vision of 6G cyberspace security.Then,it analyzes the security problems faced by the 6G core network,wireless access network,and emerging associated technologies in detail,as well as the corresponding security technology development status and the integrated development of endogenous security and traditional security.Furthermore,this paper describes the relevant security theories and technical concepts under the guidance of the new paradigm of endogenous security.
基金funded by the National Key R&D Program of China under Grant 2017YFB0801903the National Natural Science Foundation of China under Grant 61871404,61701538,61521003Doctoral Fund of Ministry of Education of China under Grant 2019M663994。
文摘The open and broadcast nature of wireless channels leads to the inherent security problem of information leakage in wireless communication.We can utilize endogenous security functions to resolve this problem.The fundamental solution is channel-based mechanisms,like physical layer secret keys.Unfortunately,current investigations have not fully exploited the randomness of wireless channels,making secret key rates not high.Consequently,user data can be encrypted by reducing the data rate to match the secret key rate.Based on the analysis of the endogenous wireless security principle,we proposed that the channel-based endogenous secret key rate can nearly match the maximum data rate in the fast-fading environments.After that,we validated the proposition in an instantiation system with multiple phase shift keying(MPSK)inputs from the perspectives of both theoretical analysis and simulation experiments.The results indicate that it is possible to accomplish the onetime pad without decreasing the data rate via channelbased endogenous keys.Besides,we can realize highspeed endogenously secure transmission by introducing independent channels in the domains of frequency,space,or time.The conclusions derived provide a new idea for wireless security and promote the application of the endogenous security theory.
基金supported by the National Key Research and Development Program of China(Grant No.2022YFB2901304)。
文摘Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is facing challenges.To solve the above problems,we propose a flexible and secure SDP mechanism named Mimic SDP(MSDP).MSDP consists of endogenous secure controllers and a dynamic gateway.The controllers avoid single point failure by heterogeneity and redundancy.And the dynamic gateway realizes flexible forwarding in programmable data plane by changing the processing of packet construction and deconstruction,thereby confusing the potential adversary.Besides,we propose a Markov model to evaluate the security of our SDP framework.We implement a prototype of MSDP and evaluate it in terms of functionality,performance,and scalability in different groups of systems and languages.Evaluation results demonstrate that MSDP can provide a secure connection of 93.38%with a cost of 6.34%under reasonable configuration.
基金supported by the National Key Research and Development Program of China (Project No.2022YFB4500900)the Jiangsu Provincial Department of Science and Technology (Project No. ZL042401)
文摘The rapid development of deep learning(DL) models has been accompanied by various safety and security challenges, such as adversarial attacks and backdoor attacks.By analyzing the current literature on attacks and defenses in DL, we find that the ongoing adaptation between attack and defense makes it impossible to completely resolve these issues.In this paper, we propose that this situation is caused by the inherent flaws of DL models,namely non-interpretability, non-recognizability, and non-identifiability. We refer to these issues as the Endogenous Safety and Security(ESS) problems. To mitigate the ESS problems in DL, we propose using the Dynamic Heterogeneous Redundant(DHR) architecture. We believe that introducing diversity is crucial for resolving the ESS problems. To validate the efectiveness of this approach, we conduct various case studies across multiple application domains of DL. Our experimental results confirm that constructing DL systems based on the DHR architecture is more efective than existing DL defense strategies.
基金supported by the Chinese Academy of Engineering Strategic Research and Consulting Program (No. 2023-XZ-11)
文摘To address the serious imbalance between the supply and demand of the cybersecurity workforce, this paper proposes to embrace the latest trend of a fundamental shift in the“underlying dynamics of the digital ecosystem”, focusing on a shared liability for cybersecurity between the application side and the manufacturing side. Assuming that product providers shall take more responsibility by implementing secure defaults, this paper explores the establishment of an S&S talent cultivation system to strike the right balance of cybersecurity liabilities by nurturing more responsible developers. This paper proposes a Knowledge, Skill, and Awareness(KSA) model for Security and Safety(S&S) talent cultivation, proves the feasibility of this model by analyzing the theoretical, disciplinary, methodological, practical, and societal foundations of S&S talent cultivation. Additionally, this paper proposes principles and strategies for building a S&S talent cultivation system based on its unique characteristics and patterns. It gives a talent cultivation scheme, supported by an “Independent Knowledge System, Education and Cultivation System, Practice and Training system, Evaluation and Certification system,and Awareness Popularization System”. Finally, this paper puts forward a proposal for coordinating efforts and adopting multiple measures to accelerate the cultivation of S&S talents.
基金supported in part by National Key R&D Plan(2022YFB3102901)
文摘Recent advances in deep learning have led to disruptive breakthroughs in artificial intelligence(AI),fueling the jump in ChatGPT-like large language models(LLMs).As with any emerging technology,it is a two-sided coin,bringing not only vast social impacts but also significant security concerns,especially in the socio-cognitive domain.Against this back-ground,this work starts with an inherent mechanism analysis of cognitive domain games,from which it proceeds to explore the security concerns facing the cognitive domain as well as to analyze the formation mechanisms of a cognitive immune system.Finally,inspired by behavioral mimicry in biology,this work will elaborate on new approaches to cognitive security from three aspects:Mimicry Computing,Mimicry Defense,and Mimicry Intelligence.
文摘With the rapid development of information technology,data has become the cornerstone of digitalization,networking,and intelligence,profoundly impacting various sectors including production,distribution,circulation,consumption,and social service management.As the core resource of the digital economy and information society,the economic and social value of big data is increasingly prominent,yet it has also become a prime target for cyberattacks.In the face of a complex and ever-changing data environment and advanced cyber threats,traditional big data security technologies such as Hadoop and other mainstream technologies are proving inadequate in ensuring data security and compliance.Consequently,cryptography-based technologies such as fully encrypted execution environments and efficient data encryption and decryption have emerged as new directions for security protection in the field of big data.This paper delves into the latest advancements and challenges in this area by exploring the current state of big data security,the principles of endogenous security technologies,practical applications,and future prospects.
基金the National Natural Science Foundation Innovation Group Project(61521003).
文摘The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical system(CPS),functional safety and cyber security are increasingly intertwined and inseparable,which evolve into the generalized functional safety(S&S)problem.The conventional reliability and cybersecurity technologies are unable to provide security assurance with quanti able design and veri cation metrics in response to the cyberattacks in hardware and software with common endogenous security problems,and the functional safety of CPS facilities or device has become a frightening ghost.The dynamic heterogeneity redundancy(DHR)architecture and coding channel theory(CCT)proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner,and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation.As a generalized functional safety enabling structure,DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary elds of cyberspace.
基金supported by the National Natural Science Foundation of China(No.U22A2001)the National Key Research and Development Program under Grants 2022YFB2902205
文摘In this paper,we propose a conjecture that endogenous security without any prior knowledge is similar to perfect secrecy without any prior knowledge.To prove the conjecture,we first establish a cryptography model of instinct function security to transform the security problem in the network domain into an encryption problem in the cryptographic domain.Then,we inherit and apply the established ideas and means of Perfect Secrecy,and propose the concept,definition and corollaries of the perfect instinct function security(PIFS)corresponding to Perfect Secrecy.Furthermore,we take the DHR system as a concrete implementation of PIFS and propose the DHR Perfect Security Theorem corresponding to Shannon’s Perfect Secrecy Theorem.Finally,we prove that the DHR satisfying the“OneTime Reconstruction”constraint is the sufficient and necessary condition to achieve perfect security.This means that the existence of PIFS is also proven.The analysis shows that any reconfigurable system can be encrypted by its construct and that the PIFS converts the oneway transparent superiority of the attacker into a double-blind problem for both the attacker and the defender,which leads to that the attacker is impossible to obtain useful construction information from the attacks and unable to find a better way than blind trial-and-error or brute-force attacks.Since the attackers are required to have the new powerful ability to crack the structure cryptogram,the threshold of cyber security is raised to at least the same level as cryptogram deciphering,thereafter the ubiquitous cyber threats are destined to be significantly reduced.
文摘According to the essential characteristic of industrial control system(ICS),endogenous safety and security(ESS)can be achieved by merging cyber security(CS)into functional safety(FS).In this paper,the basic principles,functional requirements and protection architecture(TEMt)of ESS are proposed,and the successful experience of an electric power control system is introduced.
