logo

SCIENTIA SINICA Informationis, Volume 48, Issue 12: 1651-1669(2018) https://doi.org/10.1360/N112017-00171

Dual-structural network of active defense

More info
  • ReceivedAug 10, 2017
  • AcceptedJan 8, 2018
  • PublishedNov 27, 2018

Abstract

Cyberspace security is vital to state interest. Recently, there are some challenges in cyber security. In architecture for instance, although protection mechanisms are introduced and applied everywhere, the modern network architecture (well connected and open) still has difficulty in completely ensuring cyber security. It is also observed that contemporary cyber security protection mechanism highly depends on the priori information of security threats and thus will hardly address unknown potential threats. In this paper, a novel cyberspace security protection framework is proposed. A dual-structural Internet scheme that integrates the current Internet architecture with a redundant secondary structure network characterized by its broad-storage scheme, heterogeneous structure, and dynamic protection mechanism is introduced. Also, a novel active defense mechanism that is knowledge-data driven and thus independent of the priori information of the security threat is proposed. Furthermore, some key techniques such as transparent access and prepositive active defense are introduced. The theoretical and technical work proposed in this paper offers a comprehensively evolutionary solution to constructing a cyberspace in which the protection mechanism is more independent and active.


Funded by

国家重点研发计划(2016YFB1000102)

国家自然科学基金(61672318)

国家自然科学基金(61631013)


Acknowledgment

在此感谢东南大学李幼平院士的支持与指导.


Supplement

Appendix


References

[1] von Solms R, van Niekerk J. From information security to cyber security. Comput Secur, 2013, 38: 97-102 CrossRef Google Scholar

[2] Jacobson V, Smetters D K, Thornton J D, et al. Networking named content. In: Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, Rome, 2009. Google Scholar

[3] Braden R, Faber T, Handley M. From protocol stack to protocol heap. SIGCOMM Comput Commun Rev, 2003, 33: 17-22 CrossRef Google Scholar

[4] Lin C, Peng X H. Research on trustworthy networks. Chin J Comput, 2005, 28: 751--758. Google Scholar

[5] Wu J X, Lan J L, Cheng D N, et al. Novel Network Architecture. Beijing: Posts and Telecom Press, 2014. Google Scholar

[6] Jajodia S, Ghosh A K, Swarup V, et al. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Berlin: Springer Ebooks, 2011. Google Scholar

[7] Sheldon F T, Vishik C. Moving Toward Trustworthy Systems: R&. Google Scholar

[8] Wu J X. Meaning and vision of mimic computing and mimic security defense. Telecommun Sci, 2014, 30: 2--7. Google Scholar

[9] Majzoobi M, Koushanfar F, Potkonjak M. Techniques for design and implementation of secure reconfigurable PUFs. ACM Trans Reconfig Technol Syst, 2009, 2: 1-33 CrossRef Google Scholar

[10] Jiang X, Yau W Y. Fingerprint minutiae matching based on the local and global structures. In: Proceedings of International Conference on Pattern Recognition, Barcelona, 2000. 1038--1041. Google Scholar

[11] Gottesman D, Lo H K. From quantum cheating to quantum security. Phys Today, 2000, 53: 22-27 CrossRef ADS Google Scholar

[12] Endsley M R. Toward a theory of situation awareness in dynamic systems. Hum Factors, 1995, 37: 32-64 CrossRef Google Scholar

[13] Bandes R, Shimeall T, Heckathorn M, et al. Using SiLK for Network Traffic Analysis, Analyst's Handbook for SiLK Versions 3.8.3 and Later, 2014. http://tools.netsa.cert.org/silk/. Google Scholar

[14] Li D Y, Liu C Y, D Y, et al. Artificial Intelligence With Uncertainty. Beijing: National Defend Industry Press, 2014. Google Scholar

[15] Gollmann D. Computer security. WIREs Comput Stat, 2010, 2: 544-554 CrossRef Google Scholar

[16] Yang P, Li Y P. On the complementary binary future Internet architecture. Complex Syst Complex Sci, 2014, 11: 53--59. Google Scholar

[17] Yang P, Li Y P. Secondary structure of future Internet based on broadcast-storage concept. Complex Syst Complex Sci, 2015, 12: 18--22. Google Scholar

[18] Li Y P, Yang P. New mechanism for sharing cultural bigdata. China Comput Soc Newsl, 2013, 9: 36--40. Google Scholar

[19] Wang X F, Li X, Chen G R. Complex Networks Theory and Its Application. Beijing: Tsinghua University Press, 2006. Google Scholar

[20] Van Mieghem P, Omic J, Kooij R. Virus spread in networks. IEEE/ACM Trans Netw, 2009, 17: 1-14 CrossRef Google Scholar

[21] Van Mieghem P, Cator E. Epidemics in networks with nodal self-infection and the epidemic threshold. Phys Rev E, 2012, 86: 016116 CrossRef PubMed ADS Google Scholar

[22] Wang Z T, Wang Z P. Elementary study of supernetworks. Chin J Manage, 2008, 5: 1--8. Google Scholar

[23] Kivela M, Arenas A, Barthelemy M. Multilayer networks. J Complex Netw, 2014, 2: 203-271 CrossRef Google Scholar

[24] Xing L, Ma J G, Ma W D. Information Sharing Theory and Network Architecture. Beijing: Scicene Press, 2011. Google Scholar

[25] Fronczak A, Fronczak P, Holyst J A. Average path length in random networks. Phys Rev E, 2004, 70: 056110 CrossRef PubMed ADS Google Scholar

[26] Cohen R, Havlin S. Scale-free networks are ultrasmall. Phys Rev Lett, 2003, 90: 058701 CrossRef PubMed ADS Google Scholar

[27] Boguna M, Krioukov D. Navigating ultrasmall worlds in ultrashort time. Phys Rev Lett, 2009, 102: 058701 CrossRef PubMed ADS arXiv Google Scholar

Copyright 2019 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有

京ICP备18024590号-1