| Nowadays,information technology develops rapidly.The security problem of cyberspace is becoming more and more serious.Unknown vulnerabilities,backdoors and other security threats in information systems cannot be eliminated.Traditional defense technology must have prior knowledge in order to be effective,it's the defense of "mend the fold after the sheep have been stolen".Cyber Mimic Defense(CMD),proposed by Wu Jiangxing who is academician of Chinese Academy of Engineering,is a revolutionary defense technology of "changing the rules of the game" initiated in China.Dynamic Heterogeneous Redundancy(DHR)is the core architecture of CMD.The information system using CMD mechanism has endogenous high security and reliability.It can deal with security threats which based on unknown vulnerabilities and backdoors and effectively resist attackers' attacks.At present,as a new defense technology,the theoretical system and specific application of CMD still have many problems to be further studied.In this paper,the theoretical model and application of CMD were studied.The main tasks completed are as follows:1)A theoretical model of CMD was proposed.At present,CMD theory has not established a generally accepted mathematical model.Therefore,a mathematical model of Large Number Convolutional Mimic Defense(LNCMD)was proposed in this paper.Firstly,the mathematical knowledge which LNCMD model needed was introduced.Then,the framework,components and rules of LNCMD model were given.Based on model components,LNCMD model logically divided the CMD system into three layers.Finally,the working mechanism of three layers of LNCMD model was elaborated in detail.In this paper,the LNCMD model was simulated in a specially designed simulation environment,and the simulation results were analyzed and evaluated.It shows that LNCMD model is an intuitive and special mathematical model of CMD,which can transform the cyberspace attack-defense game problem into corresponding mathematical problems.2)A organization structure of CMD based on function slice and a method of evaluating security level were proposed.At present,the implementation of the CMD mechanism focuses on the full stack of the system,which has the problems of complexity and high cost.Due to the controllability of the application layer,it is convenient to introduce CMD mechanism in this layer.Therefore,in the application layer,a business function was segmented and sliced,and then DHR architecture was introduced to construct a organization structure of CMD based on functional slice in this paper.At the same time,this paper proposed a method of evaluating the security level of CMD,and used this method to analyze and evaluate the proposed organization structure of CMD.Finally,the feasibility and security of the organization structure were verified by experimental tests. |
PDF Full Text Request