Research On Security Evaluation Methods For Mimic Defense Systems

In recent years,the threats posed by network information systems such as zero-day vulnerability attacks and new types of network attacks such as APT have become increasingly serious.The traditional network security system mainly uses the static architecture,which can not effectively resist the attacker's continuous detection and zero-day vulnerability attacks,resulting in the situation of the network showing a vulnerable situation.Researchers all around the world are beginning to explore new security defense mechanisms such as moving target defense.Among them,Wu Jiangxing academicians proposed a new concept of network security defense.Network mimic defense mechanism Advocates to enhance the system's ability to withstand various cyber attacks including unknown means of attack by mimicking the "mimicry" in the biological world.Due to the characteristics of dynamic,heterogeneity and diversity introduced by the network mimicry defense systems,its security problem can not be completely analyzed and judged by the existing security assessment methods of the traditional information system.This paper first introduces and analyzes the mechanism and architecture of mimic defense,and then summarizes the research progress of the existing mimic defense systems security problems.On this basis,we further propose a mimic defense based on ontology System Security Modeling Methods.On the one hand,the methods realizes the relationship between the mimic systems and its dynamic heterogeneous implementation through the ontology,and solves the formal description problem of its containing and nested relations;on the other hand,it introduces the network security attributes,security vulnerabilities and mobile Attack surface and other related concepts,thus completing the mimicry defense system security model construction.Finally,through the test case scenario,the corresponding ontology instances are designed and supplemented by the corresponding security offensive and defensive rules written by SWRL,and the application process of the above model is expounded.The test cases show that by using the mimicry security ontology model proposed in this paper,the security of network mimicry defense systems can be effectively and automatically evaluated through the work of ontology reasoning engine.