主动防御的双结构网络  被引量：1

作　　者：尹浩[1] 郭东超 吕勇强[1] 杨鹏[2,3] 赵志为[4] 张尧学 Hao YIN;Dongchao GUO;Yongqiang LYU;Peng YANG;Zhiwei ZHAO;Yaoxue ZHANG(Research Institute of Information Technology (RHT),Tsinghua University,Beijing 100084,China;Future Network Research Center,Southeast University,Nanjing 211189,China;Key Laboratory of Computer Network and Information Integration (Southeast University),Ministry of Education,Nanjing 211189,China;College of Computer Science and Engineering,University of Electronic Science and Technology of China, Chengdu 611731,China;Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China)

机构地区：[1]清华大学信息技术研究院,北京100084 [2]东南大学未来网络研究中心,南京211189 [3]计算机网络和信息集成教育部重点实验室(东南大学),南京211189 [4]电子科技大学计算机科学与工程学院,成都611731 [5]清华大学计算机科学与技术系,北京100084

出　　处：《中国科学：信息科学》2018年第12期1651-1669,共19页Scientia Sinica(Informationis)

基　　金：国家重点研发计划(批准号:2016YFB1000102);国家自然科学基金(批准号:61672318;61631013)资助项目

摘　　要：网络空间安全攸关人类福祉与国家利益,但当前网络空间安全存在重大挑战:互联网体系结构具有优越的互联互通性和开放性,但也导致其安全问题无法彻底解决,处处设防却处处难防;传统安全防御机制依赖安全威胁的先验信息,难以应对不断演化的安全威胁.为了应对上述挑战,本文提出了一种新型网络空间安全防御理论体系:构建与互联网主结构平行的"动态、异构、冗余"的基于播存思想的次结构网络,辅助现有互联网体系结构而形成双结构网络;提出不依赖安全威胁先验信息的数据与知识联合驱动的新型主动防御机理;提出双网透明接入与前置主动防御技术等关键支撑技术.为改变我国网络空间安全领域受制于人、被动防御的现状,本文试图从演进式改变网络体系结构角度提出完备解决方案.Cyberspace security is vital to state interest. Recently, there are some challenges in cyber security.In architecture for instance, although protection mechanisms are introduced and applied everywhere, the modern network architecture(well connected and open) still has difficulty in completely ensuring cyber security. It is also observed that contemporary cyber security protection mechanism highly depends on the priori information of security threats and thus will hardly address unknown potential threats. In this paper, a novel cyberspace security protection framework is proposed. A dual-structural Internet scheme that integrates the current Internet architecture with a redundant secondary structure network characterized by its broad-storage scheme, heterogeneous structure, and dynamic protection mechanism is introduced. Also, a novel active defense mechanism that is knowledge-data driven and thus independent of the priori information of the security threat is proposed.Furthermore, some key techniques such as transparent access and prepositive active defense are introduced. The theoretical and technical work proposed in this paper offers a comprehensively evolutionary solution to constructing a cyberspace in which the protection mechanism is more independent and active.

关 键 词：双结构网络 主动防御 统一内容标签 透明接入 大数据 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]