基于网络动态全流量分析的未知威胁发现  被引量：2

作　　者：余荣威[1,2] 王永 赵波[1] 赵健[1] Yu Rongwei;Wang Yong;Zhao Bo;Zhao Jian(School of Cyber Science and Engineering,Wuhan University,Wuhan Hubei,430072;Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,Wuhan Hubei,430072)

机构地区：[1]武汉大学国家网络安全学院,湖北武汉430072 [2]空天信息安全与可信计算教育部重点实验室,湖北武汉430072

出　　处：《工业信息安全》2022年第6期38-45,共8页Industry Information Security

摘　　要：目前,全球网络安全已步入未知威胁时代,大型网络动态流量安全分析仪器是国家网络安全的基石,具有不可替代的重要性。如何快速分析、发现网络流量中对我国家安全有害的恶意网络行为,特别是未知攻击,是当下我国家网络安全亟待解决的重大战略需求。传统网络流量安全分析需要攻方武器完整的先验知识,然而对于未知威胁,防守方几乎不可能做到此事。于是,传统方法就此陷入一个难以逾越的技术瓶颈,需要另辟蹊径。本文通过内生安全理念,模拟免疫系统未知病毒识别机理,形成先验知识不完备条件下未知威胁的快速发现、快速追踪、以及快速表征等三大创新能力,藉此突破传统方法在未知威胁分析方面的技术瓶颈,分析具备未知威胁发现能力的网络动态流量安全分析平台的发展趋势,将从理论和实战两方面促进我国网络安全科技进步,意义重大而深远。Currently,global network security has entered the era of unknown threats.How to quickly analyze and find malicious behaviors,especially unknown attacks,which are armful to the national security in network traffic has become a major strategic need demanding to be solved for the national network security.Traditional network traffic security analysis equires the complete prior knowledge of the attacks.However,for unknown threats,it is basically difficult or even impossible to obtain such prior information.As a result,traditional methods have fallen into an insurmountable technical bottleneck,which provokes the need to find a new solution.Our project simulates the recognition mechanism of unknown viruses in the human immune system.By deducing and predicting unknown attacks from the evolution of the gene fragments of typical network threats,we are able to achieve three major innovations including rapid detection,traceability,and characterization of unknown network threats under the condition of incomplete prior knowledge,which breaks through the technical bottleneck of traditional methods in unknown threat analysis.On this basis,we aim to develop a large-scale equipment for adaptive network dynamic traffic security analyzer,and deploy it in practical applications.Large-scale network dynamic traffic security analyzer,as the cornerstone of national network security,is of irreplaceable importance.The evelopment of the network dynamic traffic security analyzer with the ability to detect unknown threats will promote the scientific and technological progress of national network security,which is of great and far-reaching significance.

关 键 词：网络内生安全 未知威胁发现 动态流量分析 模拟免疫系统 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]