面向智算融合网络的自主防御范式研究  被引量：1

作　　者：刘颖[1,2] 夏雨 于成晓 张维庭 汪润虎 张宏科 LIU Ying;XIA Yu;YU Cheng-xiao;ZHANG Wei-ting;WANG Run-hu;ZHANG Hong-ke(School of Electronic and Information Engineering,Beijing Jiaotong University,Beijing 100044,China;Peng Cheng Laboratory,Shenzhen,Guangdong 518055,China;The 28TH Research Institute,China Electronics Technology Group Corporation,Nanjing,Jiangsu 210007,China)

机构地区：[1]北京交通大学电子信息工程学院,北京100044 [2]鹏城实验室,广东深圳518055 [3]中国电子科技集团有限公司第二十八研究所,江苏南京210007

出　　处：《电子学报》2024年第5期1432-1441,共10页Acta Electronica Sinica

基　　金：鹏城实验室重大项目;国家重点研发计划(No.2022ZD0115301);国家自然科学基金(No.62201029);中国博士后科学基金(No.2022M710007,No.BX20220029)。

摘　　要：随着数字经济时代算力供给模式的变革,以算力为核心的新型网络基础设施已成为实现算力资源共享、支撑数字经济转型的重要动力.在算力网络中,多元异构用户终端通过多种方式高频接入网络以随时随地获取算力服务,网络的开放性和动态性增大,算力网络将面临更严峻的安全挑战.然而,基于传统网络的安全防御模式通常针对具体安全问题静态式增补安全防护组件,无法主动适配用户需求灵活调整防御策略,难以应对算力网络中的安全风险.因此,本文面向新型算力网络安全需求,将安全功能作为网络内部属性,基于智算融合网络提出一种多维协同自主防御范式.结合智算融合网络“三层”“三域”的设计思想,在“三层”中,以广义服务层定义安全固有服务,以映射适配层智慧适配安全功能,以融合组件层执行安全策略;在“三域”中,以实体域先导资源适配,以知识域驱动安全服务流程,以感控域实施具体安全技术,构建“检测”“溯源”“防御”三维一体的完整基础管控流程,其中安全策略与技术可根据场景扩展性与业务安全性进行灵活调整.最终,通过仿真实验对所提范式有效性进行了验证,为未来智算融合安全的进一步研究和应用提供参考.With the transformation of the computing power supply pattern in the digital economy era,the new network infrastructure with computing power as the core has become an important driving force to realize the sharing of computing power resources and support the digital economy transformation.In the computing power network,multiple heterogeneous user terminals access the network frequently in various ways to obtain computing power services anytime and anywhere,which increases the openness and dynamics of the network.Hence,the computing power network will face more severe security challenges.However,the traditional network-based security defense pattern usually statically supplements security protection components for specific security issues,which cannot actively adapt to user needs to adjust defense strategies flexibly,which is difficult to deal with security risks in computing-network integration scenarios.Therefore,facing the security requirements of the new computing power network,this paper regards security as the internal attribute of the network and proposes a multi-dimensional collaborative autonomous defense paradigm based on the smart computing integration networks,which combines the design of“three layers”and“three domains”of the network.In the“three layers”,this paper defines the security inherent service at the generalized service layer,adapts the security function at the mapping adaptation layer,and executes the security strategy at the fusion component layer.In the“three domains”,the resource adaptation is guided by the entity domain,the security service process is driven by the knowledge domain,and the specific security technologies are implemented by the sense control domain.It constructs a basic management and control process that integrates“detection”,“trace”,and“defense”,in which security policies and technologies can be flexibly adjusted according to scenario scalability and business security.Finally,the proposed paradigm is verified through simulation experiments,and

关 键 词：智算融合网络 算力网络 自主防御 防御范式 网络攻击 

分 类 号：TP303[自动化与计算机技术—计算机系统结构]