网络安全主动防御技术:策略、方法和挑战  

作　　者：扈红超[1] 隋嘉祺 张帅[1] 仝玉 HU Hongchao;SUI Jiaqi;ZHANG Shuai;TONG Yu(Institute of Information Technology,University of Information Engineering,Zhengzhou 450001,China)

机构地区：[1]信息工程大学信息技术研究所,郑州450001

出　　处：《计算机科学》2024年第S02期819-831,共13页Computer Science

基　　金：国家自然科学基金(62072467,62002383);国家重点研发计划(2021YFB1006200);河南省重大科技专项(221100211200)。

摘　　要：随着人工智能、云计算、大数据和物联网等新兴技术的迅速发展,网络安全形势变得日益严峻。然而,传统防御手段(如病毒查杀、漏洞扫描、入侵检测、身份认证、访问控制等)已无法有效抵御日益多样化的网络攻击,网络空间的防御与攻击之间出现了明显的不对称。为了扭转这种“易攻难守”的被动局面,学术界积极推动研发主动防御技术。其中,移动目标防御、欺骗防御和拟态防御3种技术发展迅速并日趋成熟。然而,目前很少有相关文献系统地归纳3种主流主动防御技术,也没有对3种技术进行横向对比和优劣分析。为了弥补这一空缺,对3种主动防御技术的研究成果进行了全面而系统的调查。首先,分别介绍了3种主动防御技术的概念、策略和方法,并根据研究内容的不同,对已有的研究成果进行分类。然后,对3种主动防御技术进行横向对比,分析它们之间的异同和优劣,并探讨如何将它们相互结合和补充,以增强主动防御技术的防护性能。最后,对3种主动防御技术面临的挑战和未来的发展趋势进行阐述。Emerging technologies like artificial intelligence(AI),cloud computing,big data,and the Internet of Things(IoT)are developing quickly,making cybersecurity a vital issue.There is a clear asymmetry between cyberspace defense and attack,as the more sophisticated cyberattacks are beyond the reach of conventional defense strategies like intrusion detection,vulnerability scanning,virus detection,authentication,access control,etc.To counteract this state of passive vulnerability-which is“easy to attack but hard to defend”-academics have been actively pushing the study and creation of proactive defense technologies.Three such technologies—moving target defense,deception defense,and mimic defense-are maturing and developing quickly.Unfortunately,there is currently a dearth of literature that systematically summarizes the three proactive defensive mainstream technologies;additionally,there is no analysis of the advantages and disadvantages of the three technologies,nor a horizontal comparison.This work fills this vacuum by conducting a thorough and methodical evaluation of the research findings about the three proactive defensive strategies.Initially,the concepts,techniques,and methods of the three proactive defensive technologies are presented in their respective orders,and the current research findings are classified based on the various study topics.Subsequently,a horizontal comparison of the three proactive defense systems is conducted to examine their shared and unique characteristics,benefits and drawbacks,and potential synergies and complementarities that could improve the overall protection efficacy of these technologies.Lastly,the three proactive defensive technologies’difficulties and potential directions are discussed.

关 键 词：主动防御 动态防御 移动目标防御 欺骗防御 拟态防御 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]