内生安全支撑的新型网络体系结构与关键技术研究构想与成果展望

Research Framework and Anticipated Results of New Network Architecture and Key Technologies Supported by Endogenous Security

目前,网络威胁已进入未知威胁时代。然而,传统网络安全基于“马奇诺”式的静态被动防御,缺乏自主性以及自我演化进化的内生安全能力,对未知威胁基本上只能通过“打补丁”的方式事后弥补。这种亡羊补牢的处理方法往往伴随巨大的损失,必须寻求新的思路。网络安全保护系统与人体免疫系统具有惊人的相似性,免疫系统无需病毒先验知识,学习推演能力强,天生具备未知病毒的灭活能力。有鉴于此,本文以“未知威胁”为核心,以“人工免疫”为创新手段,紧紧围绕未知威胁环境下网络安全系统自身演进机理、未知威胁环境下网络自适应可信传输条件、不完备条件下未知威胁快速发现机制,以及不完备条件下未知威胁快速应对策略等四大关键科学问题,分别开展1个基础理论、3大关键技术及1套原型系统的研究。通过面向内生安全基于免疫的新型网络体系结构与基础理论,基于mRNA免疫的可信任网络寻址与路由控制技术、大规模动态可信行为分析与未知网络威胁发现技术、基于免疫的网络动态风险评估与控制技术等研究,突破传统网络安全以“打补丁”为主被动防御的技术瓶颈,藉此奠定内生安全免疫支撑的新型网络系统的基础理论和方法。通过构建一个面向内生安全基于免疫的新型网络原型系统,对研究成果进行技术验证,同时根据验证结果对所提出理论及方法进行改进和提高。通过上述研究实现以下5个方面创新:一是,面向内生安全的网络空间安全免疫体系结构;二是,基于mRNA免疫的可信任网络寻址与路由控制方法;三是,基于基因进化演化的未知网络威胁自适应发现方法;四是,基于人体体温预警机制的网络动态风险实时定量计算方法;五是,基于特异性免疫的快速动态反馈迭代网络风险控制方法。本研究成果对网络空间安全保护的科学研究、技术研发、产业发展等具有十分重要的理论意义和实际应用价值。

At present, network threats have entered the era of unknown threats. However, traditional network security is based on “Maginot” static passive defense, which lacks autonomy and endogenous security ability of self evolution. The unknown threats can only be remedied afterwards by “patching”. Yet, this method is often accompanied by huge losses, and new ideas should be sought. The network security protection system has striking similarities with the human immune system. The immune system does not require prior knowledge of viruses, has strong learning and deduction ability, and is born with the ability to inactivate unknown viruses. Inspired by immune system, with “unknown threat” as the core and “artificial immunity” as the innovative means, this research focused on four key scientific issues, including the evolution mechanism of network security system, network adaptive trusted transmission conditions, the rapid discovery mechanism of unknown threat, and the rapid response strategy of unknown threat. Meanwhile, a basic theory, three key technologies, and a prototype system were studied in this paper. Through the research on new network architecture and basic theory based on immunity for endogenous security, the mRNA immune-based trusted network addressing and routing control technology, the large-scale dynamic trusted behavior analysis and unknown network threat discovery technology,and the immune-based network dynamic risk assessment and control technology, the traditional “patch” passive defense network security technology bottleneck will be broken, thereby laying the basic theory and method of the new network system supported by endogenous security. Finally,by constructing a new immune-based network prototype system for endogenous security, the research results were technically verified, and the proposed theories and methods can be further improved according to the verification results. Through the above research, the following five innovations have been achieved: (1) the cyberspace security immune architecture for endogenous security, (2) the mRNA immune-based trusted network addressing and routing control method, (3) the adaptive discovery method of unknown network threats based on gene evolution, (4) the realtime quantitative calculation method of network dynamic risk based on human body temperature warning mechanism, (5) the rapid dynamic feedback iterative network risk control method based on specific immunity. The research results have important theoretical significance and practical application value for scientific research, technology research, and industrial development of cyberspace security protection.