摘要
目前,全球网络安全已步入未知威胁时代,大型网络动态流量安全分析仪器是国家网络安全的基石,具有不可替代的重要性。如何快速分析、发现网络流量中对我国家安全有害的恶意网络行为,特别是未知攻击,是当下我国家网络安全亟待解决的重大战略需求。传统网络流量安全分析需要攻方武器完整的先验知识,然而对于未知威胁,防守方几乎不可能做到此事。于是,传统方法就此陷入一个难以逾越的技术瓶颈,需要另辟蹊径。本文通过内生安全理念,模拟免疫系统未知病毒识别机理,形成先验知识不完备条件下未知威胁的快速发现、快速追踪、以及快速表征等三大创新能力,藉此突破传统方法在未知威胁分析方面的技术瓶颈,分析具备未知威胁发现能力的网络动态流量安全分析平台的发展趋势,将从理论和实战两方面促进我国网络安全科技进步,意义重大而深远。
Currently,global network security has entered the era of unknown threats.How to quickly analyze and find malicious behaviors,especially unknown attacks,which are armful to the national security in network traffic has become a major strategic need demanding to be solved for the national network security.Traditional network traffic security analysis equires the complete prior knowledge of the attacks.However,for unknown threats,it is basically difficult or even impossible to obtain such prior information.As a result,traditional methods have fallen into an insurmountable technical bottleneck,which provokes the need to find a new solution.Our project simulates the recognition mechanism of unknown viruses in the human immune system.By deducing and predicting unknown attacks from the evolution of the gene fragments of typical network threats,we are able to achieve three major innovations including rapid detection,traceability,and characterization of unknown network threats under the condition of incomplete prior knowledge,which breaks through the technical bottleneck of traditional methods in unknown threat analysis.On this basis,we aim to develop a large-scale equipment for adaptive network dynamic traffic security analyzer,and deploy it in practical applications.Large-scale network dynamic traffic security analyzer,as the cornerstone of national network security,is of irreplaceable importance.The evelopment of the network dynamic traffic security analyzer with the ability to detect unknown threats will promote the scientific and technological progress of national network security,which is of great and far-reaching significance.
作者
余荣威
王永
赵波
赵健
Yu Rongwei;Wang Yong;Zhao Bo;Zhao Jian(School of Cyber Science and Engineering,Wuhan University,Wuhan Hubei,430072;Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,Wuhan Hubei,430072)
出处
《工业信息安全》
2022年第6期38-45,共8页
Industry Information Security
关键词
网络内生安全
未知威胁发现
动态流量分析
模拟免疫系统
Cyberspace Endogenous Security
Unknown Threat Discovery
Dynamic Traffic Analysis
Simulated Immune System