摘要
欺骗防御作为主动防御中最具发展前景的技术,帮助防御者面对高隐蔽未知威胁化被动为主动,打破攻守间天然存在的不平衡局面.面对潜在的威胁场景,如何利用欺骗防御技术有效地帮助防御者做到预知威胁、感知威胁、诱捕威胁,均为目前需要解决的关键问题.博弈理论与攻击图模型在主动防御策略制定、潜在风险分析等方面提供了有力支撑,总结回顾了近年来二者在欺骗防御中的相关工作.随着大模型技术的快速发展,大模型与网络安全领域的结合也愈加紧密,通过对传统欺骗防御技术的回顾,提出了一种基于大模型的智能化外网蜜点生成技术,实验分析验证了外网蜜点捕获网络威胁的有效性,与传统Web蜜罐相比较,在仿真性、稳定性与灵活性等方面均有所提升.为增强蜜点间协同合作、提升对攻击威胁的探查与感知能力,提出蜜阵的概念.针对如何利用蜜点和蜜阵技术,对构建集威胁预测、威胁感知和威胁诱捕为一体的主动防御机制进行了展望.
Deception defense,as the most promising technology in proactive defense,aids defenders in facing highly covert and unknown threats,turning passivity into proactivity,and breaking the inherent imbalance between offense and defense.In the face of potential threat scenarios,how to effectively use deception defense technology to help defenders anticipate threats,perceive threats,and entrap threats,is a key issue that currently need to be addressed.Game theory and attack graph models provide strong support in formulating active defense strategies and analyzing potential risks.We summarize and review the recent work of both in the realm of deception defense.With the rapid development of large language model technology and its increasingly close integration with the field of cybersecurity,we review traditional deception defense technology and propose a large language model-based intelligent external network HoneyPoint generation technique.Experimental analysis validates the effectiveness of external network HoneyPoint in capturing network threats,showing improvements over traditional Web honeypots in aspects like simulation,stability,and flexibility.To enhance the collaborative cooperation between HoneyPoints and improve the capabilities for threatening exploration and perception,the concept of Honey-Landscape is introduced.We provide an outlook on how to utilize HoneyPoint and Honey-Landscape technologies to construct an integrated active defense mechanism that includes threat prediction,threat perception,and threat entrapment.
作者
王瑞
阳长江
邓向东
刘园
田志宏
Wang Rui;Yang Changjiang;Deng Xiangdong;Liu Yuan;Tian Zhihong(Cyberspace Institute of Advanced Technology,Guangzhou University,Guangzhou 510799)
出处
《计算机研究与发展》
EI
CSCD
北大核心
2024年第5期1230-1249,共20页
Journal of Computer Research and Development
基金
国家自然科学基金项目(U20B2046)
国家重点研发计划项目(2021YFB2012402)
广东省高校珠江学者资助计划(2019)。
关键词
欺骗防御
大语言模型
攻击图
博弈论
蜜点
蜜阵
deception defense
large language model
attack graph
game theory
HoneyPoint
Honey-Landscape
