Onto CSD: an ontology-based security model for an integrated solution of cyberspace defense

The construction of an integrated solution for cyberspace defense with dynamic, flexible, and intelligent features is a new idea. To solve the problem whereby traditional static protection methods cannot respond to various network attacks or security demands in an adversarial network environment in time, and to form a complete integrated solution from “threat discovery” to “decision-making generation,” we propose an ontology-based security model, Onto CSD, for an integrated solution of cyberspace defense that uses Web ontology language(OWL) to represent the ontology classes and relationships of threat monitoring, decision-making, response, and defense in cyberspace, and uses semantic Web rule language(SWRL) to design the defensive reasoning rules. Onto CSD can discover potential relationships among network attacks, vulnerabilities, the security state, and defense strategies. Further, an artificial intelligence(AI) expert system based on case-based reasoning(CBR) is used to quickly generate a detailed and comprehensive decision-making scheme. Finally, through Kendall ' s coefficient of concordance(W) and four experimental cases in a typical computer network defense(CND) system, which reasons on represented facts and the ontology, Onto CSD ' s consistency and its feasibility to solve the issues in the field of cyberspace defense are validated. Onto CSD supports automatic association and reasoning, and provides an integrated solution framework of cyberspace defense.

Research on Cyberspace Mimic Defense Based on Dynamic Heterogeneous Redundancy Mechanism

With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.

Security-as-a-Service with Cyberspace Mimic Defense Technologies in Cloud

Users usually focus on the application-level requirements which are quite friendly and direct to them.However,there are no existing tools automating the application-level requirements to infrastructure provisioning and application deployment.Although some security issues have been solved during the development phase,the undiscovered vulnerabilities remain hidden threats to the application’s security.Cyberspace mimic defense(CMD)technologies can help to enhance the application’s security despite the existence of the vulnerability.In this paper,the concept of SECurity-as-a-Service(SECaaS)is proposed with CMD technologies in cloud environments.The experiment on it was implemented.It is found that the application’s security is greatly improved to meet the user’s security and performance requirements within budgets through SECaaS.The experimental results show that SECaaS can help the users to focus on application-level requirements(monetary costs,required security level,etc.)and automate the process of application orchestration.