Endogenous security architecture of Ethernet switch based on mimic defense

Ke SONE; Qinrang LIU; Shuai WEI; Wenjian ZHANG; Libo TAN

doi:10.11959/j.issn.1000-436x.2020098

您当前的位置：

首页 >

文章列表页 >

Endogenous security architecture of Ethernet switch based on mimic defense

Papers | 更新时间：2024-06-05

- Endogenous security architecture of Ethernet switch based on mimic defense
- Journal on Communications Vol. 41, Issue 5, Pages: 18-26(2020)
- 作者机构：
  
  1. 信息工程大学信息技术研究所，河南郑州 450002
  2. 天津市滨海新区信息技术创新中心，天津 300450
- 作者简介：
- 基金信息：
  
  National Core Zlectronic Devices,High-End Generic Chips and Basic Software Major Project(2017ZX01030301)
- DOI：10.11959/j.issn.1000-436x.2020098
  CLC： TP309
- Online First：2020-05，
  
  Published：25 May 2020
- 稿件说明：
移动端阅览
Ke SONE, Qinrang LIU, Shuai WEI, et al. Endogenous security architecture of Ethernet switch based on mimic defense[J]. Journal on Communications, 2020, 41(5): 18-26.
DOI：

Ke SONE, Qinrang LIU, Shuai WEI, et al. Endogenous security architecture of Ethernet switch based on mimic defense[J]. Journal on Communications, 2020, 41(5): 18-26. DOI： 10.11959/j.issn.1000-436x.2020098.

摘要

针对以太网交换机面临的未知漏洞和未知后门安全威胁，提出了一种基于拟态防御理论的交换机内生安全体系结构。介绍了所提体系结构的理论基础、构建方式、安全机理；提出并分析了TAMA的算法策略及安全提升效果；设计实现了拟态交换机原型样机并进行了白盒插桩及攻击链安全性测试。理论分析及测试结果表明，在各种攻击场景下，所提体系结构具有良好的未知漏洞和未知后门防御能力。

Abstract

Aiming at the unknown vulnerabilities and unknown backdoor security threats faced by Ethernet switches

a switch endogenous security architecture based on mimicry defense theory was proposed.The theoretical basis

construction mode and security mechanism of the architecture ware introduced

the algorithm strategy and security improvement effect of TAMA algorithm were proposed and analyzed

a prototype of mimic switch was designed and implemented

and the security tests of white box stuffing and attack chain were carried out.Theoretical analysis and test results show that the architecture has good unknown vulnerabilities and unknown backdoor defense capabilities in various attack scenarios.

关键词

Keywords

references

舒晓慧 , 金小晰 , 吴瑶 . 网络交换机的安全威胁与防范 [J ] . 网络安全技术与应用 , 2014 ( 10 ): 130 - 131 .

SHU X H , JIN X X , WU Y . Security treats and prevention of a network switch [J ] . Network Security Technology ＆ Application , 2014 ( 10 ): 130 - 131 .

武泽慧 , 魏强 , 任开磊 , 等 . 基于 OpenFlow 交换机洗牌的 DDoS攻击动态防御方法 [J ] . 电子与信息学报 , 2017 , 39 ( 2 ): 397 - 404 .

WU Z H , WEI Q , REN K L , et al . Dynamic defense for DDoS attack using OpenFlow-based switch shuffling approach [J ] . Journal of Electronics ＆ Information Technology , 2017 , 39 ( 2 ): 397 - 404 .

YAN Q , YU F R , GONG Q , et al . Software-defined networking (SDN)and distributed denial of service (DDoS) attacks in cloud computing environments:a survey,some research issues,and challenges [J ] . IEEE Communications Surveys ＆ Tutorials , 2016 , 18 ( 1 ): 602 - 622 .

ZHUANG R , DELOAC H , SCOTT A , et al . A model for analyzing the effect of moving target defenses on enterprise networks [C ] // Proceedings of the 9th Annual Cyber and Information Security Research Conference . New York:ACM Press , 2014 : 73 - 76 .

FENG X T , ZHENG Z Z , DERYA C , et al . A signaling game model for moving target defense [C ] // IEEE INFOCOM 2017-IEEE Conference on Computer Communications . Piscataway:IEEE Press , 2017 : 1 - 4 .

ZAFFARANO K , TAYLOR J , HAMILTON S . A quantitative framework for moving target defense effectiveness evaluation [J ] . Association for Computing Machinery , 2015 ( 10 ): 3 - 11 .

邬江兴 . 拟态计算和拟态安全防御的原意和愿景 [J ] . 电信科学 , 2014 , 30 ( 7 ): 1 - 7 .

WU J X . Meaning and vision of mimic computing and mimic security defense [J ] . Telecommunications Science , 2014 , 30 ( 7 ): 1 - 7 .

扈红超 , 陈福才 , 王禛鹏 . 拟态防御 DHR 模型若干问题探讨和性能评估 [J ] . 信息安全学报 , 2016 , 1 ( 4 ): 40 - 51 .

HU H C , CHEN F C , WANG S P . Performance evaluations on DHR for cyberspace mimic defense [J ] . Journal of Cyber Security , 2016 , 1 ( 4 ): 40 - 51 .

仝青 , 张铮 , 张为华 , 等 . 拟态防御 Web 服务器设计与实现 [J ] . 软件学报 , 2017 , 28 ( 4 ): 883 - 897 .

TONG Q , ZHANG Z , ZHANG W H , et al . Design and implementation of mimic defense Web server [J ] . Journal of Software , 2017 , 28 ( 4 ): 883 - 897 .

马海龙 , 伊鹏 , 江逸茗 , 等 . 基于动态异构冗余机制的路由器拟态防御体系结构 [J ] . 信息安全学报 , 2017 , 2 ( 1 ): 29 - 42 .

MA H L , YI P , JIANG Y M , et al . Dynamic heterogeneous redundancy based router architecture with mimic defenses [J ] . Journal of Cyber Security , 2017 , 2 ( 1 ): 29 - 42 .

魏帅 , 于洪 , 顾泽宇 , 等 . 面向工控领域的拟态安全处理机架构 [J ] . 信息安全学报 , 2017 , 2 ( 1 ): 54 - 74 .

WEI S , YU H , GU Z Y , et al . Architecture of mimic security processor for industry control system [J ] . Journal of Cyber Security , 2017 , 2 ( 1 ): 54 - 74 .

邬江兴 . 网络空间拟态防御导论 [M ] . 北京 : 科学出版社 , 2017 .

WU J X . Introduction to cyberspace mimetic defense [M ] . Beijing : Science PressPress , 2017 .

Views

2778

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Adaptive defense model for critical assets against unknown network threats

Executive dynamic scheduling algorithm based on high-order heterogeneity

Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition

Secure interface architecture for the software defined system on wafer

Research on mimic decision method based on deep learning

Related Author

ZHANG Jin

CAO Jiuxin

ZHOU Ding

LIU Bo

HAO Xiaorong

Jianhui ZHANG

Hongyong JIA

Yunfei PAN

Related Institution

Purple Mountain Laboratories

School of Cyber Science and Engineering, Southeast University

School of Cyber Science and Engineering, Zhengzhou University

National Digital Switching System Engineering ＆ Technological R＆D Center

Hangzhou Innovation Institute, Beihang University

AI问答

⁰