Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.Howe...Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.展开更多
In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers ha...In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers have studied the Cyber Mimic Defense(CMD)technologies of the cloud services.However,there is a shortage of tools that enable researchers to evaluate their newly proposed cloud service CMD mechanisms,such as scheduling and decision mechanisms.To fill this gap,we propose MimicCloudSim as a mimic cloud service simulation system based on the basic functionalities of CloudSim.MimicCloudSim supports the simulation of dynamic heterogeneous redundancy(DHR)structure which is the core architecture of CMD technology,and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper,we firstly describes the architecture and implementation of MimicCloudSim,and then discusses the simulation process.Finally,we demonstrate the capabilities of MimicCloudSim by using a decision mechanism.In addition,we tested the performance of MimicCloudSim,the conclusion shows that MimicCloudSim is highly scalable.展开更多
基金supported by the Financial and Science Technology Plan Project of Xinjiang Production and Construction Corps,under grants No.2020DB005 and No.2017DB005supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions fund.
文摘Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.
基金This work was supported by the National Science and Technology Major Project of China(No.2018ZX03002002)the Foundation for Innovative Research Groups of the National Natural Science Foundation of China(No.61521003).
文摘In recent years,an increasing number of application services are deployed in the cloud.However,the cloud platform faces unknown security threats brought by its unknown vulnerabilities and backdoors.Many researchers have studied the Cyber Mimic Defense(CMD)technologies of the cloud services.However,there is a shortage of tools that enable researchers to evaluate their newly proposed cloud service CMD mechanisms,such as scheduling and decision mechanisms.To fill this gap,we propose MimicCloudSim as a mimic cloud service simulation system based on the basic functionalities of CloudSim.MimicCloudSim supports the simulation of dynamic heterogeneous redundancy(DHR)structure which is the core architecture of CMD technology,and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper,we firstly describes the architecture and implementation of MimicCloudSim,and then discusses the simulation process.Finally,we demonstrate the capabilities of MimicCloudSim by using a decision mechanism.In addition,we tested the performance of MimicCloudSim,the conclusion shows that MimicCloudSim is highly scalable.