网络空间内生安全试验场管理技术

朱泓艺; 陆肖元; 李毅

doi:10.11959/j.issn.1000-0801.2021048

您当前的位置：

首页 >

文章列表页 >

网络空间内生安全试验场管理技术

专题：内生安全 | 更新时间：2024-06-05

- 网络空间内生安全试验场管理技术
- Management technologies of cyberspace endogenous safety and security test site
- 电信科学 2021年37卷第3期页码：66-74
- 作者机构：
- 作者简介：
  
  [ "朱泓艺（1990- ），男，博士，上海宽带技术及应用工程研究中心副研究员，主要研究方向为下一代无线通信技术、边缘计算、智能网联汽车及信息安全技术等。" ]
  [ "陆肖元（1975- ），男，上海宽带技术及应用工程技术研究中心教授级高级工程师，上海浦东临港智慧城市发展中心主任，主要研究方向为宽带网络与智慧城市应用等。" ]
  [ "李毅（1965- ），男，上海宽带技术及应用工程研究中心主任、博士生导师，主要研究方向为宽带网络与大数据技术及应用等。" ]
- 基金信息：
  
  国家重点研发计划项目;The National Key Research and Development Program of China(2020YFB1805101);上海市科技创新行动计划高新技术领域项目;Shanghai Science and Technology Innovation Action Plan(20511102102)
- DOI：10.11959/j.issn.1000-0801.2021048
  中图分类号： TP393
- 网络出版日期：2021-03，
  
  纸质出版日期：2021-03-20
- 稿件说明：
移动端阅览
朱泓艺, 陆肖元, 李毅. 网络空间内生安全试验场管理技术[J]. 电信科学, 2021,37(3):66-74.

Hongyi ZHU, Xiaoyuan LU, Yi LI. Management technologies of cyberspace endogenous safety and security test site[J]. Telecommunications science, 2021, 37(3): 66-74.
朱泓艺, 陆肖元, 李毅. 网络空间内生安全试验场管理技术[J]. 电信科学, 2021,37(3):66-74. DOI： 10.11959/j.issn.1000-0801.2021048.

Hongyi ZHU, Xiaoyuan LU, Yi LI. Management technologies of cyberspace endogenous safety and security test site[J]. Telecommunications science, 2021, 37(3): 66-74. DOI： 10.11959/j.issn.1000-0801.2021048.

摘要

网络靶场（CR）已被广泛认可为一种研究网络攻防技术与网络架构脆弱性的有效途径，网络空间内生安全试验场是一种面向网络空间内生安全技术的网络靶场，近年来受到了高度关注。基于以5G发展为核心的网络空间新形势，提出了面向虚实结合网络环境的试验场管理技术，设计了基于内生安全软件定义网络控制器的试验场管理架构。同时提出了一种内生安全网络控制系统的架构设计，采用中间层转发代理实现数据安全隔离，支持多种异构开源控制器。最后，基于一种试验场组网方案提出试验场场景重构与资源编排方法。

Abstract

The cyber range has been widely recognized as an effective way to study the technologies of network attack/defense and the vulnerability of network architecture.The endogenous safety and security test site that receives high attention recently is a type of cyber range for cyber space endogenous safety and security technologies.Based on the new situation of cyberspace with 5G development

a test site management technology for virtual-real network settings was proposed

and a test site management architecture based on the endogenously secured software defined network controller was designed.A design of the endogenously secured network control system was also proposed

which used a middle layer forwarding agent to achieve data isolation and supported multiple heterogeneous open-source controllers.Finally

a test site scenario reconfiguration and resource orchestration method was proposed based on a test site networking scheme.

关键词

Keywords

references

XU H , CHEN X , ZHOU J M , et al . Research on basic problems of cognitive network intrusion prevention [C ] // Proceedings of 2013 Ninth International Conference on Computational Intelligence and Security . Piscataway:IEEE Press , 2013 : 514 - 517 .

CHUNG C J , KHATKAR P , XING T Y , et al . NICE:network intrusion detection and countermeasure selection in virtual network systems [J ] . IEEE transactions on dependable and secure computing , 2013 , 10 ( 4 ): 198 - 211 .

邬江兴 . 网络空间拟态防御研究 [J ] . 信息安全学报 , 2016 , 1 ( 4 ): 1 - 10 .

WU J X . Research on cyber mimic defense [J ] . Cyber Security , 2016 , 1 ( 4 ): 1 - 10 .

邬江兴 . 拟态计算与拟态安全防御的原意和愿景 [J ] . 电信科学 , 2014 , 30 ( 7 ): 1 - 7 .

WU J X . Meaning and vision of mimic computing andmimic security defense [J ] . Telecommications Science , 2014 , 30 ( 7 ): 1 - 7 .

仝青 , 张铮 , 张为华 , 等 . 拟态防御Web服务器设计与实现 [J ] . 软件学报 , 2017 ( 4 ): 883 - 897 .

TONG Q , ZHANG Z , ZHANG W H , et al . Design and implementation of mimic defense Web server [J ] . Journal of Software , 2017 ( 4 ): 883 - 897 .

朱泓艺 , 陆肖元 , 李毅 . 基于拟态防御原理的分布式多接入边缘计算研究 [J ] . 物联网学报 , 2019 ( 10 ): 80 - 87 .

ZHU H Y , LU X Y , LI Y . Distributed multi-access edge computing based on mimic defense theory [J ] . Chinese Journal on Interner of Things , 2019 ( 10 ): 80 - 87 .

方滨兴 , 贾焰 , 李爱平 , 等 . 网络空间靶场技术研究 [J ] . 信息安全学报 , 2016 , 1 ( 3 ): 1 - 9 .

FANG B X , JIA Y , LI A P , et al . Cyber ranges:state-of-the-art and research challenges [J ] . Cyber Security , 2016 , 1 ( 3 ): 1 - 9 .

刘正军 , 徐锐 , 李春林 , 等 . 面向先进防御技术的网络安全试验场构建方法 [J ] . 通信技术 , 2020 , 53 ( 2 ): 450 - 455 .

LIU Z J , XU R , LI C L , et al . Construction method of network security experimental platform foradvanced defense technology [J ] . Communication Technology , 2020 , 53 ( 2 ): 450 - 455 .

FERGUSON B , TALL A , OLSEN D . National cyber range overview [C ] // Proceedings 2014 IEEE Military Communications Conference . Piscataway:IEEE Press , 2014 : 123 - 128 .

URISA V E , STOUT W M S , VANan L B , et al . Cyber range infrastructure limitations and needs of tomorrow:a position paper [C ] // Proceedings 2018 International Carnahan Conference on Security Technology (ICCST) . Piscataway:IEEE Press , 2018 : 1 - 5 .

PETESON L , WROCLAWSKI J . Overview of the GENI architecture [J ] . GENI Design Document , 2007 ( 2 ): 06 - 11 .

PETERSONE L , MUIR S , ROSCOE T , et al . Planetlab architecture:an overview [J ] . PlanetLab Consortium May , 2006 , 1 ( 15 ): 1 - 4 .

BENZEL T , BRADEN R , KIM D , et al . Experience with deter:a testbed for security research [C ] // Proceedings of 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities . Piscataway:IEEE Press , 2006 :10.

SUNE M , BERGESIO L , WOSENER H , et al . Design and implementation of the OFELIA FP7 facility:The European OpenFlow testbed [J ] . Computer Networks , 2014 , 61 : 132 - 150 .

WINTER H , . System security assessment using a cyber range [C ] // Proceedings of IET International Conference on System Safety .[S.l.:s.n. ] , 2013 .

SCHWERDEL D , REUTHER B , ZINNER T , et al . Future internet research and experimentation:the G-Lab approach [J ] . Computer Networks , 2014 ( 61 ): 102 - 117 .

MULLER P , SCHWERDEL D . A novel approach towards sustainable testbeds:ToMaTo on cloudLab [J ] . PIK-Praxis der Informationsverarbeitung und Kommunikation , 2017 , 39 ( 3-4 ): 87 - 102 .

MIYAJI T . X-ray-Infrared relation of AGNs and search for highly obscured accretion in the AKARI NEP Field [J ] . Proceedings of the International Astronomical Union , 2019 , 15 ( S341 ): 172 - 176 .

BAIK K H , SUK Y K . A Study on the ubiquitous industryz's effects on Korean economy using interindustry analysis [J ] . Journal of the Korea Academia-Industrial Cooperation Society , 2006 , 7 ( 3 ): 494 - 505 .

丁绍虎 , 李军飞 , 季新生 . 基于拟态防御的SDN控制层安全机制研究 [J ] . 信息安全学报 , 2018 , 4 ( 4 ): 84 - 93 .

DING S H , LI J F , JI X S . Research on SDN control layer security based onmimic defense [J ] . Cyber Security , 2018 , 4 ( 4 ): 84 - 93 .

浏览量

574

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

可编程数据平面技术综述

基于LSTM流量预测的路由规划和切换

面向6G的新型可编程网络架构研究

灰盒光传输设备的SDN管控技术研究及应用

软件定义的星地融合智能无线网络