A. Mimicry Defense
Mimicry phenomenon (Mimic Phenomenon, MP) refers to an organism if it can simulate another organism or environment in color, texture and shape characteristics, so that the benefit of one or both ecological adaptation phenomenon. Press defensive behavior can be classified based on their inclusion mechanism endogenous active defense visible, but also called mimicry camouflage (Mimic Guise, MG). If such a disguise is not limited to color, texture and shape, but in behavior and morphology can simulate mimicry camouflage another organism or the environment, which we call "Pseudo Defense" (Mimic Defense, MD).
The researchers found that the introduction of this active defense mode to cyberspace, cyberspace can solve security problems, especially in the face of the current biggest security threat - unknown vulnerability backdoor Trojan viruses and other threats uncertain when, with significant results, to overcome the traditional methods of security problems, cyberspace mimicry defense (cyberspace Mimic defense, CMD) theory came into being.
II. Application background
Currently, the status of cyberspace security is "easy to attack and hard to defend," basically due to the following two aspects:
Cyberspace there is currently "unknown unknowns threat" or so-called uncertain threat. Such threats are often based on information system software and hardware components of vulnerability, or in the era of globalization industry chain deliberate backdoors implanted hardware and software implementation of man-made attacks. At the current level of technology and human cognitive abilities, yet unable to make a theoretical level for a given complex information system without loopholes, no back door of scientific judgment, can not completely avoid design flaws from the project level or completely eliminate the back door, which makes based on the defender or unknown vulnerability backdoor Trojan virus attacks such as the implementation of cyberspace become the biggest security threat.
Cyberspace existing defense system is based on the perception of threat signatures precise defense. Based on the "known risk" or "known and unknown risks," a prerequisite, we need to attack the source of the attack characteristics, prior knowledge of ways to support the attack, aggressive behavior, etc., are on the defense mechanism of "acquired immunity" usually it requires encryption or authentication functions as a "bottom line defense." Clearly, based in dealing with unknown vulnerabilities such as backdoor Trojan horse or virus attack exists when an unknown vulnerability in the defense system and mechanism. Especially hard and soft components in the system can not ensure the credibility of the ecological environment, in addition to the uncertain threat "too late" outside almost no efficient real-time response, it can not absolutely guarantee or link encryption and authentication function is not deliberately bypassed or short circuit . In addition, the static nature of the existing information system architecture, similarity and certainty to the attacker also provides target identification, defensive behavior detection, attack techniques and perfect testing BDA and many other convenient. At the same time, the vast majority of information systems has been following a single treatment operation mechanism to share space resources, as long as the intruder into this space is likely to achieve the desired operation through resource sharing mechanism, which is one of the fundamental theory of many conditions cyber attacks, including nowadays breakthrough "physical isolation network" used "side-channel" attacks principle. Thus, vulnerability and lack of mechanisms for active immunization and other key issues crucial uncertainties, passive defense system architecture and mechanism of information systems constitute the biggest security black hole in cyberspace.
Cyberspace defense mimicry theory, is to break the idea of "shackles" of traditional information systems and defense methods, Sanitization Vulnerability backdoor Trojan virus and full of harsh network environment fundamentally.
III. The basic idea
Similar to the mimicry of biological defense, defense in cyberspace, in the audience for a given service functionality and performance of the same premise, its internal architecture, redundant resources, operational mechanism, the core algorithm, abnormalities and other environmental factors, as well as possible attached to it unknown vulnerability backdoor Trojan horse or virus and so can make strategic changes in time and space, so the attacker showing a "plausible" scenario, in order to disrupt the structure and process of entry into force of the attack chain, so that the cost of a successful attack is doubled.
CMD technically to integrate a variety of factors for the purpose of active defense: the heterogeneity, diversity or pluralism change the similarity of the target system, unity; in a dynamic, static random changes in the target system, certainty; to heterogeneous redundant multimode ruling mechanisms to identify and shield unknown defects and unknown threats; high reliability architecture enhances flexibility or elasticity of the target system service functions; the apparent uncertainty in a systematic denial or defense attributes for the target system does not certainty threats.
At the current study, the researchers is based on a dynamic heterogeneous redundancy (Dynamic Heterogeneous Redundancy, DHR) integration technology architecture framework to achieve these objectives intensive ground.
IV. Effective range
Mimicry defense applications, there are also effective range, which we will call mimicry defense industry (Mimic Defense Boundary, MDB), referred to mimic industry.
Technically speaking details, include a number of internal boundary mimicry group definition specification, stringent protocol service (operation) functions. These conformance or compliance testing a standardized protocol or specification, may determine a plurality of heterogeneous (not complexity) executable even on the equivalence of performance in a given service (operation) functions. I.e., conformance testing input and output interface mimicry may be judged by the relationship between the function execution equivalence thereof, including the consistency of a given exception handling or performance. Mimicry interface defined functional integrity, availability and security is a prerequisite mimicry defense validity, not explicitly defined interface functions (operations) do not belong to the scope of defense mimicry (protective effect may exist derived). In other words, if the attack failed to make vector output on mimicry sector performance is inconsistent, mimicry defense mechanism will not make any response. Therefore, a reasonable set, or division selecting step mimicry defense sector in the project implementation is critical.
It needs to be stressed that the security issue outside of mimicry mimicry defense industry does not belong to the range. For example, the fishing, bundled service software malicious functions, interpreted file Push Trojan virus code in cross-platform, carrying poisonous software download behavior does not depend so on unknown vulnerabilities within mimicry circles or back door factors caused by security threats, mimicry defense unpredictable way.
If an attack successfully broke through the mimicry community, we call it occurred mimicry escape (Mimic Escape, ME). It is worth mentioning that, in the CMD system, a mimicry behavior does not mean that those who escape the attack is successful, the dynamic target defense Similarly, dynamic CMD system can be "blocked" or even "completely destroyed" attack chain, leading to the attack failed.
V. mimicry defense rating
(1) completely mask level
If the invasion from the outside or "ghost" attacks within a given mimicry defense sector, the protection function, service or information is not affected in any way, and the attacker can not make any assessment of the effectiveness of the attacks, like the fall "information black hole", referred to completely mask level 3 is the highest mimicry defense.
(2) can not sustain stage
Given the mimicry defense sector if attacked from inside and outside, protected functions or information may appear uncertain probability, duration uncertain "after the first error correction" or self-healing situation. For the attacker, even if it is difficult to achieve a breakthrough to maintain or keep the attack effect, or can not give any meaningful pave the way for the subsequent attack operation, called unsustainable level.
(3) it is difficult to reproduce the stage
Within a given sector mimicry defense if attacked from the outside, the protection function or the information may appear t does not exceed the period of "out of control situation", but such an attack is difficult to repeat the same scenario reproduction. In other words, the relative attacker to break through to reach the scene of the attack does not have the experience or inheritable, can take advantage of the lack of planning and the value of the time dimension, known as difficult to reproduce level.
(4) grade demarcation principle
Security can be defined according to different scenarios and global needs to realize cost more defense rating, it is important to consider the following four factors in safety: to attack caused varying degrees of uncertainty is the core of the defense mimicry ; imperceptibility that an attacker attacks at various stages of the chain are unable to obtain useful information the defense side; non-retentive chain attacks such destabilization available; irreproducibility such probe based on empirical or accumulation of attack, as it is difficult to posteriori knowledge be utilized such as a subsequent challenge task.
VI. Calculation and defense
Mimicry calculated, according to different tasks, different times, different load conditions, the different performance requirements, different resource occupancy status conditions or parameters dynamically select the solution with suitable configuration of computing environments, the dynamic variable structure based on active cognition calculation processing performance of the lift system.
Mimicry defense, is to fully exploit the endogenous variable structure calculation mechanism attack-resistant properties. Due to the dynamic and random external appearance, in the eyes of the attacker, mimicry computing systems seem to law uncertain DESCRIPTION between diverse environment based on active hopping or quick migration on the spatial and temporal dimensions, showing strong dynamic, heterogeneity, randomness and other features of uncertainty, it is difficult to observe and make predictions, thereby increasing vulnerability-based attacks and backdoor difficulty and cost of building the chain.
In short, to be the state computing and mimicry defense essentially variable structure calculation and processing architecture in a functional equivalent conditions, to improve the processing performance mimicry calculation by a variable structure, mimicry defense that provides proactive defense calculated variable structure.