摘要
作为一种主动对抗攻击者的手段,网络欺骗防御技术得到了学术界和产业界的广泛关注,其中攻击诱捕技术是网络欺骗防御的核心所在。其基本理念是通过建立虚假的网络和业务系统环境,引诱攻击者对诱捕系统发起攻击而达到监控分析攻击行为的目的。着眼于面向攻击诱捕的网络欺骗防御技术研究,讨论了攻击诱捕技术的基本概念及典型架构,并从决策控制和欺骗环境构建两个方面对攻击诱捕机制的实现机理进行了探讨。总结了攻击诱捕技术在欺骗防御场景中的作用,在此基础上从传统诱捕机制、虚拟化诱捕机制以及智能诱捕决策等方面分析了攻击诱捕技术的研究现状及关键技术,为欺骗诱捕系统的设计提供了一定的思路,总结分析了现有研究存在的问题,并展望了未来的发展方向和面临的挑战。
As a means to actively counter attackers,cyber deception defense technology has received extensive attention from academia and industry,among which how to capture attacker is the core of cyber deception defense.The basic idea is to achieve the purpose of monitoring and analyzing attacks by establishing a false network and trapping environment to lure attackers.Focusing on the research of network deception defense technology for attack trapping,the design ideas of attack trapping system are investigated,the typical architecture of attack trapping technology is analyzed,and the design of trapping system is divided into two parts:decision-making control and deception environment.Discussed the three major modules of deception environment design,and divided the development of attack trapping technology into three stages:traditional trapping,complex trapping and intelligent trapping.Combined with the development of attack trapping technology,the key technologies for the design of each module of the deception environment are discussed.Based on the existing problems in the design of trapping systems,the future development trend of attack trapping technology is analyzed.
作者
高雅卓
刘亚群
邢长友
张国敏
王秀磊
GAO Ya-zhuo;LIU Ya-qun;XING Chang-you;ZHANG Guo-min;WANG Xiu-lei(School of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China)
出处
《计算机技术与发展》
2022年第3期114-119,共6页
Computer Technology and Development
基金
国家自然科学基金项目(61379149,61772271)
国家博士后科学基金项目(2017M610296)。
关键词
欺骗防御
攻击诱捕
蜜罐
虚拟化
博弈论
deception defense
attack trapping
honeypot
virtualization
game theory
