| 摘要: |
| 随着信息通信系统的架构日益复杂, 承载的数据量呈指数级增长, 现有的安全防护体系存在严重缺陷: 先建网络、 后做防护导致安全防护难以到位; 集中式防御模式导致信息系统对外服务能力下降严重; 防御机制与信息系统的安全状况关联不大导致防御效能低下。如何从根源上突破以上瓶颈成为未来信息系统安全的核心问题, 需要改变被动式防御方式, 实施主动式防御。本文提出一种基于仿生控制机理的内生免疫体系, 通过研究人体的高效神经控制特征: 遍布系统并与功能器官高度融合的海量神经元、由一系列基本动作为基础要素进行任务的执行、实时反馈并对偏差动作进行校准、具有大脑这样的综合分析处理中心进行分析和决策。基于上述特征构建了信息系统类神经系统控制架构, 通过全方位部署安全神经元, 将功能和安全融入到基本功能模块中, 构建一种以任务为导向的执行动作细粒度监控机制, 根据任务执行条件调用基本模块执行操作, 在执行过程中感知执行路径, 通过反馈发现错误, 根据策略进行校准。 通过对构建的仿生控制模型分析表明, 这种基于仿生控制的机制能够维持信息系统的安全状态。通过构建原型系统对任务在不同策略下的运行模式进行了分析, 系统包含通信模块与加解密模块, 模块中融入了安全监测与控制部分, 基于模糊认知图进行控制校准, 实验结果表明提出的仿生控制机制能够根据运行环境的变化调整策略, 维持任务的有效运行。基于仿生控制的机理为内生免疫系统的实现提供了基础理论支撑。 |
| 关键词: 信息系统安全 内生安全 内生免疫 安全模型 主动安全 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2022.03.06 |
| 投稿时间:2020-11-26修订日期:2021-01-11 |
| 基金项目:本课题得到至善青年学者支持计划、移动信息通信与安全前沿科学中心、自然科学基金基于量化可信模型的信息系统智能安全机制研究(No.61601113)、网络通信与安全紫金山实验室资助。 |
|
| Bionic Control Mechanism Based Research of Endogenous Immune Architecture for Information System |
| LI Tao,HU Aiqun,FANG Lanting |
| School of Cyber Science and Engineering, Southeast University, Nanjing 210000, China;Purple Mountain Laboratories, Nanjing 210000, China |
| Abstract: |
| The architecture of information system is becoming more and more complicated, and the generated data is also growing exponentially. Facing the rapid transformation of information system, existing security architecture exposes some serious flaws: protection mechanisms are deployed after network constructing, which leads to some security policies are hard to implement protecting mechanisms efficiently; centralization protection model leads to serious decline of service capacity; small relevance between protection mechanisms and security statement results in decline of defense efficiency. How to solve above problems from original base is the core problem of future information system. The protection method must be changed from passive to initiative method. This paper proposes an endogenous immune architecture based on bionic control mechanism. Through study of human being’s efficient neural control mechanisms, which include a mass of neurons throughout the system and highly integrated with functional organs, a task is executed with a series of basic actions, action’s executing effects are monitored and deviations are calibrated in real time, a brain acts as a comprehensive analytical processing center for analysis and decision making. Based on the above characteristics, this paper constructs a neural control architecture for information system. Our architecture fully deploys security neurons in system. Functions and security are deeply involved in basic module. Based on proposed architecture, system includes some basic tasks which can be decomposed into a series of actions. When the system executes a task, executing path and actions’ running data are monitored. Executing errors can be detected through feedback mechanism. Then the adjusting policy is executed to correct flaws. We also construct a bionic control model for proposed architecture. The analysis of model shows that security mechanism based on bionic control mechanism can maintain security state. By constructing prototype system, we analyzed task’s running modes under different policies. The prototype system includes communication module and encryption and decryption module. Each module integrates security monitor and control parts. The control calibration mechanism is carried out by fuzzy cognitive map. Experimental results show that the proposed bionic control mechanism can adjust the executing strategy according to the changes of operating environment and maintain the effective operating of task. The mechanism based on bionic control provides basic theoretical support for the realization of endogenous immune system. |
| Key words: information system security endogenous security endogenous immune security model initiative security |
