|
|
Frontiers of Information Technology & Electronic Engineering
ISSN 2095-9184 (print), ISSN 2095-9230 (online)
2025 Vol.26 No.8 P.1243-1278
Active cybersecurity: vision, model, and key technologies
Abstract: Noncooperative computer systems and network confrontation present a core challenge in cyberspace security. Traditional cybersecurity technologies predominantly rely on passive response mechanisms, which exhibit significant limitations when addressing real-world complex and unknown threats. This paper introduces the concept of "active cybersecurity," aiming to enhance network security not only through technical measures but also by leveraging strategy-level defenses. The core assumption of this concept is that attackers and defenders, in the context of network confrontations, act as rational decision-makers seeking to maximize their respective objectives. Building on this observation, this paper integrates game theory to analyze the interdependent relationships between attackers and defenders, thereby optimizing their strategies. Guided by this foundational idea, we propose an active cybersecurity model involving intelligent threat sensing, in-depth behavior analysis, comprehensive path profiling, and dynamic countermeasures, termed SAPC, designed to foster an integrated defense capability encompassing threat perception, analysis, tracing, and response. At its core, SAPC incorporates theoretical analyses of adversarial behavior and the optimization of corresponding strategies informed by game theory. By profiling adversaries and modeling confrontation as a "game," the model establishes a comprehensive framework that provides both theoretical insights into and practical guidance for cybersecurity. The proposed active cybersecurity model marks a transformative shift from passive defense to proactive perception and confrontation. It facilitates the evolution of cybersecurity technologies toward a new paradigm characterized by active prediction, prevention, and strategic guidance.
Key words: Active cybersecurity; Intelligent threat sensing; In-depth behavior analysis; Comprehensive path profiling; Dynamic countermeasures
电子科技大学计算机科学与工程学院,中国成都市,611731
摘要:非合作性计算机系统与网络对抗构成了网络空间安全的核心挑战。传统网络安全技术主要依赖被动响应机制,在应对现实世界复杂多变的未知威胁时展现出显著局限性。本文提出"主动网络安全"理念,旨在通过融合技术手段与战略级防御体系,全面提升网络安全水平。该理念的核心假设是:网络对抗环境中的攻击者与防御者均为追求各自目标最大化的理性决策主体。本文引入博弈论分析攻防双方的复杂依存关系并优化其策略选择。基于该理念,构建了主动网络安全模型SAPC,旨在构建一种集威胁感知、分析、追踪和响应于一体的综合防御能力。该模型由4大核心组件构成:智感、透析、活现和反制。SAPC通过基于博弈论的对抗行为理论分析与策略优化方法,将对抗过程建模为博弈过程,建立兼具理论深度与实践指导价值的网络安全框架。SAPC标志着网络防御理念从被动防御到主动感知对抗的范式转变,有力推动网络安全技术向具有前瞻预测、预防控制和战略引导特征的新模式演进。
关键词组:
References:
Open peer comments: Debate/Discuss/Question/Opinion
<1>
DOI:
10.1631/FITEE.2500053
CLC number:
TP393.08
Download Full Text:
Downloaded:
1142
Download summary:
<Click Here>Downloaded:
237Clicked:
551
Cited:
0
On-line Access:
2025-06-04
Received:
2025-01-23
Revision Accepted:
2025-04-22
Crosschecked:
2025-09-04