类免疫网络安全架构

来源：中国指挥与控制学会

不断涌现的安全事件以及未来互联网的新特性对网络安全的需求充分说明，以传统的“老三样”，即防火墙、入侵检测和病毒查杀为代表的静态防御手段，无法应对未知安全攻击和内部攻击。近年来发展起来的蜜罐、蜜网、移动目标防御等方法，虽然可以应对某些未知攻击手段，但同时也是以牺牲网络的开放性、通用性和可用性为代价的。网络安全面临的挑战，其主要根源来自两个方面：网络架构设计的缺陷，以及网络运行环境本身的复杂性和多样性。

复杂生物的免疫系统在自然界经过数亿年的演化，形成了一套非常精妙的运行机制。散布于身体的不同类型的免疫系统分子、细胞、组织和器官，时刻保持警戒，相互协作清除病原体，维系着身体各个器官的正常运转。如图1 所示，复杂生物免疫系统分为先天性免疫系统和适应性免疫系统两大类。

图 1 复杂生物免疫系统

与网络安全防护系统阻止恶意攻击危害信息系统类似，生物免疫系统同样起着阻止病原微生物入侵，抑制其繁殖，解除其毒性以及杀灭病原体的作用。因此，系统性地借鉴生物免疫系统的运行机理，采用科学平衡的安全观来构建类生物免疫的网络安全动态防御系统，有可能成为一种突破网络安全困境的有效途径。

借鉴生物免疫系统的运行机理，类生物免疫网络安全架构也可分为静态防御和动态防御两大类，如图2所示。其中，静态防御系统包括物理或逻辑隔离，以及通用的入侵检测与病毒查杀；动态防御系统包括基于网络安全态势的自适应阻断隔离，以及基于生成对抗学习的特定威胁精准响应。

图 2 类生物免疫机制的网络安全防御架构

通过构建一个与受保护网络高度近似的“平行伴生网络”，在其中加载高强度的人工智能（AI）攻击，加速攻防对抗学习生成“网络疫苗”的进程，有可能预先获得“未知”攻击的防御方法，为受保护网络提供自适应防护能力。

生物免疫系统“粗细随机变异、正反筛选增殖”机制是应对未知攻击有效而平衡的手段。我们可以借鉴免疫细胞产生抗体的原理，通过生成对抗网络（GAN）及增强学习（RL）来形成应对未知攻击的自适应学习机制，实现网络防御体系的持续动态平衡。

该工作近期发表于国际权威杂志IEEE Wireless Communications

参考文献

【1】Quan Yu ; Jing Ren ; Jiyan Zhang ; Siyang Liu ; Yinjin Fu ; Ying Li ; Linru Ma ; Jian Jing ; Wei Zhang；“An Immunology-Inspired Network Security Architecture，” IEEE Wireless Communications, 2020.https://ieeexplore.ieee.org/document/9143288

作者简介

Quan Yu received the B.S. degree in radio physics from Nanjing University, China, in 1986; the M.S. degree in radio wave propagation from Xidian University, China, in 1988; and the Ph.D. degree in fiber optics from the University of Limoges, France, in 1992. He is currently a research professor at Peng Cheng Laboratory. His main research interests include network architecture and cognitive radio. He is an academician of the Chinese Academy of Engineering and the founding Editor-in-Chief of the Journal of Communications and Information Networks.

Jing Ren received her B.E. and Ph.D. degrees in communication engineering from the University of Electronic Science and Technology of China (UESTC), Chengdu, China, in 2007 and 2015, respectively. Currently, she is an instructor at UESTC and a research assistant at Peng Cheng Laboratory. Her research interests include network architecture and protocol design, information- centric networking, and software-defined networking.

Jiyan Zhang received her M.D. degree from the Fourth Military Medical University, Xi’an, China, in 1995, and the Ph.D. degree from the Institute of Basic Medical Sciences, Beijing, China, in 2000. Currently, she is a professor at the Beijing Institute of Brain Sciences, China. Her current research interest is signaling events in inflammation and tumors.

Siyang Liu received the B.S. degree in electronic engineering from Shanghai Jiao Tong University, China, in 2013, and the M.S. degree from the same university in 2016. He is currently pursuing the Ph.D. degree in the Department of Electronic and Engineering at the same university. His research interests include ad-hoc networks, satellite communications, and routing strategy in wireless networks.

Yinjin Fu [S’11, M’14] received his B.S. in mathematics from Nanjing University in 2006, and the M.S. and Ph.D. degrees in computer science from the National University of Defense Technology of China in 2008 and 2013, respectively. Currently, he is an assistant researcher at Peng Cheng Laboratory. His current research interests include computer network architecture, cloud computing and big data storage.

Ying Li received her B.E. and Ph.D. degrees in communication engineering from the National University of Defense Technology, Changsha, China, in 2001 and 2006, respectively. Currently, she is a researcher at Peng Cheng Laboratory. Her research interests include network architecture design, MIMO, and cognitive radio.

Linru Ma received her B.E and Ph.D degrees in communication and information systems from the National University of Defense Technology, Changsha, China, in 2000 and 2007, respectively. Currently, she is a researcher at the System Engineering Research Institute, China. Her main research interests include cyber security architecture and system design-in security.

Jian Jing received his B.S. in biophysics from Peking University in 1987. After working at the Beijing Neurosurgical Institute and Duke University, he obtained his Ph.D. at the University of Illinois at Urbana-Champaign, USA, in 1998. From 1998 to 2001, he was a postdoc with Dr. Weiss at Mount Sinai School of Medicine in New York, and was then promoted to an assistant professor in 2002. He was an investigator at the School of Life Sciences of Nanjing University in December 2012, and then a full professor in July 2015. His current research interests include neural circuits underlying motivated behaviors, neuro-modulation and brain-inspired communication networks.

Wei Zhang [F’15] received his Ph.D. in electronic engineering from the Chinese University of Hong Kong in 2005. Currently, he is a professor at the University of New South Wales, Sydney, Australia. His current research interests include 5G and UAV communications. He serves as Editor-in-Chief of the Journal of Communications and Information Networks. He is Chair of the IEEE Wireless Communications Technical Committee. He is a member of the Board of Governors of the IEEE Communications Society.

本文来源：XYZ Lab工作室

如何加入学会

注册学会会员：

个人会员：

关注学会微信：中国指挥与控制学会（c2_china），回复“个人会员”获取入会申请表，按要求填写申请表即可，如有问题，可在公众号内进行留言。通过学会审核后方可在线进行支付宝缴纳会费。

单位会员：

关注学会微信：中国指挥与控制学会（c2_china），回复“单位会员”获取入会申请表，按要求填写申请表即可，如有问题，可在公众号内进行留言。通过学会审核后方可缴纳会费。

长按下方学会二维码，关注学会微信