Abstract
Recently, more and more mobile devices have been connected to the Internet. The Internet environment is complicated, and network security incidents emerge endlessly. Traditional blocking and killing passive defense measures cannot fundamentally meet the network security requirements. Inspired by the heuristic establishment of multiple lines of defense in immunology, we designed and prototyped a Double Defense strategy with Endogenous Safety and Security (DDESS) based on multi-identifier network (MIN) architecture. DDESS adopts the idea of a zero-trust network, with identity authentication as the core for access control, which solves security problems of traditional IP networks. In addition, DDESS achieves individual static security defense through encryption and decryption, consortium blockchain, trusted computing whitelist, and remote attestation strategies. At the same time, with the dynamic collection of data traffic and access logs, as well as the understanding and prediction of the situation, DDESS can realize the situation awareness of network security and the cultivation of immune vaccines against unknown network attacks, thus achieving the active herd defense of network security.
Highlights
Academic Editors: Peter Han JooWith the development of the Internet and its deep integration with human social life, more and more mobile devices are connected
Inspired by the multiple defense lines in immunology [8], this paper proposes a double defense strategy with endogenous safety and security (DDESS) as shown in Figure 2 based on the multi-identifier network (MIN) architecture [9]
We present a network defense strategy that integrates static and dynamic defenses. It adopts the ideas of the zero-trust network, and employs identity authentication, blockchain technology, and trusted computing technology, with situation awareness and dynamic immune functions
Summary
With the development of the Internet and its deep integration with human social life, more and more mobile devices are connected. The defense capabilities of these measures can be passive or static, depending on predetermined settings before accessing the system and updating the preset defense library during use They can only detect and defend against a number of predefined network security attacks. Traditional defense measures focus on improving the protection capabilities against attacks rather than identifying, tracking, and investigating the responsibility of the attackers They passively receive every intrusion attack, which is difficult to detect, identify, and respond to emerging attack methods, and it is challenging to solve network security problems fundamentally. We adopt identity authentication as the core access control method to solve traditional IP network security problems, and implement static network security defense through key encryption technology, blockchain technology, and trusted computing whitelist strategy.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have