高级检索

    欺骗防御技术发展及其大语言模型应用探索

    Development of Deception Defense Technology and Exploration of Its Large Language Model Applications

    • 摘要: 欺骗防御作为主动防御中最具发展前景的技术,帮助防御者面对高隐蔽未知威胁化被动为主动,打破攻守间天然存在的不平衡局面. 面对潜在的威胁场景,如何利用欺骗防御技术有效地帮助防御者做到预知威胁、感知威胁、诱捕威胁,均为目前需要解决的关键问题. 博弈理论与攻击图模型在主动防御策略制定、潜在风险分析等方面提供了有力支撑,总结回顾了近年来二者在欺骗防御中的相关工作. 随着大模型技术的快速发展,大模型与网络安全领域的结合也愈加紧密,通过对传统欺骗防御技术的回顾,提出了一种基于大模型的智能化外网蜜点生成技术,实验分析验证了外网蜜点捕获网络威胁的有效性,与传统Web蜜罐相比较,在仿真性、稳定性与灵活性等方面均有所提升. 为增强蜜点间协同合作、提升对攻击威胁的探查与感知能力,提出蜜阵的概念. 针对如何利用蜜点和蜜阵技术,对构建集威胁预测、威胁感知和威胁诱捕为一体的主动防御机制进行了展望.

       

      Abstract: Deception defense, as the most promising technology in proactive defense, aids defenders in facing highly covert and unknown threats, turning passivity into proactivity, and breaking the inherent imbalance between offense and defense. In the face of potential threat scenarios, how to effectively use deception defense technology to help defenders anticipate threats, perceive threats, and entrap threats, is a key issue that currently need to be addressed. Game theory and attack graph models provide strong support in formulating active defense strategies and analyzing potential risks. We summarize and review the recent work of both in the realm of deception defense. With the rapid development of large language model technology and its increasingly close integration with the field of cybersecurity, we review traditional deception defense technology and propose a large language model-based intelligent external network HoneyPoint generation technique. Experimental analysis validates the effectiveness of external network HoneyPoint in capturing network threats, showing improvements over traditional Web honeypots in aspects like simulation, stability, and flexibility. To enhance the collaborative cooperation between HoneyPoints and improve the capabilities for threatening exploration and perception, the concept of Honey-Landscape is introduced. We provide an outlook on how to utilize HoneyPoint and Honey-Landscape technologies to construct an integrated active defense mechanism that includes threat prediction, threat perception, and threat entrapment.

       

    /

    返回文章
    返回