Towards Double Defense Network Security Based on Multi-Identifier Network Architecture
Recently, more and more mobile devices have been connected to the Internet. The Internet environment is complicated, and network security incidents emerge endlessly. Traditional <i>blocking and killing</i> passive defense measures cannot fundamentally meet the network security requiremen...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-01-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/22/3/747 |
| _version_ | 1797484912309174272 |
|---|---|
| author | Yunmin Wang Abla Smahi Huayu Zhang Hui Li |
| author_facet | Yunmin Wang Abla Smahi Huayu Zhang Hui Li |
| author_sort | Yunmin Wang |
| collection | DOAJ |
| description | Recently, more and more mobile devices have been connected to the Internet. The Internet environment is complicated, and network security incidents emerge endlessly. Traditional <i>blocking and killing</i> passive defense measures cannot fundamentally meet the network security requirements. Inspired by the heuristic establishment of multiple lines of defense in immunology, we designed and prototyped a Double Defense strategy with Endogenous Safety and Security (DDESS) based on multi-identifier network (MIN) architecture. DDESS adopts the idea of a zero-trust network, with identity authentication as the core for access control, which solves security problems of traditional IP networks. In addition, DDESS achieves individual static security defense through encryption and decryption, consortium blockchain, trusted computing whitelist, and remote attestation strategies. At the same time, with the dynamic collection of data traffic and access logs, as well as the understanding and prediction of the situation, DDESS can realize the situation awareness of network security and the cultivation of immune vaccines against unknown network attacks, thus achieving the active herd defense of network security. |
| first_indexed | 2024-03-09T23:11:14Z |
| format | Article |
| id | doaj.art-e19abb93d7bb412da132efa55150e9e1 |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-09T23:11:14Z |
| publishDate | 2022-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-e19abb93d7bb412da132efa55150e9e12023-11-23T17:44:39ZengMDPI AGSensors1424-82202022-01-0122374710.3390/s22030747Towards Double Defense Network Security Based on Multi-Identifier Network ArchitectureYunmin Wang0Abla Smahi1Huayu Zhang2Hui Li3School of Electronic and Computer Engineering, Peking University, Shenzhen 518055, ChinaSchool of Electronic and Computer Engineering, Peking University, Shenzhen 518055, ChinaPurple Mountain Laboratories, Nanjing 211111, ChinaSchool of Electronic and Computer Engineering, Peking University, Shenzhen 518055, ChinaRecently, more and more mobile devices have been connected to the Internet. The Internet environment is complicated, and network security incidents emerge endlessly. Traditional <i>blocking and killing</i> passive defense measures cannot fundamentally meet the network security requirements. Inspired by the heuristic establishment of multiple lines of defense in immunology, we designed and prototyped a Double Defense strategy with Endogenous Safety and Security (DDESS) based on multi-identifier network (MIN) architecture. DDESS adopts the idea of a zero-trust network, with identity authentication as the core for access control, which solves security problems of traditional IP networks. In addition, DDESS achieves individual static security defense through encryption and decryption, consortium blockchain, trusted computing whitelist, and remote attestation strategies. At the same time, with the dynamic collection of data traffic and access logs, as well as the understanding and prediction of the situation, DDESS can realize the situation awareness of network security and the cultivation of immune vaccines against unknown network attacks, thus achieving the active herd defense of network security.https://www.mdpi.com/1424-8220/22/3/747network securitydouble defensezero trustsituation awarenessimmunology |
| spellingShingle | Yunmin Wang Abla Smahi Huayu Zhang Hui Li Towards Double Defense Network Security Based on Multi-Identifier Network Architecture Sensors network security double defense zero trust situation awareness immunology |
| title | Towards Double Defense Network Security Based on Multi-Identifier Network Architecture |
| title_full | Towards Double Defense Network Security Based on Multi-Identifier Network Architecture |
| title_fullStr | Towards Double Defense Network Security Based on Multi-Identifier Network Architecture |
| title_full_unstemmed | Towards Double Defense Network Security Based on Multi-Identifier Network Architecture |
| title_short | Towards Double Defense Network Security Based on Multi-Identifier Network Architecture |
| title_sort | towards double defense network security based on multi identifier network architecture |
| topic | network security double defense zero trust situation awareness immunology |
| url | https://www.mdpi.com/1424-8220/22/3/747 |
| work_keys_str_mv | AT yunminwang towardsdoubledefensenetworksecuritybasedonmultiidentifiernetworkarchitecture AT ablasmahi towardsdoubledefensenetworksecuritybasedonmultiidentifiernetworkarchitecture AT huayuzhang towardsdoubledefensenetworksecuritybasedonmultiidentifiernetworkarchitecture AT huili towardsdoubledefensenetworksecuritybasedonmultiidentifiernetworkarchitecture |