1. Challenges faced by offensive and defensive exercises

1. Challenges faced by offensive and defensive exercises

The modern network offensive and defensive exercise technology system is complex, with complex technical correlations, mutual influence, and mutual restriction. Currently, in the process of research and application of network space offensive and defensive technology, the main technical challenges include the following aspects:

First, rapid and accurate modeling problems in the information domain. Focus on breaking through the modeling technology of the杀伤链 based on the network information system, in order to describe the cross-domain attacks of the杀伤链 based on the network information system, it is necessary to focus on solving the technical difficulties of complex network information systems with large scale and elasticity characteristics, modeling of reconnaissance and positioning models based on perception situation and automatic distribution of intelligence, and modeling of soft and hard attack actions based on rule constraints.

Second, intelligent modeling problems in the cognitive domain, mainly for global command and control, algorithmic warfare, unmanned war, etc. Focus on breaking through the modeling technology of intelligent decision-making, command and control, and unmanned and anti-unmanned combat actions, and focus on solving the modeling difficulties in the cognitive domain such as situation awareness, intelligent control, group coordination, and autonomy, providing intelligent models with a high level for future offensive and defensive simulations.

Third, high-level modeling problems in the social domain, mainly for strategic-level simulation needs. Research on psychological offense and defense, propaganda war, public opinion war, and other combat actions and effect modeling, and focus on breaking through the technology of national key infrastructure and offensive and defensive effect modeling. Mainly solve the problem of cascading effects on the social domain caused by the soft and hard damage of related attack actions and national key infrastructure target systems affected by network attacks, and create a realistic mixed confrontation simulation environment.

Fourth, multi-channel and differentiated information fusion technology. Cyber space offensive and defensive activities involve different fields. To carry out comprehensive cyber space offensive and defensive exercises, it is necessary to adapt to the needs of multi-resolution, multi-modal heterogeneous model operation, management, and scheduling applications, and to build an open system architecture, provide standard and specification for docking mode and interactive interface, and support joint offensive and defensive exercises of multiple models.

Fifth, intelligent offensive and defensive decision-making simulation and driving technology. Network space combat activities can cover a global range, three-dimensional space height, and intangible electromagnetic space. In such a large area, the vast number of combat entities and their combat actions are inseparable from analysis, simulation, and decision-making technology. How to introduce artificial intelligence technology to carry out intelligent offensive and defensive decision-making simulation and driving behavior in the cyber space from a global perspective. Rapid and automatic processing of information collection, data analysis, information coordination, and other types of cyber space combat processes.

2, Attack and defense exercise technology system

With the trend of continuous integration and mutual penetration between the network virtual space and the physical world, the security of the cyberspace is not only related to people's daily work and life, but also of great strategic significance to national security and development. In December 2012, the European Union Agency for Network and Information Security issued the 'National Cyber Security Strategy: Guidelines for Development and Implementation', pointing out that 'There is no unified definition of cyber security, which overlaps with the concept of information security. The latter mainly focuses on protecting the security of information within specific systems or organizations, while cyber security emphasizes the protection of infrastructure and critical information infrastructure (critical information infrastructure) that constitutes the network'. In 2014, the National Institute of Standards and Technology in the United States issued the 'Framework for Improving Critical Infrastructure Cybersecurity', which defines cyber security as 'The process of protecting information through prevention, detection, and response to attacks'. In summary, cyber security covers both the security of infrastructure including people, machines, and physical entities, and the security of various information data generated, processed, transmitted, and stored in them.

In order to better cope with the threats and challenges in the field of cyber security, a cyber security technology system has been constructed from the physical layer, system layer, network layer, data layer, and the security foundation theory running through them. The construction idea of this technology system starts from the physical composition and working mechanism of the cyber space system, and constructs the technical system framework of network attack and defense exercises.

The cyberspace is composed of various physical devices, and the security of the physical layer is the foundation of cyber security. The specific research work includes hardware fingerprint, hardware Trojan detection, device authentication, and physical channel security.

The interconnection and communication of physical devices require the support of corresponding systems, so the security of the system layer is above the physical layer, mainly focusing on system vulnerability assessment, mobile terminal security (including user authentication, malware identification, etc.), cloud platform security (including virtualization security, virtual machine forensics, etc.), and industrial control system security.

Data exchange between devices is carried out through various networks, so the security of the network layer is above the system layer, including research content such as secure access to wireless mobile networks, anonymous communication and traffic analysis, network user behavior analysis, and network protocol analysis and design.

The core elements flowing and stored in the cyberspace are information data, and these information data are also the concrete mapping of people in the cyberspace. Therefore, the top level of the research system is data layer security, involving research on data privacy and anonymity, media content security, information aggregation and dissemination analysis, and other aspects.

As the cornerstone of the entire cyber security system, the security foundation theory runs through the 4-layer structure, including the theories and methods of quantum cryptography, post-quantum cryptography, lightweight cryptographic algorithms and protocols for the Internet of Things applications, searchable encryption and fully homomorphic encryption supporting ciphertext statistical analysis in cloud computing environments, and other aspects.

3. Analysis of Attack and Defense Countermeasures Technology

1) Physical Layer Security: Mainly studies malicious attack and defense technologies against various hardware, as well as the security access technology of hardware devices in cyberspace. The main research hotspots in terms of malicious attack and defense include side-channel attacks, hardware Trojan detection methods, and hardware trust benchmarks, and in terms of device access security, mainly studies identity authentication based on device fingerprint, measurement and feature extraction of channels and device fingerprints. In addition, physical layer security also includes disaster recovery technology, trusted hardware, electronic protection technology, and interference shielding technology.

2) System Layer Security: It includes the research content of system software security, application software security, and architectural security, and penetrates into many application fields such as cloud computing, mobile internet, Internet of Things, industrial control systems, embedded systems, and intelligent computing. Specifically, it includes system security architecture design, system vulnerability analysis, software security analysis, user authentication technology for intelligent terminals, malware identification, virtualization security analysis and forensics in the cloud computing environment, and other important research directions. In addition, physical layer security also includes disaster recovery technology, trusted hardware, electronic protection technology, and interference shielding technology.

3) Network Layer Security: The main goal of research work at this level is to ensure the security of the intermediate network itself for the network entities connected, involving the security protocols, network defense and attack, security management, and forensics and tracking of various wireless communication networks, computer networks, Internet of Things, and industrial control networks. With the development of intelligent terminal technology and the popularization of mobile internet, secure access to mobile and wireless networks has become particularly important. And for cyberspace security supervision, it is necessary to detect and block malicious user behavior at the network layer, focusing on the research of efficient and practical anonymous communication traffic analysis technology and network user behavior analysis technology.

4) Data Layer Security: The main purpose of data layer security research is to ensure the confidentiality, integrity, non-repudiation, and anonymity of data, and its research hotspots have permeated into many application fields such as social computing, multimedia computing, electronic forensics, and cloud storage. Specifically, it includes data privacy protection and anonymous publication, intrinsic association analysis of data, media content security in network environment, information aggregation and dissemination analysis, content analysis for video surveillance, and data access control.

5) Security Foundation Theory and Methods: The security foundation theory and methods include both common fundamental theories such as number theory, game theory, information theory, cybernetics, and computability theory, as well as unique methods and technical means in the security field represented by cryptography and access control. In the cloud computing environment, searchable encryption and fully homomorphic encryption technologies can support ciphertext statistical analysis while ensuring data confidentiality, which is an important research direction for cloud platform data security. These research efforts provide theoretical basis and technical support for cyberspace security.