By Holt Hackney
With the continuous advancement of global digital technologies, cyberspace has become a critical domain for national competition, and cybersecurity is essential to safeguarding national interests and social stability. In recent years, cyberattacks have grown more frequent and sophisticated, especially with the application of artificial intelligence and big data technologies, enabling attackers to launch highly customized attacks that are harder to detect, faster to execute, and more widely impactful.
Traditional cybersecurity technologies mainly rely on passive response mechanisms, and existing cybersecurity models, whether defense enhancement models or attack confrontation models, have significant limitations. Defense enhancement models lack in-depth understanding of attackers’ behaviors, motivations, and strategies, placing defenders in a passive position; attack confrontation models, while analyzing attacks from the attacker’s perspective, still lack in-depth analysis of strategies in dynamic attack-defense confrontations. Moreover, current models face issues such as unknown threat imperception, limited strategic coordination, and lack of continuous optimization, making them inadequate in addressing complex, concealed, and rapidly evolving threats.
Therefore, the School of Computer Science and Engineering at the University of Electronic Science and Technology of China conducted research and produced a paper entitled “Position Paper: Active Cybersecurity: Vision, Model, and Key Technologies.” This study introduces the concept of “active cybersecurity,” which aims to enhance network security not only through technical measures but also by leveraging strategy-level defenses.
The core assumption is that attackers and defenders act as rational decision-makers seeking to maximize their respective objectives in network confrontations. Based on this, the study integrates game theory to analyze the interdependent relationships between attackers and defenders, optimizing their strategies.
Guided by this idea, the research proposes an active cybersecurity model (SAPC) involving intelligent threat sensing, in-depth behavior analysis, comprehensive path profiling, and dynamic countermeasures. This model is designed to foster an integrated defense capability encompassing threat perception, analysis, tracing, and response, with its core incorporating theoretical analyses of adversarial behavior and strategy optimization based on game theory. By profiling adversaries and modeling confrontation as a “game”, the SAPC model establishes a comprehensive framework providing both theoretical insights and practical guidance for cybersecurity.
The research also explores key technologies based on the SAPC model, including vulnerability mining, traffic detection, attack traceback, and dynamic deception, verifying their effectiveness through case studies. Additionally, it discusses the challenges faced by active cybersecurity in complex network environments, such as incomplete information element collection, complex calculations of massive data, and complex emergency response coordination, while pointing out future development trends from technical, policy, and organizational perspectives.
The paper can be viewed at: https://doi.org/10.1631/FITEE.2500053