Abstract: Noncooperative computer systems and network confrontation present a core challenge in cyberspace security. Traditional cybersecurity technologies predominantly rely on passive response mechanisms, which exhibit significant limitations when addressing real-world complex and unknown threats. This paper introduces the concept of "active cybersecurity," aiming to enhance network security not only through technical measures but also by leveraging strategy-level defenses. The core assumption of this concept is that attackers and defenders, in the context of network confrontations, act as rational decision-makers seeking to maximize their respective objectives. Building on this observation, this paper integrates game theory to analyze the interdependent relationships between attackers and defenders, thereby optimizing their strategies. Guided by this foundational idea, we propose an active cybersecurity model involving intelligent threat sensing, in-depth behavior analysis, comprehensive path profiling, and dynamic countermeasures, termed SAPC, designed to foster an integrated defense capability encompassing threat perception, analysis, tracing, and response. At its core, SAPC incorporates theoretical analyses of adversarial behavior and the optimization of corresponding strategies informed by game theory. By profiling adversaries and modeling confrontation as a "game," the model establishes a comprehensive framework that provides both theoretical insights into and practical guidance for cybersecurity. The proposed active cybersecurity model marks a transformative shift from passive defense to proactive perception and confrontation. It facilitates the evolution of cybersecurity technologies toward a new paradigm characterized by active prediction, prevention, and strategic guidance.

主动网络安全：愿景、模型和关键技术

[1]Abelson H, Anderson R, Bellovin SM, et al., 2024. Bugs in our pockets: the risks of client-side scanning. J Cybersecur, 10(1):tyad020.

[2]Alsaheel A, Nan YH, Ma SQ, et al., 2021. ATLAS: a sequence-based learning approach for attack investigation. Proc 30^th USENIX Security Symp, p.3005-3022.

[3]Arjunan T, 2024. Real-time detection of network traffic anomalies in big data environments using deep learning models. Int J Res Appl Sci Eng Technol, 12(3):844-850.

[4]Bocovich C, Breault A, Fifield D, et al., 2024. Snowflake, a censorship circumvention system using temporary WebRTC proxies. Proc 33^rd USENIX Conf on Security Symp, Article 148.

[5]Cai GL, Wang BS, Hu W, et al., 2016. Moving target defense: state of the art and characteristics. Front Inform Technol Electron Eng, 17(11):1122-1153.

[6]Chakraborty A, Alam M, Dey V, et al., 2018. Adversarial attacks and defences: a survey. https://arxiv.org/abs/1810.00069

[7]Chao DC, Xu DW, Gao G, et al., 2024. A systematic survey on security in anonymity networks: vulnerabilities, attacks, defenses, and formalization. IEEE Commun Surv Tutor, 26(3):1775-1829.

[8]Chen RD, Zhang XS, Niu WN, et al., 2019. A research on architecture of APT attack detection and countering technology. J Univ Electron Sci Technol China, 48(6):870-879 (in Chinese).

[9]Chen S, Taw J, 2023. Conventional retaliation and cyber attacks. Cyber Def Rev, 8(1):67-86.

[10]Chinnasamy P, Devika S, Balaji V, et al., 2023. BDDoS: blocking distributed denial of service flooding attacks with dynamic path detectors. Proc Int Conf on Computer Communication and Informatics, p.1-5.

[11]Crandall JR, Su ZD, Wu SF, et al., 2005. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. Proc 12^th ACM Conf on Computer and Communications Security, p.235-248.

[12]Ding KY, Liu XL, Niu WN, et al., 2021. A low-query black-box adversarial attack based on transferability. Knowl-Based Syst, 226:107102.

[13]Fang BX, Jia Y, Li AP, et al., 2024. SARPPR: reconstructing cyberspace security defense model. J Cybersecur, 2(1):2-12 (in Chinese).

[14]Fowler C, Goffin M, Hill B, et al., 2020. An Introduction to MITRE Shield. The MITRE Corporation, USA.

[15]Gao Y, 2012. Design of a security monitoring system for power information intranet based on the PDR2A model. J Fujian Comput, 28(7):137-138 (in Chinese).

[16]Goodfellow IJ, Shlens J, Szegedy C, 2014. Explaining and harnessing adversarial examples. Proc 3^rd Int Conf on Learning Representations.

[17]Han WJ, Xue JF, Wang Y, et al., 2021. APTMalInsight: identify and cognize APT malware based on system call information and ontology knowledge framework. Inform Sci, 546:633-664.

[18]Hand R, Ton M, Keller E, 2013. Active security. Proc 12^th ACM Workshop on Hot Topics in Networks, Article 17.

[19]Harsanyi JC, 1967. Games with incomplete information played by “Bayesian” players, I–III part I. the basic model. Manag Sci, 14(3):159-182.

[20]Hasan MZ, Sarwar N, Alam I, et al., 2023. Data recovery and backup management: a cloud computing impact. Proc IEEE Int Conf on Emerging Trends in Engineering, Sciences and Technology, p.1-6.

[21]Hassan WU, Guo SJ, Li D, et al., 2019. NoDoze: combatting threat alert fatigue with automated provenance triage. Proc 26^th Annual Network and Distributed System Security Symp, p.487-504.

[22]He JP, Luo L, Xiao K, et al., 2022. Generate qualified adversarial attacks and foster enhanced models based on generative adversarial networks. Intell Data Anal, 26(5):1359-1377.

[23]He K, Kim DD, Asghar MR, 2023. Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Commun Surv Tutor, 25(1):538-566.

[24]He ZX, 2024. Research on Attack Scenario Reconstruction Based on Heterogeneous Graph Attention Network. MS Thesis, University of Electronic Science and Technology of China, Chengdu, China (in Chinese).

[25]Heartfield R, Loukas G, 2016. A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput Surv, 48(3):1-39.

[26]Hossain N, Milajerdi SM, Wang JN, et al., 2017. SLEUTH: real-time attack scenario reconstruction from COTS audit data. Proc 26^th USENIX Conf on Security Symp, p.487-504.

[27]Hu HC, Sui JQ, Zhang S, et al., 2024. Proactive defense technology in cyber security: strategies, methods and challenges. Comput Sci, 51(S2):829-831 (in Chinese).

[28]Huang LN, Zhu QY, 2020. A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems. Comput Secur, 89:101660.

[29]Jia Y, Qi YL, Shang HJ, et al., 2018. A practical approach to constructing a knowledge graph for cybersecurity. Engineering, 4(1):53-60.

[30]Jiang JC, Ma HT, Ren DE, et al., 2000. A survey of intrusion detection research on network security. J Softw, 11(11):1460-1466 (in Chinese).

[31]Jiang JG, Wang JZ, Kong B, et al., 2018. On the survey of network attack source traceback. J Cyber Secur, 3(1):111-131 (in Chinese).

[32]Jiang X, 2020. Research on dynamic host security protection platform based on EDR and CARTA model. Netw Secur Technol Appl, (9):47-48 (in Chinese).

[33]Kaufhold MA, Riebe T, Bayer M, et al., 2024. ‘We do not have the capacity to monitor all media’: a design case study on cyber situational awareness in computer emergency response teams. Proc CHI Conf on Human Factors in Computing Systems, Article 580.

[34]Kaur R, Gabrijelčič D, Klobučar T, 2023. Artificial intelligence for cybersecurity: literature review and future research directions. Inform Fus, 97:101804.

[35]Khater MH, 2023. International perspective on securing cyberspace against terrorist acts. Int J Sociotechnol Knowl Dev, 15(1):1-11.

[36]Kheddar H, Himeur Y, Awad AI, 2023. Deep transfer learning for intrusion detection in industrial control networks: a comprehensive review. J Netw Comput Appl, 220:103760.

[37]Kheddar H, Hemis M, Himeur Y, et al., 2024. Deep learning for steganalysis of diverse data types: a review of methods, taxonomy, challenges and future directions. Neurocomputing, 581:127528.

[38]Kim T, Park N, Hong J, et al., 2022. Phishing URL detection: a network-based approach robust to evasion. Proc ACM SIGSAC Conf on Computer and Communications Security, p.1769-1782.

[39]Kröse BJA, 1995. Learning from delayed rewards. Robot Auton Syst, 15(4):233-235.

[40]Kumar R, Agrawal N, 2023. Analysis of multi-dimensional industrial IoT (IIoT) data in edge–fog–cloud based architectural frameworks: a survey on current state and research challenges. J Ind Inform Integr, 35:100504.

[41]Li DP, Aung Z, Williams J, et al., 2014. P2DR: privacy-preserving demand response system in smart grids. Proc Int Conf on Computing, Networking and Communications, p.41-47.

[42]Li HH, Zhang SG, Song H, et al., 2021. Robust malicious encrypted traffic detection based with multiple features. J Cyber Secur, 6(2):129-142 (in Chinese).

[43]Li PY, Li X, Chen JJ, et al., 2022. Adversarial sample generation for evading botnet traffic detection. Comput Eng Appl, 58(4):126-133 (in Chinese).

[44]Liang WT, Ling X, Wu JZ, et al., 2023. A needle is an outlier in a haystack: hunting malicious PyPI packages with code clustering. Proc 38^th IEEE/ACM Int Conf on Automated Software Engineering, p.307-318.

[45]Lin ZL, Shi Y, Xue Z, 2022. IDSGAN: generative adversarial networks for attack generation against intrusion detection. Proc 26^th Pacific-Asia Conf on Advances in Knowledge Discovery and Data Mining, p.79-91.

[46]Liu QX, Wang JN, Yin J, et al., 2021. Application of adversarial machine learning in network intrusion detection. J Commun, 42(11):1-12 (in Chinese).

[47]Liu XL, Wan K, Ding YF, et al., 2020. Weighted-sampling audio adversarial example attack. Proc 34^th AAAI Conf on Artificial Intelligence, p.4908-4915.

[48]Manshaei MH, Zhu QY, Alpcan T, et al., 2013. Game theory meets network security and privacy. ACM Comput Surv, 45(3):25.

[49]Milajerdi SM, Gjomemo R, Eshete B, et al., 2019. HOLMES: real-time APT detection through correlation of suspicious information flows. Proc IEEE Symp on Security and Privacy, p.1137-1152.

[50]Nash JF, 2002. Non-cooperative games. In: Bridel P (Ed.), The Foundations of Price Theory, Vol 4. Routledge, London, UK, p.329-340.

[51]Niu WN, Zhou J, Zhao YB, et al., 2022. Uncovering APT malware traffic using deep learning combined with time sequence and association analysis. Comput Secur, 120:102809.

[52]Oh SE, Yang TJ, Mathews N, et al., 2022. DeepCoFFEA: improved flow correlation attacks on Tor via metric learning and amplification. Proc IEEE Symp on Security and Privacy, p.1915-1932.

[53]Pawlicki M, Pawlicka A, Kozik R, et al., 2023. The survey and meta-analysis of the attacks, transgressions, countermeasures and security aspects common to the cloud, edge and IoT. Neurocomputing, 551:126533.

[54]Pouyanfar S, Sadiq S, Yan YL, et al., 2019. A survey on deep learning: algorithms, techniques, and applications. ACM Comput Surv, 51(5):92.

[55]Rajapaksha S, Kalutarage H, Al-Kadri MO, et al., 2023. AI-based intrusion detection systems for in-vehicle networks: a survey. ACM Comput Surv, 55(11):237.

[56]Sabnis S, Verbruggen M, Hickey J, et al., 2012. Intrinsically secure next-generation networks. Bell Labs Techn J, 17(3):17-36.

[57]Satvat K, Gjomemo R, Venkatakrishnan VN, 2021. Extractor: extracting attack behavior from threat reports. Proc IEEE European Symp on Security and Privacy, p.598-615.

[58]Schwartau W, 1998. Time-based security explained: provable security models and formulas for the practitioner and vendor. Comput Secur, 17(8):693-714.

[59]Shi C, Peng JH, Zhu SY, et al., 2024. From passive defense to proactive defence: strategies and technologies. Proc 1^st Int Conf on Artificial Intelligence Security and Privacy, p.190-205.

[60]Strom BE, Applebaum A, Miller DP, et al., 2020. MITRE ATT&C^®: Design and Philosophy. Project No. 10AOH08A-JC, The MITRE Corporation, McLean, USA.

[61]Sun C, Hu H, Yang YJ, et al., 2022. Prediction method of 0day attack path based on cyber defense knowledge graph. Chin J Netw Inform Secur, 8(1):151-166 (in Chinese).

[62]Sun S, Zhang L, Hu CH, et al., 2023. Cyberspace security models and systematic development from multiple perspectives. Strat Study CAE, 25(6):116-125 (in Chinese).

[63]Sutton M, Greene A, Amini P, 2007. Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional, Boston, USA.

[64]Tan JL, Jin H, Zhang HQ, et al., 2023. A survey: when moving target defense meets game theory. Comput Sci Rev, 48:100544.

[65]Tirpak JA, 2000. Find, fix, track, target, engage, assess. Air Force Mag, 83(7):24-29.

[66]Tudosi AD, Graur A, Balan DG, et al., 2023. Design and implementation of an automated dynamic rule system for distributed firewalls. Adv Electr Comput Eng, 23(3):29-38.

[67]Wang D, Zhang XS, Chen T, 2020. Research on discovering memory corruption vulnerabilities for embedded CGIs. J Univ Electron Sci Technol China, 49(5):745-750 (in Chinese).

[68]Wang J, Huang ZS, Liu HL, et al., 2023. DefectHunter: a novel LLM-driven boosted-conformer-based code vulnerability detection mechanism. https://arxiv.org/abs/2309.15324

[69]Wang Q, Hassan WU, Li D, et al., 2020. You are what you do: hunting stealthy malware via data provenance analysis. Proc 27^th Annual Network and Distributed System Security Symp, p.1-17.

[70]Wang XD, Sun K, Batcheller A, et al., 2019. Detecting “0-day” vulnerability: an empirical study of secret security patch in OSS. Proc 49^th Annual IEEE/IFIP Int Conf on Dependable Systems and Networks, p.485-492.

[71]Wei CK, Meng WL, Zhang ZK, et al., 2024. LMSanitator: defending prompt-tuning against task-agnostic backdoors. Proc 31^st Annual Network and Distributed System Security Symp, p.1-18.

[72]Willbold J, Schloegel M, Vögele M, et al., 2023. Space Odyssey: an experimental software security analysis of satellites. Proc IEEE Symp on Security and Privacy, p.1-19.

[73]Wu JX, 2016. Research on cyber mimic defense. J Cyber Secur, 1(4):1-10 (in Chinese).

[74]Xia Y, Lang RL, Dai GZ, 2001. Research on detect technology of intrusion detection system. Comput Eng Appl, 37(24):32-34, 118 (in Chinese).

[75]Xiao CW, Li B, Zhu JY, et al., 2018. Generating adversarial examples with adversarial networks. Proc 27^th Int Joint Conf on Artificial Intelligence, p.3905-3911.

[76]Xiao JT, Yang NZ, Shen WB, et al., 2023. Attacks are forwarded: breaking the isolation of MicroVM-based containers through operation forwarding. Proc 32^nd USENIX Conf on Security Symp, Article 421.

[77]Xiong CL, Zhu TT, Dong WH, et al., 2022. Conan: a practical real-time APT detection system with high accuracy and efficiency. IEEE Trans Depend Secur Comput, 19(1):551-565.

[78]Xu K, Tang M, Wang QC, et al., 2024. Exploitation of security vulnerability on retirement. Proc IEEE Int Symp on High-Performance Computer Architecture, p.1-14.

[79]Xu XZ, Zeng X, Niu YF, 2024. Research on risk assessment and countermeasures for university network security based on the APPDRR model. Netw Secur Technol Appl, (4):89-93 (in Chinese).

[80]Yan Q, Wang MD, Huang WY, et al., 2019. Automatically synthesizing DoS attack traces using generative adversarial networks. Int J Mach Learn Cyber, 10(12):3387-3396.

[81]Yang TF, Qiao YS, Lee B, 2024. Towards trustworthy cybersecurity operations using Bayesian deep learning to improve uncertainty quantification of anomaly detection. Comput Secur, 144:103909.

[82]Yang Y, Sun L, Zhang CC, et al., 2024. Research on dynamic data security protection model based on Petri nets. Proc Int Conf on Machine Intelligence and Digital Applications, p.155-161.

[83]Yao CJ, 2010. Applications of WPDRRC information security model in multi-level security protection. Study Opt Commun, (5):27-29 (in Chinese).

[84]Yuan QJ, Zhu YF, Xiong G, et al., 2024. ULDC: unsupervised learning-based data cleaning for malicious traffic with high noise. Comput J, 67(3):976-987.

[85]Zeng J, Chua ZL, Chen YF, et al., 2021. WATSON: abstracting behaviors from audit logs via aggregation of contextual semantics. Proc 28^th Annual Network and Distributed System Security Symp, p.1-18.

[86]Zengy J, Wang X, Liu JH, et al., 2022. ShadeWatcher: recommendation-guided cyber threat analysis using system audit records. Proc IEEE Symp on Security and Privacy, p.489-506.

[87]Zhang B, Zhang ZY, Cheng LJ, et al., 2023. Topological characterization based on network traffic and DR attacking. Commun Technol, 56(4):494-501 (in Chinese).

[88]Zhang LD, Hemberg E, 2019. Investigating algorithms for finding Nash equilibria in cyber security problems. Proc Genetic and Evolutionary Computation Conf Companion, p.1659-1667.

[89]Zhang X, Shang JT, Liu ZJ, 2023. Research on network security protection system of scientific research institutes based on IPDRR model. Netw Secur Technol Appl, 12:127-129 (in Chinese).

[90]Zhang Y, Hong JI, Cranor LF, 2007. CANTINA: a content-based approach to detecting phishing web sites. Proc 16^th Int Conf on World Wide Web, p.639-648.

[91]Zhao J, Yan QB, Liu XD, et al., 2020. Cyber threat intelligence modeling based on heterogeneous graph convolutional network. Proc 23^rd Int Symp on Research in Attacks, Intrusions and Defenses, p.241-256.

[92]Zhou J, Ke P, Qiu XP, et al., 2024. ChatGPT: potential, prospects, and limitations. Front Inform Technol Electron Eng, 25(1):6-11.

[93]Zhuo ZL, Zhang Y, Zhang ZL, et al., 2018. Website fingerprinting attack on anonymity networks based on profile hidden Markov model. IEEE Trans Inform Forens Secur, 13(5):1081-1095.