基于攻防信号博弈的APT攻击防御决策方法
|
摘要
针对APT攻击的特点,借鉴非合作博弈理论,从动态对抗和有限博弈信息的视角对攻防行为进行研究,建立基于攻防信号博弈的APT防御决策模型,设计合理的收益量化方法,在分析攻防博弈过程的基础上,提出精炼贝叶斯博弈均衡的求解方法;以博弈均衡为依据,设计防御决策算法并对比分析算法的性能。实验结果表明,该模型和算法有效且可行,能够为抗APT攻击提供决策支持。
Aiming at the characteristics of APT attacks,the attack-defense behaviors were studied from the viewpoints of dynamic confrontation and limited game information referring to the non-cooperative game theory.On this basis,the decision-making model of APT defense based on attack-defense signaling game was established and a reasonable revenue quantification method was designed.Analyzing the game process and equilibrium,a solution method of refined Bayesian game equilibrium was proposed and the defense decision algorithm was designed,whose performance was compared and analyzed.Experimental results show that the proposed model and algorithm are effective and feasible,which can provide decision support for anti-APT attacks.
Aiming at the characteristics of APT attacks,the attack-defense behaviors were studied from the viewpoints of dynamic confrontation and limited game information referring to the non-cooperative game theory.On this basis,the decision-making model of APT defense based on attack-defense signaling game was established and a reasonable revenue quantification method was designed.Analyzing the game process and equilibrium,a solution method of refined Bayesian game equilibrium was proposed and the defense decision algorithm was designed,whose performance was compared and analyzed.Experimental results show that the proposed model and algorithm are effective and feasible,which can provide decision support for anti-APT attacks.
引文
[1]Gordon L,Loeb M.Budgeting process for information security expenditures[J].Communications of ACM,2016,49(2):121-125.
[2]FU Yu,LI Hongcheng,WU Xiaoping,et al.Detecting APT attacks:A survey from the perspective of big data analysis[J].Journal of Communications,2015,36(11):1-14(in Chinese).[付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.]
[3]LI Fenghai, LI Shuang,ZHANG Bailong. An anti-APT scheme research for high-security network[J].Chinese Journal of Computers,2016,39(11):282-300(in Chinese).[李凤海,李爽,张佰龙.高等级安全网络抗APT攻击方案研究[J].计算机学报,2016,39(11):282-300.]
[4]DU Yuejin,ZHAI Lidong,LI Yue.Security architecture to deal with APT attacks:Abnormal discovery[J].Journal of Computer Research and Development,2017,51(1):133-145(in Chinese).[杜跃进,翟立东,李跃.一种应对APT攻击的安全架构:异常发现[J].计算机研究与发展,2017,51(1):133-145.]
[5]WANG Qin,HE Dingkun.A hierarchical-centralized network security architecture effectively preventing APT attacks[J].Acta Electronica Sinica,2017,45(2):431-439(in Chinese).[王秦,何定坤.一种抗APT攻击的网络安全架构[J].电子学报,2017,45(2):431-439.]
[6]Masahiko Kato,Takumi Matsunami,Akira Kanaoka,et al.Tracing advanced persistent threat in networked system[J].Automated Security Management,2015,29(1):179-187.
[7]Shun Te,Yiming Chen,Hui Chinghung.N-victims:An approach to determine N-victims for APT investigations[J].Web Information System Application,2016,31(8):226-240.
[8]Kim Yongho,Park Wonhyung.A study on cyber threat prediction based on intrusion detection event for APT attack detection[J].Multimed Tools Application,2016,33(10):685-698.
[9]Pieter Burghouwt, Marcel Spruit, Henk Sips.Detection of channels by causal analysis of traffic flows[C]//Cyberspace Safety and Security.Los Angeles:IEEE,2017:117-131.
[10]LIN Chuang, WANG Yuanzhuo, WANG Yang. Analysis and evaluation for network security based on stochastic attackdefense game model[M].Beijing:Tsinghua University Press,2014(in Chinese).[林闯,王元卓,汪洋.基于随机攻防博弈模型的网络安全分析与评价[M].北京:清华大学出版社,2014.]
[11]JIANG Wei,FANG Binxing,TIAN Zhihong.Research on defense strategies selection based on attack-defense stochastic game model[J].Journal of Computer Research and Development,2015,49(10):114-123(in Chinese).[姜伟,方滨兴,田志宏.基于攻防随机博弈模型的防御策略选取研究[J].计算机研究与发展,2015,49(10):114-123.]
[12]LIN Wangqun,WANG Hui,LIU Jiahong.Research on active defense technology in network security based on noncooperative dynamic game theory[J].Journal of Computer Research and Development,2015,49(12):206-216(in Chinese).[林旺群,王慧,刘家红.基于非合作动态博弈的网络安全主动防御技术研究[J].计算机研究与发展,2015,49(12):206-216.]
[13]LIU Yuling,FENG Dengguo,WU Lihui.Performance evaluation of worm attack and defense strategies based on static Bayesian game[J].Journal of Software,2016,23(3):712-723(in Chinese).[刘玉岭,冯登国,吴丽辉.基于静态贝叶斯博弈的蠕虫攻防策略绩效评估[J].软件学报,2016,23(3):712-723.]
[14]Gao X,Zhu YF.DDoS defense mechanism analysis based on signaling game model[C]//Recent Advances in Intrusion Detection.San Francisco:IETC,2016:414-417.
[15]Lin JQ,Liu P,Jing JW.Using signaling games to model the multi-step attack-defense scenarios on confidentiality[G].LNCS 7638:International Conference on Decision and Game Theory for Security,2017:118-137.
[16]Harald W Kuhn.Classics in game theory[M].Boston:Harvard University Press,2014.
[17]Fudenberg D, TiroleJ. Game theory[M]. Boston:Massachusettes Institute of Technology Press,2016.
[18]Capture the flag traffic dump[EB/OL].[2017-08-20].http://www.defcon.org/html/links/dc-cft.html.
[19]Gordon L,Loeb M,Lucyshyn W,et al.2015CSI/FBI computer crime and security survey[C]//Computer Security Institute.San Francisco:IEEE,2015:48-64.
[20]MA Chunguang, WANG Chenghong,ZHANG Donghong,et al.A dynamic network risk assessment model based on attacker’s inclination[J].Journal of Computer Research and Development,2016,50(8):56-68(in Chinese).[马春光,汪诚弘,张东红,等.一种基于攻击意愿分析的网络风险动态评估模型[J].计算机研究与发展,2016,50(8):56-68.]
[2]FU Yu,LI Hongcheng,WU Xiaoping,et al.Detecting APT attacks:A survey from the perspective of big data analysis[J].Journal of Communications,2015,36(11):1-14(in Chinese).[付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.]
[3]LI Fenghai, LI Shuang,ZHANG Bailong. An anti-APT scheme research for high-security network[J].Chinese Journal of Computers,2016,39(11):282-300(in Chinese).[李凤海,李爽,张佰龙.高等级安全网络抗APT攻击方案研究[J].计算机学报,2016,39(11):282-300.]
[4]DU Yuejin,ZHAI Lidong,LI Yue.Security architecture to deal with APT attacks:Abnormal discovery[J].Journal of Computer Research and Development,2017,51(1):133-145(in Chinese).[杜跃进,翟立东,李跃.一种应对APT攻击的安全架构:异常发现[J].计算机研究与发展,2017,51(1):133-145.]
[5]WANG Qin,HE Dingkun.A hierarchical-centralized network security architecture effectively preventing APT attacks[J].Acta Electronica Sinica,2017,45(2):431-439(in Chinese).[王秦,何定坤.一种抗APT攻击的网络安全架构[J].电子学报,2017,45(2):431-439.]
[6]Masahiko Kato,Takumi Matsunami,Akira Kanaoka,et al.Tracing advanced persistent threat in networked system[J].Automated Security Management,2015,29(1):179-187.
[7]Shun Te,Yiming Chen,Hui Chinghung.N-victims:An approach to determine N-victims for APT investigations[J].Web Information System Application,2016,31(8):226-240.
[8]Kim Yongho,Park Wonhyung.A study on cyber threat prediction based on intrusion detection event for APT attack detection[J].Multimed Tools Application,2016,33(10):685-698.
[9]Pieter Burghouwt, Marcel Spruit, Henk Sips.Detection of channels by causal analysis of traffic flows[C]//Cyberspace Safety and Security.Los Angeles:IEEE,2017:117-131.
[10]LIN Chuang, WANG Yuanzhuo, WANG Yang. Analysis and evaluation for network security based on stochastic attackdefense game model[M].Beijing:Tsinghua University Press,2014(in Chinese).[林闯,王元卓,汪洋.基于随机攻防博弈模型的网络安全分析与评价[M].北京:清华大学出版社,2014.]
[11]JIANG Wei,FANG Binxing,TIAN Zhihong.Research on defense strategies selection based on attack-defense stochastic game model[J].Journal of Computer Research and Development,2015,49(10):114-123(in Chinese).[姜伟,方滨兴,田志宏.基于攻防随机博弈模型的防御策略选取研究[J].计算机研究与发展,2015,49(10):114-123.]
[12]LIN Wangqun,WANG Hui,LIU Jiahong.Research on active defense technology in network security based on noncooperative dynamic game theory[J].Journal of Computer Research and Development,2015,49(12):206-216(in Chinese).[林旺群,王慧,刘家红.基于非合作动态博弈的网络安全主动防御技术研究[J].计算机研究与发展,2015,49(12):206-216.]
[13]LIU Yuling,FENG Dengguo,WU Lihui.Performance evaluation of worm attack and defense strategies based on static Bayesian game[J].Journal of Software,2016,23(3):712-723(in Chinese).[刘玉岭,冯登国,吴丽辉.基于静态贝叶斯博弈的蠕虫攻防策略绩效评估[J].软件学报,2016,23(3):712-723.]
[14]Gao X,Zhu YF.DDoS defense mechanism analysis based on signaling game model[C]//Recent Advances in Intrusion Detection.San Francisco:IETC,2016:414-417.
[15]Lin JQ,Liu P,Jing JW.Using signaling games to model the multi-step attack-defense scenarios on confidentiality[G].LNCS 7638:International Conference on Decision and Game Theory for Security,2017:118-137.
[16]Harald W Kuhn.Classics in game theory[M].Boston:Harvard University Press,2014.
[17]Fudenberg D, TiroleJ. Game theory[M]. Boston:Massachusettes Institute of Technology Press,2016.
[18]Capture the flag traffic dump[EB/OL].[2017-08-20].http://www.defcon.org/html/links/dc-cft.html.
[19]Gordon L,Loeb M,Lucyshyn W,et al.2015CSI/FBI computer crime and security survey[C]//Computer Security Institute.San Francisco:IEEE,2015:48-64.
[20]MA Chunguang, WANG Chenghong,ZHANG Donghong,et al.A dynamic network risk assessment model based on attacker’s inclination[J].Journal of Computer Research and Development,2016,50(8):56-68(in Chinese).[马春光,汪诚弘,张东红,等.一种基于攻击意愿分析的网络风险动态评估模型[J].计算机研究与发展,2016,50(8):56-68.]