安全数据采集代理顽健部署策略研究

陈黎丽; 王震; 郭云川; 华佳烽; 姚宇超; 李凤华

doi:10.11959/j.issn.1000-436x.2019121

您当前的位置：

首页 >

文章列表页 >

安全数据采集代理顽健部署策略研究

学术论文 | 更新时间：2024-06-05

- 安全数据采集代理顽健部署策略研究
- Robust deployment strategy for security data collection agent
- 通信学报 2019年40卷第6期页码：51-65
- 作者机构：
  
  1. 西安电子科技大学综合业务网络国家重点实验室，陕西西安 710071
  2. 中国科学院信息工程研究所第五研究室，北京 100093
  3. 杭州电子科技大学网络空间安全学院，浙江杭州 310018
  4. 中国科学院大学网络空间安全学院，北京 100049
- 作者简介：
  
  [ "陈黎丽（1985- ），女，甘肃天水人，西安电子科技大学博士生，主要研究方向为网络空间安全、攻防博弈。" ]
  [ "王震（1984- ），男，山东聊城人，博士，中国科学院信息工程研究所在站博士后，杭州电子科技大学副研究员，主要研究方向为网络空间安全、博弈论。" ]
  [ "郭云川（1976- ），男，四川营山人，博士，中国科学院信息工程研究所副研究员，主要研究方向为网络空间安全、访问控制。" ]
  [ "华佳烽（1989- ），男，湖北浠水人，西安电子科技大学博士生，主要研究方向为信息安全、隐私保护。" ]
  [ "姚宇超（1997- ），男，新疆库尔勒人，主要研究方向为网络与系统安全。" ]
  [ "李凤华（1966- ），男，湖北浠水人，博士，中国科学院信息工程研究所研究员、博士生导师，主要研究方向为网络与系统安全、信息保护、隐私计算。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0800700);国家重点研发计划基金资助项目(2016YFB0800702);国家自然科学基金资助项目(61672515);中国科学院大学生创新实践训练计划基金资助项目
- DOI：10.11959/j.issn.1000-436x.2019121
  中图分类号： TP302
- 网络出版日期：2019-06，
  
  纸质出版日期：2019-06-25
- 稿件说明：
移动端阅览
陈黎丽, 王震, 郭云川, 等. 安全数据采集代理顽健部署策略研究[J]. 通信学报, 2019,40(6):51-65.

Robust deployment strategy for security data collection agent[J]. Journal on communications, 2019, 40(6): 51-65.
陈黎丽, 王震, 郭云川, 等. 安全数据采集代理顽健部署策略研究[J]. 通信学报, 2019,40(6):51-65. DOI： 10.11959/j.issn.1000-436x.2019121.

Robust deployment strategy for security data collection agent[J]. Journal on communications, 2019, 40(6): 51-65. DOI： 10.11959/j.issn.1000-436x.2019121.

摘要

随着“网络黑产”事件频繁发生，攻击者以“趋利”的思想来策略地发动针对性的攻击。现有网络监测系统缺少针对“策略式攻击”精准有效的监测策略。因此，在敌对环境中，如何优化部署采集代理获取更好的监测效果成为一个极为重要的课题。针对该问题，提出了一种顽健采集代理部署策略。首先，引入攻防博弈思想，对采集代理和威胁事件及其之间的关系进行度量，构建度量攻防博弈模型——MADG模型；然后，考虑传统精确求解算法无法求解该问题，利用目标函数的次模和非增的性质设计了顽健采集代理部署算法——RCD算法进行近似求解；最后，对RCD算法进行了验证。实验结果表明，所提模型和方法是可行有效的，且具有可扩展性。

Abstract

With the frequent occurrence of “network black production” incidents

attackers strategically launch target attacks with the idea of “profit-seeking”.Existing network monitoring systems lack accurate and effective monitoring strategies for “strategic attacks”.Therefore

in an adversarial environment

how to optimize the deployment of collection agents for better monitoring results becomes an extremely important issue.Based on this

a robust deployment strategy of collection agents was proposed for the above mentioned problem.Firstly

the idea of attack-defense game was introduced to measure the collection agents

threat events and their relations

then the MADG model was built.Secondly

considering that the traditional accurate solution algorithm cannot solve the problem

the robust acquisition agent deployment algorithm called RCD algorithm was designed to approximate the problem by using the sub-module and non-growths of the objective function.Finally

the RCD algorithm was verified.The experimental results show that the above model and method is feasible

effective and expandable.

关键词

Keywords

references

马莉波 , 李星 , 张亮 . 有效扫描监测系统建模与部署 [J ] . 软件学报 , 2009 , 20 ( 4 ): 845 - 857 .

MA L B , LI X , ZHANG L . On modeling and deploying an effective scan monitoring system [J ] . Journal of Software , 2009 , 20 ( 4 ): 845 - 857 .

TALELE N , TEUTSCH J , ERBACHER R , et al . Monitor placement for large-scale systems [C ] // The 19th ACM symposium on Access control models and technologies (SACMT’14) . 2014 : 29 - 40 .

AQIL A . Resource efficient frameworks for network and security problems [D ] . California:University of California,Riverside , 2017 .

BREITBART Y , CHAN C Y , GAROFALAKIS M , et al . Efficiently monitoring bandwidth and latency in IP networks [C ] // INFOCOM , 2001 : 1 - 10 .

HOCHBAUM D S . Approximation algorithm for NP-Hard problems [M ] . Boston : PWS Publishing CompanyPress , 1997 .

SUH K , GUO Y , KUROSE J , et al . Locating network monitors:complexity,heuristics and coverage [C ] // INFOCOM 2005 . 2005 : 351 - 361 .

CHAUDET C , FLEURY E , GUÉRIN LASSOUS I , et al . Optimal positioning of active and passive monitoring devices [C ] // The CoNEXT . 2005 : 71 - 82 .

蔡志平 , 刘芳 , 赵文涛 , 等 . 网络测量部署模型及其优化算法 [J ] . 软件学报 , 2008 , 19 ( 2 ): 419 - 431 .

CAI Z P , LIU F , ZHAO W T , et al . Deploying models and optimization algorithms of network measurement [J ] . Journal of Software , 2008 , 19 ( 2 ): 419 - 431 .

LESKOVEC J , KRAUSE A , GUESTRIN C , et al . Cost-effective outbreak detection in networks [C ] // The 13th ACM SIGKDD International Conference on Knowledge Discovery and Datamining . 2007 : 420 - 429 .

KRAUSE A , MCMAHAN B , GUESTRIN C , et al . Selecting observations against adversarial objectives [C ] // International Conference on Neural Information Processing Systems . 2007 : 777 - 784 .

COMBOUL M , GHANEM R . Value of information in the design of resilient water distribution sensor networks [J ] . Journal of Water Resources Planning and Management , 2012 , 139 ( 4 ): 449 - 455 .

YU Y , XIAO G . On early detection of strong infections in complex networks [J ] . Journal of Physics A Mathematical ＆ Theoretical , 2014 , 47 ( 6 ): 881 - 892 .

ZHOU C , LU W X , ZHANG J Z , et al . Early detection of dynamic harmful cascades in large-scale networks [J ] . Journal of Computational Science , 2018 ( 28 ): 304 - 317 .

THAKORE U , GABRIEL A W , WILLIAM H S . A quantitative method-ology for security monitor deployment [C ] // 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . 2016 : 1 - 12 .

MARBACK A , DO H , HE K , et al . A threat model‐based approach to security testing [J ] . Software:Practice and Experience , 2013 , 43 ( 2 ): 241 - 258 .

PARDUE H , LANDRY J , YASINSAC A . A risk assessment model for voting systems using threat trees and Monte Carlo simulation [C ] // 2009 First International Workshop on Requirements Engineering for e-Voting Systems (RE-VOTE) . 2010 : 55 - 60 .

MORIKAWA I , YAMAOKA Y . Threat tree templates to ease difficulties in threat modeling [C ] // 2011 14th International Conference on Network-Based Information Systems . 2011 : 673 - 678 .

ZHOU D , YAN Z , FU Y , et al . A survey on network data collection [J ] . Journal of Network and Computer Applications , 2018 , 116 ( 8 ): 9 - 23 .

LIU G , YAN Z , PEDRYCZ W . Data collection for attack detection and security measurement in mobile Ad Hoc networks:a survey [J ] . Journal of Network and Computer Applications , 2018 , 105 ( 3 ): 105 - 122 .

LIN H , YAN Z , CHEN Y , et al . A survey on network security-related data collection technologies [J ] . IEEE Access , 2018 , 6 ( 3 ): 18345 - 18365 .

HE L , YAN Z , ATIQUZZAMAN M . LTE/LTE-a network security data collection and analysis for security measurement:a survey [J ] . IEEE Access , 2018 , 6 ( 1 ): 4220 - 4242 .

CUPPENS F , ORTALO R . LAMBDA:a language to model a database for detection of attacks [C ] // International Workshop on Recent Advances in Intrusion Detection . 2000 : 197 - 216 .

TOTEL E , BERNARD V , LUDOVIC M . A language driven intrusion detection system for event and alert correlation [C ] // Security and Protection in Information Processing Systems . 2004 : 209 - 224 .

HOSMER H H , . Security is fuzzy!:applying the fuzzy logic paradigm to the multipolicy paradigm [C ] // Workshop on New Security Paradigms . 1993 : 175 - 184 .

FEIGE U . A threshold of ln n for approximating set cover [J ] . Journal of the ACM , 1998 , 45 ( 4 ): 634 - 652 .

NEMHAUSER G L , WOLSEY L A , FISHER M L . An analysis of approximations for maximizing submodular set functions—I [J ] . Mathematical Programming , 1978 , 14 ( 1 ): 265 - 294 .

FUJITO T . Approximation algorithms for submodular set cover with applications [J ] . IEICE Transactions on Information and Systems , 2000 , 83 ( 3 ): 480 - 487 .

浏览量

743

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

认知MIMO干扰网络的顽健干扰对齐算法