基于区间决策图的威胁处置策略快速匹配

张玲翠; 李凤华; 房梁; 郭云川; 李子孚

doi:10.11959/j.issn.1000-436x.2021074

您当前的位置：

首页 >

文章列表页 >

基于区间决策图的威胁处置策略快速匹配

学术论文 | 更新时间：2024-06-06

- 基于区间决策图的威胁处置策略快速匹配
- Fastly match threat response policies based on interval decision diagram
- 通信学报 2021年42卷第5期页码：13-22
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100195
  2. 中国科学院大学网络空间安全学院，北京 100049
- 作者简介：
  
  [ "张玲翠（1986- ），女，河北故城人，中国科学院信息工程研究所博士生、高级工程师，主要研究方向为网络与系统安全" ]
  [ "李凤华（1966- ），男，湖北浠水人，博士，中国科学院信息工程研究所研究员、博士生导师，主要研究方向为网络与系统安全、信息保护、隐私计算" ]
  [ "房梁（1989- ），男，山西太原人，博士，中国科学院信息工程研究所副研究员，主要研究方向为网络安全、访问控制" ]
  [ "郭云川（1977- ），男，四川营山人，博士，中国科学院信息工程研究所教授级高级工程师、博士生导师，主要研究方向为访问控制、网络安全" ]
  [ "李子孚（1992- ），女，内蒙古赤峰人，博士，中国科学院信息工程研究所工程师，主要研究方向为网络与系统安全、访问控制" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0801001);国家自然科学基金资助项目(U1836203);中国科学院战略性先导科技专项基金资助项目(XDC02040400);山东省重点研发计划基金资助项目(2019JZZY020127)
- DOI：10.11959/j.issn.1000-436x.2021074
  中图分类号： TN929
- 网络出版日期：2021-05，
  
  纸质出版日期：2021-05-25
- 稿件说明：
移动端阅览
张玲翠, 李凤华, 房梁, 等. 基于区间决策图的威胁处置策略快速匹配[J]. 通信学报, 2021,42(5):13-22.

Lingcui ZHANG, Fenghua LI, Liang FANG, et al. Fastly match threat response policies based on interval decision diagram[J]. Journal on communications, 2021, 42(5): 13-22.
张玲翠, 李凤华, 房梁, 等. 基于区间决策图的威胁处置策略快速匹配[J]. 通信学报, 2021,42(5):13-22. DOI： 10.11959/j.issn.1000-436x.2021074.

Lingcui ZHANG, Fenghua LI, Liang FANG, et al. Fastly match threat response policies based on interval decision diagram[J]. Journal on communications, 2021, 42(5): 13-22. DOI： 10.11959/j.issn.1000-436x.2021074.

摘要

威胁界定模糊性和策略大规模性导致难以快速准确地选取处置策略，针对该问题，提出基于区间决策图的威胁处置策略快速匹配方法。首先对威胁处置策略进行归一化描述，定义了模糊化的威胁处置策略；将威胁类型、严重程度、置信度、攻击频度、传播方式等策略匹配条件进行排序，提出了带模糊算子的区间决策图构造算法，设计了面向威胁处置的策略动态匹配算法，实验证明了其有效性。

Abstract

Due to the inaccuracy of threat detection and the scale of response policies

it is very difficult to accurately select response policies.To address the above problem

fuzzy interval decision diagram to quickly match response policy was proposed.Firstly

the response policy was formally and fuzzily defined.Considering threat type

threat level

attack frequency and propagation mode

an algorithm with fuzzy operator was designed to construct interval decision diagram.Further

a fuzzy match algorithm was proposed to quickly select response policies.Experimental results show the efficiency of the proposed approach.

关键词

Keywords

references

SHAMELI-SENDI A , CHERIET M ， CHERIET A . Taxonomy of intrusion risk assessment and response system [J ] . Computers ＆Security , 2014 , 45 : 1 - 16 .

NESPOLI P , PAPAMARTZIVANOS D ， GÓMEZ MÁRMOL F , et al . Optimal countermeasures selection against cyber attacks:a comprehensive survey on reaction frameworks [J ] . IEEE Communications Surveys ＆ Tutorials , 2018 , 20 ( 2 ): 1361 - 1396 .

SOMAYAJI A , FORREST S . Automated response using system-call delay [C ] // Usenix Security Symposium . Berkeley:USENIX Association , 2000 : 185 - 197 .

TOTH T , KRUEGEL C . Evaluating the impact of automated intrusion response mechanisms [C ] // 18th Annual Computer Security Applications Conference . Piscataway:IEEE Press , 2002 : 301 - 310 .

MAROUF S , SHEHAB M , SQUICCIARINI A , et al . Adaptive reordering and clustering-based framework for efficient XACML policy evaluation [J ] . IEEE Transactions on Services Computing , 2011 , 4 ( 4 ): 300 - 313 .

SHAMELI-SENDI A , LOUAFI H , HE W B , et al . Dynamic optimal countermeasure selection for intrusion response system [J ] . IEEE Transactions on Dependable and Secure Computing , 2018 , 15 ( 5 ): 755 - 770 .

GUO Y C , ZHANG H , LI Z F , et al . Decision-making for intrusion response:which,where,in what order,and how long? [C ] // 2020 IEEE International Conference on Communications . Piscataway:IEEE Press , 2020 : 1 - 6 .

LI F H , LI Y J , LENG S Y , et al . Dynamic countermeasures selection for multi-path attacks [J ] . Computers ＆ Security , 2020 , 97 : 101927

ROY A , KIM D S , TRIVEDI K S . Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees [C ] // IEEE/IFIP International Conference on Dependable Systems and Networks . Piscataway:IEEE Press , 2012 : 1 - 12 .

HUGHES K , MCLAUGHLIN K , SEZER S . Dynamic countermeasure knowledge for intrusion response systems [C ] // 2020 31st Irish Signals and Systems Conference . Piscataway:IEEE Press , 2020 : 1 - 6 .

LI X , ZHOU C J , TIAN Y C , et al . A dynamic decision-making approach for intrusion response in industrial control systems [J ] . IEEE Transactions on Industrial Informatics , 2019 , 15 ( 5 ): 2544 - 2554 .

KOTENKO I , DOYNIKOVA E . Selection of countermeasures against network attacks based on dynamical calculation of security metrics [J ] . The Journal of Defense Modeling and Simulation:Applications,Methodology,Technology , 2018 , 15 ( 2 ): 181 - 204 .

LUO Y , SZIDAROVSZKY F , AL-NASHIF Y , et al . A game theory based risk and impact analysis method for intrusion defense systems [C ] // 2009 IEEE/ACS International Conference on Computer Systems and Applications . Piscataway:IEEE Press , 2009 : 975 - 982 .

ZONOUZ S A , KHURANA H , SANDERS W H , et al . RRE:a game-theoretic intrusion response and recovery engine [J ] . IEEE Transactions on Parallel and Distributed Systems , 2014 , 25 ( 2 ): 395 - 406 .

LIANG X N , XIAO Y . Game theory for network security [J ] . IEEE Communications Surveys ＆ Tutorials , 2013 , 15 ( 1 ): 472 - 486 .

MANSHAEI M H , ZHU Q Y , ALPCAN T , et al . Game theory meets network security and privacy [J ] . ACM Computing Surveys , 2013 , 45 ( 3 ): 1 - 39 .

MAHARJAN S , ZHU Q Y , ZHANG Y , et al . Dependable demand response management in the smart grid:a stackelberg game approach [J ] . IEEE Transactions on Smart Grid , 2013 , 4 ( 1 ): 120 - 132 .

KIENNERT C , ISMAIL Z , DEBAR H , et al . A survey on game-theoretic approaches for intrusion detection and response optimization [J ] . ACM Computing Surveys , 2019 , 51 ( 5 ): 1 - 31 .

浏览量

546

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据