带有欺骗证据的蜜罐博弈攻防策略优化机制

宋丽华; 姜洋洋; 邢长友; 张国敏

doi:10.11959/j.issn.1000-436x.2022226

您当前的位置：

首页 >

文章列表页 >

带有欺骗证据的蜜罐博弈攻防策略优化机制

学术论文 | 更新时间：2024-06-05

- 带有欺骗证据的蜜罐博弈攻防策略优化机制
- Optimization mechanism of attack and defense strategy in honeypot game with evidence for deception
- 通信学报 2022年43卷第11期页码：104-116
- 作者机构：
  
  陆军工程大学指挥控制工程学院，江苏南京 210007
- 作者简介：
  
  [ "宋丽华（1976− ），女，河北高碑店人，博士，陆军工程大学教授，主要研究方向为网络安全主动防御技术等" ]
  [ "姜洋洋（1998− ），男，湖北监利人，陆军工程大学硕士生，主要研究方向为网络空间安全、蜜罐、博弈论和强化学习等" ]
  [ "邢长友（1982− ），男，河南杞县人，博士，陆军工程大学教授，主要研究方向为软件定义网络、网络测量、网络主动防御、网络空间测绘与对抗等" ]
  [ "张国敏（1979− ），男，山东济南人，博士，陆军工程大学副教授，主要研究方向为网络安全、网络管理等" ]
- 基金信息：
  
  国家自然科学基金项目(62172432)
- DOI：10.11959/j.issn.1000-436x.2022226
  中图分类号： TP393
- 网络出版日期：2022-11，
  
  纸质出版日期：2022-11-25
- 稿件说明：
移动端阅览
宋丽华, 姜洋洋, 邢长友, 等. 带有欺骗证据的蜜罐博弈攻防策略优化机制[J]. 通信学报, 2022,43(11):104-116.

Lihua SONG, Yangyang JIANG, Changyou XING, et al. Optimization mechanism of attack and defense strategy in honeypot game with evidence for deception[J]. Journal on communications, 2022, 43(11): 104-116.
宋丽华, 姜洋洋, 邢长友, 等. 带有欺骗证据的蜜罐博弈攻防策略优化机制[J]. 通信学报, 2022,43(11):104-116. DOI： 10.11959/j.issn.1000-436x.2022226.

Lihua SONG, Yangyang JIANG, Changyou XING, et al. Optimization mechanism of attack and defense strategy in honeypot game with evidence for deception[J]. Journal on communications, 2022, 43(11): 104-116. DOI： 10.11959/j.issn.1000-436x.2022226.

摘要

利用博弈模型实现蜜罐行为策略的优化是提高蜜罐诱捕能力的重要手段。现有研究存在动作空间简单、割裂博弈全过程的问题。基于此，提出了带有欺骗证据的蜜罐博弈机制（HoneyED）。HoneyED 在扩大攻防动作空间的基础上，综合考虑博弈全过程，关注攻击者信念变化及这种变化对攻防策略的影响；然后基于信念求解理论均衡策略；最后基于深度反事实遗憾值最小化（Deep-CFR）设计了攻防混合策略均衡近似求解算法，得到了执行近似混合策略的攻防智能体。理论和实验结果表明，虽然攻击方在信念达到一定阈值后应及时退出博弈以获得最大收益，但所得蜜罐策略在考虑风险的情况下能尽量降低攻击方信念以诱骗其继续攻击，从而获得更大收益，且能针对具有不同欺骗识别能力的攻击方选择最佳响应。

Abstract

Using game theory to optimize honeypot behavior is an important method in improving defender’s trapping ability.Existing work tends to use over simplified action spaces and consider isolated game stages.A game model named HoneyED with expanded action spaces and covering comprehensively the whole interaction process between a honeypot and its adversary was proposed.The model was focused on the change in the attacker’s beliefs about its opponent’s real identity.A pure-strategy-equilibrium involving belief was established for the model by theoretical analysis.Then

based on the idea of deep counterfactual regret minimization (Deep-CFR)

an optimization algorithm was designed to find an approximate hybrid-strategy-equilibrium.Agents for both sides following hybrid strategies from the approximate equilibrium were obtained.Theoretical and experimental results show that the attacker should quit the game when its belief reaches a certain threshold for maximizing its payoff.But the defender’s strategy is able to maximize the honeypot’s profit by reducing the attacker’s belief to extend its stay as long as possible and by selecting the most suitable response to attackers with different deception recognition abilities.

关键词

Keywords

references

SPITZNER L . Honeypots:tracking hackers [M ] . Reading : Addison-Wesley , 2003 .

WAGENER G , DULAUNOY A , ENGEL T . Self adaptive high interaction honeypots driven by game theory [C ] // Symposium on Self-Stabilizing Systems . Berlin:Springer , 2009 : 741 - 755 .

HAYATLE O , OTROK H , YOUSSEF A . A game theoretic investigation for high interaction honeypots [C ] // Proceedings of 2012 IEEE International Conference on Communications . Piscataway:IEEE Press , 2012 : 6662 - 6667 .

王鹃 , 杨泓远 , 樊成阳 . 一种基于多阶段攻击响应的SDN动态蜜罐 [J ] . 信息网络安全 , 2021 , 21 ( 1 ): 27 - 40 .

WANG J , YANG H Y , FAN C Y . A SDN dynamic honeypot with multi-phase attack response [J ] . Netinfo Security , 2021 , 21 ( 1 ): 27 - 40 .

WAGENER G , STATE R , DULAUNOY A , et al . Heliza:talking dirty to the attackers [J ] . Journal in Computer Virology , 2011 , 7 ( 3 ): 221 - 232 .

PAUNA A , IACOB A C , BICA I . QRASSH - a self-adaptive SSH honeypot driven by Q-learning [C ] // Proceedings of 2018 International Conference on Communications (COMM) . Piscataway:IEEE Press , 2018 : 441 - 446 .

MNIH V , KAVUKCUOGLU K , SILVER D , et al . Playing atari with deep reinforcement learning [J ] . arXiv Preprint,arXiv:1312.5602 , 2013 .

PAUNA A , BICA I , POP F , et al . On the rewards of self-adaptive IoT honeypots [J ] . Annals of Telecommunications , 2019 , 74 ( 7/8 ): 501 - 515 .

DOWLING S , SCHUKAT M , BARRETT E . New framework for adaptive and agile honeypots [J ] . ETRI Journal , 2020 , 42 ( 6 ): 965 - 975 .

SURATKAR S , SHAH K , SOOD A , et al . An adaptive honeypot using Q-learning with severity analyzer [J ] . Journal of Ambient Intelligence and Humanized Computing , 2022 , 13 ( 10 ): 4865 - 4876 .

PAWLICK J , ZHU Q . Deception by design:evidence-based signaling games for network defense [J ] . arXiv Preprint,arXiv:1503.05458 , 2015 .

PAWLICK J , COLBERT E , ZHU Q Y . Modeling and analysis of leaky deception using signaling games with evidence [J ] . IEEE Transactions on Information Forensics and Security , 2018 , 14 ( 7 ): 1871 - 1886 .

ZINKEVICH M , JOHANSON M , BOWLING M , et al . Regret minimization in games with incomplete information [C ] // Proceedings of the 20th International Conference on Neural Information Processing Systems . Piscataway:IEEE Press , 2007 : 1729 - 1736 .

BROWN N , LERER A , GROSS S , et al . Deep counterfactual regret minimization [J ] . arXiv Preprint,arXiv:1811.00164 , 2018 .

RU Y Q , WANG Y F , LI J E , et al . Risk assessment of cyber attacks in ECPS based on attack tree and AHP [C ] // Proceedings of 2016 12th International Conference on Natural Computation,Fuzzy Systems and Knowledge Discovery (ICNC-FSKD) . Piscataway:IEEE Press , 2016 : 465 - 470 .

浏览量

251

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据