基于有限理性的网络防御策略智能规划方法

刘盈泽; 郭渊博; 方晨; 李勇飞; 陈庆礼

doi:10.11959/j.issn.1000-436x.2023091

您当前的位置：

首页 >

文章列表页 >

基于有限理性的网络防御策略智能规划方法

学术论文 | 更新时间：2024-06-06

- 基于有限理性的网络防御策略智能规划方法
- Intelligent planning method for cyber defense strategies based on bounded rationality
- 通信学报 2023年44卷第5期页码：52-63
- 作者机构：
  
  信息工程大学密码工程学院，河南郑州 450001
- 作者简介：
  
  [ "刘盈泽（1994- ），女，河南郑州人，信息工程大学博士生，主要研究方向为网络安全防御" ]
  [ "郭渊博（1975- ），男，陕西周至人，博士，信息工程大学教授、博士生导师，主要研究方向为网络防御、数据挖掘、机器学习和人工智能安全等" ]
  [ "方晨（1993- ），男，安徽宿松人，信息工程大学讲师，主要研究方向为机器学习、隐私安全" ]
  [ "李勇飞（1998- ），男，河南开封人，信息工程大学硕士生，主要研究方向为威胁情报实体抽取及关系抽取" ]
  [ "陈庆礼（1998- ），男，河南新乡人，信息工程大学硕士生，主要研究方向为人工智能安全" ]
- 基金信息：
  
  国家自然科学基金资助项目(62276091);河南省重大公益专项基金资助项目(201300311200)
- DOI：10.11959/j.issn.1000-436x.2023091
  中图分类号： TN92
- 网络出版日期：2023-05，
  
  纸质出版日期：2023-05-25
- 稿件说明：
移动端阅览
刘盈泽, 郭渊博, 方晨, 等. 基于有限理性的网络防御策略智能规划方法[J]. 通信学报, 2023,44(5):52-63.

Yingze LIU, Yuanbo GUO, Chen FANG, et al. Intelligent planning method for cyber defense strategies based on bounded rationality[J]. Journal on communications, 2023, 44(5): 52-63.
刘盈泽, 郭渊博, 方晨, 等. 基于有限理性的网络防御策略智能规划方法[J]. 通信学报, 2023,44(5):52-63. DOI： 10.11959/j.issn.1000-436x.2023091.

Yingze LIU, Yuanbo GUO, Chen FANG, et al. Intelligent planning method for cyber defense strategies based on bounded rationality[J]. Journal on communications, 2023, 44(5): 52-63. DOI： 10.11959/j.issn.1000-436x.2023091.

摘要

考虑到网络防御主体通常具有资源受限等特点，基于智能化攻防对抗的理念研究了有限理性条件下的网络防御策略智能规划与自主实施。首先，融合攻击图、通用与领域专有知识构建网络防御安全本体；在此基础上，利用知识推理推荐安全防御策略，以更好地适应受保护网络信息资产的安全需求及当前所面临的攻击威胁；最后，结合有限理性的智能规划方法，实现网络安全防御资源受限、网络信息资产动态变化等约束条件下的防御策略自主规划与实施。实例表明，动态攻击下所提方法具有稳健性。将所提方法与现有基于博弈论及攻击图方法进行对比，实验结果表明在对抗一次典型的APT攻击时所提方法的防御有效性提高了5.6%～26.12%。

Abstract

Considering that network defense subjects were usually resource-constrained

an intelligent planning and au-tonomous implementation of network defense strategies under bounded rationality was studied considering the concept of intelligent confrontation.First

attack graph

general knowledge and domain-specific knowledge were fused to construct a network defense security ontology.On that basis

knowledge reasoning was utilized to recommend security defense strategies to better adapt to the security needs of protected network information assets and current attack threats.Finally

an autonomous planning and implementation of defense strategies was achieved under the constraints of limited network security defense resources and dynamic changes of network information assets with the help of bounded rationality.The example shows that the proposed method is robust under dynamic attacks.The experiments show that the defense effec-tiveness is improved by 5.6%～26.12% compared with existing game theory and attack graph-based methods against a typical APT attack.

关键词

Keywords

references

YUAN X Y , HE P , ZHU Q L , et al . Adversarial examples:attacks and defenses for deep learning [J ] . IEEE Transactions on Neural Networks and Learning Systems , 2019 , 30 ( 9 ): 2805 - 2824 .

LAKHDHAR Y , REKHIS S . Active,reactive and proactive visibility-based cyber defense for defending against attacks on critical systems [C ] // Proceedings of International Wireless Communications and Mobile Computing . Piscataway:IEEE Press , 2020 : 439 - 444 .

JIANG F , FU Y S , GUPTA B B , et al . Deep learning based multi-channel intelligent attack detection for data security [J ] . IEEE Transactions on Sustainable Computing , 2020 , 5 ( 2 ): 204 - 212 .

SYED Z , PADIA A , MATHEWS M L , et al . UCO:a unified cybersecurity ontology [C ] // AAAI Workshop:Artificial Intelligence for Cyber Security . Palo Alto:AAAI Press , 2016 : 195 - 202 .

ZHANG K , LIU J J . Ontology construction for security analysis of network nodes [C ] // Proceedings of International Conference on Communications,Information System and Computer Engineering . Piscataway:IEEE Press , 2020 : 292 - 297 .

PUJARA J , MIAO H , GETOOR L , et al . Ontology-aware partitioning for knowledge graph identification [C ] // Proceedings of the 2013 workshop on Automated knowledge base construction . New York:ACM Press , 2013 : 19 - 24 .

BEITOLLAHI H , DECONINCK G . Analyzing well-known countermeasures against distributed denial of service attacks [J ] . Computer Communications , 2012 , 35 ( 11 ): 1312 - 1332 .

THERON P , KOTT A . When autonomous intelligent goodware will fight autonomous intelligent malware:a possible future of cyber defense [C ] // Proceedings of IEEE Military Communications Conference . Piscataway:IEEE Press , 2020 : 1 - 7 .

ZHOU Z , KUANG X H , SUN L M , et al . Endogenous security defense against deductive attack:when artificial intelligence meets active defense for online service [J ] . IEEE Communications Magazine , 2020 , 58 ( 6 ): 58 - 64 .

BASALLO Y A , SENTI V E , SANCHEZ N M . Artificial intelligence techniques for information security risk assessment [J ] . IEEE Latin America Transactions , 2018 , 16 ( 3 ): 897 - 901 .

CHEN J , ZHU Q . Interdependent strategic security risk management with bounded rationality in the internet of things [J ] . IEEE Transactions on Information Forensics and Security , 2019 , 14 ( 11 ): 2958 - 2971 .

LI X H , ZHU M Y , YANG L T , et al . Sustainable ensemble learning driving intrusion detection model [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 4 ): 1591 - 1604 .

雷程 , 马多贺 , 张红旗 , 等 . 基于网络攻击面自适应转换的移动目标防御技术 [J ] . 计算机学报 , 2018 , 41 ( 5 ): 1109 - 1131 .

LEI C , MA D H , ZHANG H Q , et al . Moving target defense technique based on network attack surface self-adaptive mutation [J ] . Chinese Journal of Computers , 2018 , 41 ( 5 ): 1109 - 1131 .

张红霞 , 王琪 , 王登岳 , 等 . 基于深度学习的区块链蜜罐陷阱合约检测 [J ] . 通信学报 , 2022 , 43 ( 1 ): 194 - 202 .

ZHANG H X , WANG Q , WANG D Y , et al . Honeypot contract detection of blockchain based on deep learning [J ] . Journal on Communications , 2022 , 43 ( 1 ): 194 - 202 .

KIM H , BEN-OTHMAN J . Toward integrated virtual emotion system with AI applicability for secure CPS-enabled smart cities:AI-based research challenges and security issues [J ] . IEEE Network , 2020 , 34 ( 3 ): 30 - 36 .

VAST R , SAWANT S , THORBOLE A , et al . Artificial intelligence based security orchestration,automation and response system [C ] // Proceedings of 2021 6th International Conference for Convergence in Technology . Piscataway:IEEE Press , 2021 : 1 - 5 .

YAN B J , YAO P C , WANG J M , et al . Game theoretical dynamic cybersecurity defense strategy for electrical cyber physical systems [C ] // Proceedings of 2021 IEEE 5th Conference on Energy Internet and Energy System Integration . Piscataway:IEEE Press , 2022 : 2392 - 2397 .

JIANG Y , CEDER A A . Incorporating personalization and bounded rationality into stochastic transit assignment model [J ] . Transportation Research Part C:Emerging Technologies , 2021 , 127 : 1 - 26 .

ZHENG H J , WANG Y C , HAN C , et al . Learning and applying ontology for machine learning in cyber attack detection [C ] // Proceedings of 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering . Piscataway:IEEE Press , 2018 : 1309 - 1315 .

WOTAWA F , BOZIC J , LI Y H . Ontology-based testing:an emerging paradigm for modeling and testing systems and software [C ] // Proceedings of 2020 IEEE International Conference on Software Testing,Verification and Validation Workshops . Piscataway:IEEE Press , 2020 : 14 - 17 .

KIM M , DEY S , LEE S W . Ontology-driven security requirements recommendation for APT attack [C ] // Proceedings of 2019 IEEE 27th International Requirements Engineering Conference Workshops . Piscataway:IEEE Press , 2019 : 150 - 156 .

KIM B J , LEE S W . Understanding and recommending security requirements from problem domain ontology:a cognitive three-layered approach [J ] . Journal of Systems and Software , 2020 ,169:110695.

MOHAMMADI S , MIRVAZIRI H , GHAZIZADEH-AHSAEE M , , et al . Cyber intrusion detection by combined feature selection algorithm [J ] . Journal of Information Security and Applications , 2019 , 44 : 80 - 88 .

AZWAR H , MURTAZ M , SIDDIQUE M , et al . Intrusion detection in secure network for cybersecurity systems using machine learning and data mining [C ] // Proceedings of IEEE 5th International Conference on Engineering Technologies and Applied Sciences . Piscataway:IEEE Press , 2019 : 1 - 9 .

INJADAT M , MOUBAYED A , NASSIF A B , et al . Multi-stage optimized machine learning framework for network intrusion detection [J ] . IEEE Transactions on Network and Service Management , 2021 , 18 ( 2 ): 1803 - 1816 .

GAJDEROWICZ B . Artificial intelligence planning techniques for emulating agents with application in social services [D ] . Toronto:University of Toronto , 2019 .

HARRISON L , SPAHN R , IANNACONE M , et al . NV:Nessus vulnerability visualization for the Web [C ] // Proceedings of the Ninth International Symposium on Visualization for Cyber Security . New York:ACM Press , 2012 : 25 - 32 .

ALFORD R , LAWRENCE D , KOUREMETIS M . CALDERA:a red-blue cyber operations automation platform [C ] // Proceedings of the 32nd International Conference on Automated Planning and Scheduling . Palo Alto:AAAI Press , 2022 : 375 - 376 .

STROM B E , APPLEBAUM A , MILLER D P , et al . MITRE ATT＆CK:design and philosophy [R ] . 2018 .

PANFILI M , GIUSEPPI A , FIASCHETTI A , et al . A game-theoretical approach to cyber-security of critical infrastructures based on multi-agent reinforcement learning [C ] // Proceedings of 26th Mediterranean Conference on Control and Automation . Piscataway:IEEE Press , 2018 : 460 - 465 .

ASVIJA B , ESWARI R , BIJOY M B . Bayesian attack graphs for platform virtualized infrastructures in clouds [J ] . Journal of Information Security and Applications , 2020 ,51:102455.

杨宏宇 , 袁海航 , 张良 . 基于攻击图的主机安全评估方法 [J ] . 通信学报 , 2022 , 43 ( 2 ): 89 - 99 .

YANG H Y , YUAN H H , ZHANG L . Host security assessment method based on attack graph [J ] . Journal on Communications , 2022 , 43 ( 2 ): 89 - 99 .

SANDOVAL J E , HASSELL S P . Measurement,identification and calculation of cyber defense metrics [C ] // Proceedings of 2010 Military Communications Conference . Piscataway:IEEE Press , 2011 : 2174 - 2179 .

ZHENG L , PERL Y , ELHANAN G , et al . Summarizing an ontology:a big knowledge coverage approach [J ] . Studies in Health Technology and Informatics , 2017 , 245 : 978 - 982 .

浏览量

551

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于攻防演化博弈模型的防御策略选取方法