基于最優(yōu)停止理論的網(wǎng)絡(luò)欺騙防御策略優(yōu)化
信息技術(shù)與網(wǎng)絡(luò)安全
呂德龍1,翁 溪2,周小為2
(1.陸軍工程大學(xué) 指揮控制工程學(xué)院,江蘇 南京210007,;2.江南計(jì)算技術(shù)研究所,,江蘇 無錫214083)
摘要: 網(wǎng)絡(luò)欺騙防御已經(jīng)成為網(wǎng)絡(luò)主動防御的重要手段,。網(wǎng)絡(luò)欺騙防御系統(tǒng)中,防御方主動釋放部分有效信息來迷惑攻擊者,,受到誘騙的攻擊者則會在欺騙誘捕環(huán)境中實(shí)施進(jìn)一步攻擊,,直至攻擊者識破誘騙手段或防御方主動驅(qū)逐攻擊者。為研究如何在達(dá)到有效防御效果的同時(shí),,盡量減少欺騙環(huán)境所釋放的有效信息,,分別分析了欺騙防御模型和最優(yōu)停止理論問題模型,確立了欺騙防御模型和最優(yōu)停止理論的要素對應(yīng)關(guān)系,?;谧顑?yōu)停止理論,構(gòu)建了信息收益最大化問題模型,,通過對每次攻擊行動信息量和有效信息泄露量進(jìn)行分析,,選擇最大信息量之比,對后續(xù)攻擊進(jìn)行抑制,,求解信息收益最大化問題,得出最佳抑制時(shí)刻,,即最優(yōu)解表達(dá)式,。
中圖分類號: TP393
文獻(xiàn)標(biāo)識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.008
引用格式: 呂德龍,翁溪,,周小為. 基于最優(yōu)停止理論的網(wǎng)絡(luò)欺騙防御策略優(yōu)化[J].信息技術(shù)與網(wǎng)絡(luò)安全,,2021,40(7):47-51.
文獻(xiàn)標(biāo)識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.008
引用格式: 呂德龍,翁溪,,周小為. 基于最優(yōu)停止理論的網(wǎng)絡(luò)欺騙防御策略優(yōu)化[J].信息技術(shù)與網(wǎng)絡(luò)安全,,2021,40(7):47-51.
Network deception defense strategy optimization based on optimal stopping theory
Lv Delong1,,Weng Xi2,,Zhou Xiaowei2
(1.Command & Control Engineering College,Army Engineer University of PLA,,Nanjing 210007,,China; 2.Jiangnan Institute of Computing Technology,,Wuxi 214083,,China)
Abstract: Cyber deception defense has become an important means of active network defense. In the cyber deception defense system, the defender actively releases part of the effective information to confuse the attacker, and the deceived attacker will carry out further attacks in the deception trap environment until the attacker sees through the deception or the defender takes the initiative to expel the attacker. How to minimize the effective information released by the deceiving environment while achieving the effective defense effect,this papr analyzed the deception defense model and the optimal stopping theory problem model respectively, and established the element correspondence relationship between the deception defense model and the optimal stopping theory. Based on the optimal stopping theory, a model for maximizing information revenu was constructed. By analyzing the amount of information in each attack and the amount of effective information leakage, the model selects the ratio of the maximum amount of information to suppress subsequent attacks, solves the problem of maximizing information returns, and obtains the optimal suppression moment, that is, the optimal solution expression.
Key words : cyber deception defense,;deception decision,;optimal stopping theory;maximize information revenue Network and Information Security
0 引言
近年來,,網(wǎng)絡(luò)攻擊的數(shù)量和復(fù)雜性都在迅速增加[1-2],,攻擊者能夠利用多種攻擊載體(如零日漏洞、軟件配置中的缺陷和訪問控制策略等)滲透到其目標(biāo)系統(tǒng)中。針對上述問題,,研究人員提出了許多解決辦法來增強(qiáng)網(wǎng)絡(luò)和信息系統(tǒng)的安全防護(hù)能力,,典型的解決方案包括入侵防護(hù)[3]、系統(tǒng)加固[4]以及高級攻擊檢測和緩解等[5],。盡管這些傳統(tǒng)的安全措施在任何安全防護(hù)手段中都必不可少,,但它們大多被動響應(yīng)攻擊者的行為,缺乏在網(wǎng)絡(luò)殺傷鏈的早期就與攻擊者進(jìn)行交互的手段,,導(dǎo)致防御方始終處于被動地位,。
本文詳細(xì)內(nèi)容請下載:http://forexkbc.com/resource/share/2000003677
作者信息:
呂德龍1,翁 溪2,,周小為2
(1.陸軍工程大學(xué) 指揮控制工程學(xué)院,,江蘇 南京210007;2.江南計(jì)算技術(shù)研究所,,江蘇 無錫214083)
此內(nèi)容為AET網(wǎng)站原創(chuàng),,未經(jīng)授權(quán)禁止轉(zhuǎn)載。