通信学报 ›› 2019, Vol. 40 ›› Issue (6): 51-65.doi: 10.11959/j.issn.1000-436x.2019121
陈黎丽1,2,王震2,3,郭云川2,华佳烽1,2,姚宇超1,李凤华1,2,4()
修回日期:
2019-03-24
出版日期:
2019-06-25
发布日期:
2019-07-04
作者简介:
陈黎丽(1985- ),女,甘肃天水人,西安电子科技大学博士生,主要研究方向为网络空间安全、攻防博弈。|王震(1984- ),男,山东聊城人,博士,中国科学院信息工程研究所在站博士后,杭州电子科技大学副研究员,主要研究方向为网络空间安全、博弈论。|郭云川(1976- ),男,四川营山人,博士,中国科学院信息工程研究所副研究员,主要研究方向为网络空间安全、访问控制。|华佳烽(1989- ),男,湖北浠水人,西安电子科技大学博士生,主要研究方向为信息安全、隐私保护。|姚宇超(1997- ),男,新疆库尔勒人,主要研究方向为网络与系统安全。|李凤华(1966- ),男,湖北浠水人,博士,中国科学院信息工程研究所研究员、博士生导师,主要研究方向为网络与系统安全、信息保护、隐私计算。
基金资助:
Revised:
2019-03-24
Online:
2019-06-25
Published:
2019-07-04
Supported by:
摘要:
随着“网络黑产”事件频繁发生,攻击者以“趋利”的思想来策略地发动针对性的攻击。现有网络监测系统缺少针对“策略式攻击”精准有效的监测策略。因此,在敌对环境中,如何优化部署采集代理获取更好的监测效果成为一个极为重要的课题。针对该问题,提出了一种顽健采集代理部署策略。首先,引入攻防博弈思想,对采集代理和威胁事件及其之间的关系进行度量,构建度量攻防博弈模型——MADG模型;然后,考虑传统精确求解算法无法求解该问题,利用目标函数的次模和非增的性质设计了顽健采集代理部署算法——RCD算法进行近似求解;最后,对RCD算法进行了验证。实验结果表明,所提模型和方法是可行有效的,且具有可扩展性。
中图分类号:
陈黎丽,王震,郭云川,华佳烽,姚宇超,李凤华. 安全数据采集代理顽健部署策略研究[J]. 通信学报, 2019, 40(6): 51-65.
(
表8续表)"
组合 | 威胁事件 | 影响I | 攻击可能发生的概率P | 攻击效用值R | 威胁事件中最大效用 | 最小效用 |
1 | 14 | 0.691 6 | 9.682 4 | |||
125 | 2 | 20 | 0.85 | 17 | ||
3 | 5 | 0.541 45 | 2.707 25 | 17 | ||
4 | 10 | 0.28 | 2.8 | |||
1 | 14 | 0.691 6 | 9.682 4 | |||
134 | 2 | 20 | 0.292 5 | 5.85 | 9.682 4 | |
3 | 5 | 1 | 5 | |||
4 | 10 | 0.85 | 8.5 | |||
1 | 14 | 0.691 6 | 9.682 4 | |||
135 | 2 | 20 | 0.487 5 | 9.75 | 9.75 | |
3 | 5 | 1 | 5 | |||
4 | 10 | 0.28 | 2.8 | |||
1 | 14 | 0.691 6 | 9.682 4 | |||
145 | 2 | 20 | 0.6 | 12 | 12 | |
3 | 5 | 1 | 5 | |||
4 | 10 | 0.238 | 2.38 | |||
1 | 14 | 0.76 | 10.64 | |||
234 | 2 | 20 | 0.292 5 | 5.85 | 10.64 | 9.682 4 |
3 | 5 | 0.541 45 | 2.707 25 | |||
4 | 10 | 0.620 5 | 6.205 | |||
1 | 14 | 0.76 | 10.64 | |||
235 | 2 | 20 | 0.45 | 9 | 10.64 | |
3 | 5 | 0.541 45 | 2.707 25 | |||
4 | 10 | 0.204 4 | 2.044 | |||
1 | 14 | 0.76 | 10.64 | |||
245 | 2 | 20 | 0.51 | 10.2 | ||
3 | 5 | 0.541 45 | 2.707 25 | 10.64 | ||
4 | 10 | 0.238 | 2.38 | |||
1 | 14 | 1 | 14 | |||
345 | 2 | 20 | 0.292 5 | 5.85 | 14 | |
3 | 5 | 1 | 5 | |||
4 | 10 | 0.238 | 2.38 |
(
表9续表)"
组合 | 威胁事件 | 影响I | 攻击可能发生的概率P | 攻击效用值R | 本轮最大 | 上一轮 | 增量 | 增量最小 |
1 | 14 | 1 | 14 | |||||
4 | 2 | 20 | 0.6 | 12 | 14 | 0 | 14 | 14 |
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.85 | 8.5 | |||||
1 | 14 | 1 | 14 | |||||
5 | 2 | 20 | 1 | 20 | 20 | 0 | 20 | |
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.28 | 2.8 | |||||
1 | 14 | 0.691 6 | 9.682 4 | |||||
31 | 2 | 20 | 0.487 5 | 9.75 | 10 | 14 | -4 | |
3 | 5 | 1 | 5 | |||||
4 | 10 | 1 | 10 | |||||
1 | 14 | 0.76 | 10.64 | |||||
32 | 2 | 20 | 0.487 5 | 9.75 | 10.64 | 14 | -3.36 | |
3 | 5 | 0.541 45 | 2.707 25 | |||||
4 | 10 | 0.73 | 7.3 | |||||
1 | 14 | 1 | 14 | |||||
34 | 2 | 20 | 0.292 5 | 5.85 | 14 | 14 | 0 | |
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.85 | 8.5 | |||||
1 | 14 | 1 | 14 | |||||
35 | 2 | 20 | 0.487 5 | 9.75 | 14 | 14 | 0 | -4 |
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.28 | 2.8 | |||||
1 | 14 | 0.691 6 | 9.682 4 | |||||
41 | 2 | 20 | 0.6 | 12 | 12 | 14 | -2 | |
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.85 | 8.5 | |||||
1 | 14 | 0.76 | 10.64 | |||||
42 | 2 | 20 | 0.45 | 9 | 10.64 | 14 | -3.36 | |
3 | 5 | 0.541 45 | 2.707 25 | |||||
4 | 10 | 0.85 | 8.5 | |||||
1 | 14 | 1 | 14 | |||||
45 | 2 | 20 | 0.6 | 12 | 14 | 14 | 0 | |
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.238 | 2.38 | |||||
1 | 14 | 0.691 6 | 9.682 4 | |||||
312 | 2 | 20 | 0.487 5 | 9.75 | 9.75 | 10 | -0.25 | |
3 | 5 | 0.541 45 | 2.707 25 | |||||
4 | 10 | 0.73 | 7.3 | |||||
1 | 14 | 0.691 6 | 9.682 4 | |||||
314 | 2 | 20 | 0.292 5 | 5.85 | 9.682 4 | 10 | -0.317 6 | -0.317 6 |
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.85 | 8.5 | |||||
315 | 1 | 14 | 0.691 6 | 9.682 4 | ||||
2 | 20 | 0.487 5 | 9.75 | 9.75 | 10 | -0.25 | ||
3 | 5 | 1 | 5 | |||||
4 | 10 | 0.28 | 2.8 |
表10
RCD算法近似求解"
组合 | 威胁事件 | 影响I | 攻击可能发生的概率P | 攻击效用值R | max(f,c) | FCA | 上一轮 | 增量 | 增量最小 | |
1 | 14 | 1 | 14 | 9.722 703 175 | 14 | |||||
0 | 2 | 20 | 1 | 20 | 9.722 703 175 | 20 | 13.430 675 79 | - | - | - |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 703 18 | |||||
4 | 10 | 1 | 10 | 9.722 703 175 | 10 | |||||
1 | 14 | 0.691 6 | 9.682 4 | 9.722 703 175 | 9.722 703 18 | |||||
1 | 2 | 20 | 1 | 20 | 9.722 703 175 | 20 | 12.361 351 59 | 13.430 675 79 | -1.069 324 206 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 703 18 | |||||
4 | 10 | 1 | 10 | 9.722 703 175 | 10 | |||||
1 | 14 | 0.76 | 10.64 | 9.722 703 175 | 10.64 | |||||
2 | 2 | 20 | 0.85 | 17 | 9.722 703 175 | 17 | 11.840 675 79 | 13.430 675 79 | -1.59 | |
3 | 5 | 0.541 45 | 2.707 25 | 9.722 703 175 | 9.722 703 18 | |||||
4 | 10 | 1 | 10 | 9.722 703 175 | 10 | |||||
1 | 14 | 1 | 14 | 9.722 703 175 | 14 | |||||
3 | 2 | 20 | 0.487 5 | 9.75 | 9.722 703 175 | 9.75 | 10.868 175 79 | 13.430 675 79 | -2.562 5 | -2.5625 |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 703 18 | |||||
4 | 10 | 1 | 10 | 9.722 703 175 | 10 | |||||
1 | 14 | 1 | 14 | 9.722 703 175 | 14 | |||||
4 | 2 | 20 | 0.6 | 12 | 9.722 703 175 | 12 | 11.361 351 59 | 13.430 675 79 | -2.069 324 206 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 70318 | |||||
4 | 10 | 0.85 | 8.5 | 9.722 703 175 | 9.722 70318 | |||||
1 | 14 | 1 | 14 | 9.722 703 175 | 14 | |||||
5 | 2 | 20 | 1 | 20 | 9.722 703 175 | 20 | 13.361 351 59 | 13.430 675 79 | -0.069 324 206 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 70318 | |||||
4 | 10 | 0.28 | 2.8 | 9.722 703 175 | 9.722 70318 | |||||
1 | 14 | 0.691 6 | 9.682 4 | 9.722 703 175 | 9.722 70318 | |||||
31 | 2 | 20 | 0.487 5 | 9.75 | 9.722 703 175 | 9.75 | 9.798 851 588 | 10.868 175 79 | -1.069 324 206 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 70318 | |||||
4 | 10 | 1 | 10 | 9.722 703 175 | 10 | |||||
1 | 14 | 0.76 | 10.64 | 9.722 703 175 | 10.64 | |||||
32 | 23 | 205 | 0.487 50.541 45 | 9.752.707 25 | 9.722 703 1759.722 703 175 | 9.759.722 70318 | 9.958 851 588 | 10.868 175 79 | -0.909 324 206 | |
4 | 10 | 0.73 | 7.3 | 9.722 703 175 | 9.722 70318 | -1.069 324 206 | ||||
1 | 14 | 1 | 14 | 9.722 703 175 | 14 | |||||
34 | 2 | 20 | 0.292 5 | 5.85 | 9.722 703 175 | 9.722 70318 | 10.792 027 38 | 10.868 175 79 | -0.076 148 413 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 70318 | |||||
4 | 10 | 0.85 | 8.5 | 9.722 703 175 | 9.722 70318 | |||||
1 | 14 | 1 | 14 | 9.722 703 175 | 14 | |||||
35 | 2 | 20 | 0.487 5 | 9.75 | 9.722 703 175 | 9.75 | 10.798 851 59 | 10.868 175 79 | -0.069 324 206 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 70318 | |||||
4 | 10 | 0.28 | 2.8 | 9.722 703 175 | 9.722 70318 | |||||
312 | 1 | 14 | 0.691 6 | 9.682 4 | 9.722 703 175 | 9.722 70318 | ||||
2 | 20 | 0.487 5 | 9.75 | 9.722 703 175 | 9.75 | 9.729 527 381 | 9.798 851 588 | -0.069 324 206 | -0.076 148 413 | |
3 | 5 | 0.541 45 | 2.707 25 | 9.722 703 175 | 9.722 70318 | |||||
4 | 10 | 0.73 | 7.3 | 9.722 703 175 | 9.722 70318 |
(
表10续表)"
组合 | 威胁 事件 | 影响I | 攻击可能发生的概率P | 攻击效用值R | max(f,c) | FCA | 上一轮 | 增量 | 增量最小 | |
1 | 14 | 0.691 6 | 9.682 4 | 9.722 703 175 | 9.722 70318 | |||||
314 | 2 | 20 | 0.292 5 | 5.85 | 9.722 703 175 | 9.722 70318 | 9.722 703 175 | 9.798 851 588 | -0.076 148 413 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 70318 | |||||
4 | 10 | 0.85 | 8.5 | 9.722 703 175 | 9.722 70318 | -0.076 148 413 | ||||
1 | 14 | 0.691 6 | 9.682 4 | 9.722 703 175 | 9.722 70318 | |||||
315 | 2 | 20 | 0.487 5 | 9.75 | 9.722 703 175 | 9.75 | 9.729 527 381 | 9.798 851 588 | -0.069 324 206 | |
3 | 5 | 1 | 5 | 9.722 703 175 | 9.722 703 18 | |||||
4 | 10 | 0.28 | 2.8 | 9.722 703 175 | 9.722 703 18 |
[1] | 马莉波, 李星, 张亮 . 有效扫描监测系统建模与部署[J]. 软件学报, 2009,20(4): 845-857. |
MA L B , LI X , ZHANG L . On modeling and deploying an effective scan monitoring system[J]. Journal of Software, 2009,20(4): 845-857. | |
[2] | TALELE N , TEUTSCH J , ERBACHER R ,et al. Monitor placement for large-scale systems[C]// The 19th ACM symposium on Access control models and technologies (SACMT’14). 2014: 29-40. |
[3] | AQIL A . Resource efficient frameworks for network and security problems[D]. California:University of California,Riverside, 2017. |
[4] | BREITBART Y , CHAN C Y , GAROFALAKIS M ,et al. Efficiently monitoring bandwidth and latency in IP networks[C]// INFOCOM, 2001: 1-10. |
[5] | HOCHBAUM D S . Approximation algorithm for NP-Hard problems[M]. Boston: PWS Publishing CompanyPress, 1997. |
[6] | SUH K , GUO Y , KUROSE J ,et al. Locating network monitors:complexity,heuristics and coverage[C]// INFOCOM 2005. 2005: 351-361. |
[7] | CHAUDET C , FLEURY E , GUéRIN LASSOUS I ,et al. Optimal positioning of active and passive monitoring devices[C]// The CoNEXT. 2005: 71-82. |
[8] | 蔡志平, 刘芳, 赵文涛 ,等. 网络测量部署模型及其优化算法[J]. 软件学报, 2008,19(2): 419-431. |
CAI Z P , LIU F , ZHAO W T ,et al. Deploying models and optimization algorithms of network measurement[J]. Journal of Software, 2008,19(2): 419-431. | |
[9] | LESKOVEC J , KRAUSE A , GUESTRIN C ,et al. Cost-effective outbreak detection in networks[C]// The 13th ACM SIGKDD International Conference on Knowledge Discovery and Datamining. 2007: 420-429. |
[10] | KRAUSE A , MCMAHAN B , GUESTRIN C ,et al. Selecting observations against adversarial objectives[C]// International Conference on Neural Information Processing Systems. 2007: 777-784. |
[11] | COMBOUL M , GHANEM R . Value of information in the design of resilient water distribution sensor networks[J]. Journal of Water Resources Planning and Management, 2012,139(4): 449-455. |
[12] | YU Y , XIAO G . On early detection of strong infections in complex networks[J]. Journal of Physics A Mathematical & Theoretical, 2014,47(6): 881-892. |
[13] | ZHOU C , LU W X , ZHANG J Z ,et al. Early detection of dynamic harmful cascades in large-scale networks[J]. Journal of Computational Science, 2018(28): 304-317. |
[14] | THAKORE U , GABRIEL A W , WILLIAM H S . A quantitative method-ology for security monitor deployment[C]// 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 2016: 1-12. |
[15] | MARBACK A , DO H , HE K ,et al. A threat model‐based approach to security testing[J]. Software:Practice and Experience, 2013,43(2): 241-258. |
[16] | PARDUE H , LANDRY J , YASINSAC A . A risk assessment model for voting systems using threat trees and Monte Carlo simulation[C]// 2009 First International Workshop on Requirements Engineering for e-Voting Systems (RE-VOTE). 2010: 55-60. |
[17] | MORIKAWA I , YAMAOKA Y . Threat tree templates to ease difficulties in threat modeling[C]// 2011 14th International Conference on Network-Based Information Systems. 2011: 673-678. |
[18] | ZHOU D , YAN Z , FU Y ,et al. A survey on network data collection[J]. Journal of Network and Computer Applications, 2018,116(8): 9-23. |
[19] | LIU G , YAN Z , PEDRYCZ W . Data collection for attack detection and security measurement in mobile Ad Hoc networks:a survey[J]. Journal of Network and Computer Applications, 2018,105(3): 105-122. |
[20] | LIN H , YAN Z , CHEN Y ,et al. A survey on network security-related data collection technologies[J]. IEEE Access, 2018,6(3): 18345-18365. |
[21] | HE L , YAN Z , ATIQUZZAMAN M . LTE/LTE-a network security data collection and analysis for security measurement:a survey[J]. IEEE Access, 2018,6(1): 4220-4242. |
[22] | CUPPENS F , ORTALO R . LAMBDA:a language to model a database for detection of attacks[C]// International Workshop on Recent Advances in Intrusion Detection. 2000: 197-216. |
[23] | TOTEL E , BERNARD V , LUDOVIC M . A language driven intrusion detection system for event and alert correlation[C]// Security and Protection in Information Processing Systems. 2004: 209-224. |
[24] | HOSMER H H , . Security is fuzzy!:applying the fuzzy logic paradigm to the multipolicy paradigm[C]// Workshop on New Security Paradigms. 1993: 175-184. |
[25] | FEIGE U . A threshold of ln n for approximating set cover[J]. Journal of the ACM, 1998,45(4): 634-652. |
[26] | NEMHAUSER G L , WOLSEY L A , FISHER M L . An analysis of approximations for maximizing submodular set functions—I[J]. Mathematical Programming, 1978,14(1): 265-294. |
[27] | FUJITO T . Approximation algorithms for submodular set cover with applications[J]. IEICE Transactions on Information and Systems, 2000,83(3): 480-487. |
[1] | 崔高峰, 徐媛媛, 张尚宏, 王卫东. 基于最小能耗的多无人机无线网络安全数据卸载策略[J]. 通信学报, 2021, 42(5): 51-62. |
[2] | 吴昊,范九伦,赖成喆,刘建华. 基于攻防博弈和蒙特卡洛模拟的网站防御策略选取方法[J]. 通信学报, 2018, 39(8): 48-55. |
[3] | 张兴明,顾泽宇,魏帅,沈剑良. 拟态防御马尔可夫博弈模型及防御策略选择[J]. 通信学报, 2018, 39(10): 143-154. |
[4] | 朱世磊,周游,任修坤,胡捍英. 认知MIMO干扰网络的顽健干扰对齐算法[J]. 通信学报, 2016, 37(3): 157-164. |
[5] | 张维纬,赵宸,黄德天,张沛,杨义先. 基于代价策略的H.264/AVC半脆弱水印算法[J]. 通信学报, 2015, 36(10): 110-118. |
[6] | 谷勇浩,郭达,林九川. 低能耗的隐私数据安全融合方法[J]. 通信学报, 2014, 35(Z2): 112-116. |
[7] | 谷勇浩,郭 达,林九川. 低能耗的隐私数据安全融合方法[J]. 通信学报, 2014, 35(Z2): 15-116. |
[8] | 张 群1,闵乐泉1,2. 灰度图像逻辑或运算CNN模板的顽健性设计[J]. 通信学报, 2014, 35(5): 12-94. |
[9] | 张群,闵乐泉. 灰度图像逻辑或运算CNN模板的顽健性设计[J]. 通信学报, 2014, 35(5): 88-94. |
[10] | 易小伟,马恒太,郑刚,郑昌文. 压缩图像码流的分组丢失顽健可伸缩认证算法[J]. 通信学报, 2014, 35(4): 174-181. |
[11] | 易小伟1, 2,马恒太1,郑刚1,郑昌文1. 压缩图像码流的分组丢失顽健可伸缩认证算法[J]. 通信学报, 2014, 35(4): 20-181. |
[12] | 杨光辉,吴建平,赵有健,孙书韬. 针对可扩展交换网络的顽健性评价方法[J]. 通信学报, 2012, 33(5): 1-11. |
[13] | 叶天语. 自嵌入完全盲检测顽健数字水印算法[J]. 通信学报, 2012, 33(10): 7-15. |
[14] | 何勇军,韩纪庆. 噪声环境下畸变模型线性化处理的顽健语音识别方法[J]. 通信学报, 2010, 31(9): 8-14. |
[15] | 刘亮,秦小麟,刘亚丽,李博涵. 顽健的无线传感器网络K近邻查询处理算法[J]. 通信学报, 2010, 31(11): 171-179. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|