基于信号博弈的移动目标防御最优策略选取方法

doi:10.11959/j.issn.1000-436x.2019125

通信学报 ›› 2019, Vol. 40 ›› Issue (6): 128-137.doi: 10.11959/j.issn.1000-436x.2019125

基于信号博弈的移动目标防御最优策略选取方法

蒋侣¹,张恒巍^1,²(),王晋东¹

¹ 战略支援部队信息工程大学三院，河南郑州 450001
² 信息保障技术重点实验室，北京 100093

修回日期:2019-04-28 出版日期:2019-06-25 发布日期:2019-07-04
作者简介:蒋侣（1995- ），男，四川广安人，战略支援部队信息工程大学博士生，主要研究方向为移动目标防御、网络安全与攻防对抗。|张恒巍（1978- ），男，河南洛阳人，博士，战略支援部队信息工程大学副教授，主要研究方向为网络安全与攻防对抗、信息安全风险评估。|王晋东（1966- ），男，山西洪桐人，战略支援部队信息工程大学教授，主要研究方向为网络与信息安全、云资源管理。
基金资助:
国家自然科学基金资助项目(61521003);国家自然科学基金资助项目(61572517);河南省科技攻关计划基金资助项目(182102210144)

Optimal strategy selection method for moving target defense based on signaling game

JIANG Lyu¹,ZHANG Hengwei^1,²(),WANG Jindong¹

¹ The Third Institute,Strategic Support Force Information Engineering University,Zhengzhou 450001,China
² Science and Technology on Information Assurance Laboratory,Beijing 100093,China

Revised:2019-04-28 Online:2019-06-25 Published:2019-07-04
Supported by:
The National Natural Science Foundation of China(61521003);The National Natural Science Foundation of China(61572517);The Science and Technology Research Project of Henan Province(182102210144)

摘要/Abstract

摘要：

针对移动目标防御最优策略选取问题，从攻击面转换（ASS）和探测面扩展（ESE）的角度形式化来定义防御策略，阐释了防御原理；采用动态对抗和有限信息的视角对网络攻防行为进行研究，在分析攻防博弈类型和攻防过程的基础上，构建了基于信号博弈的移动目标防御模型；改进了攻防策略量化计算方法，提出了精炼贝叶斯均衡求解算法，并通过对博弈均衡的分析设计了最优防御策略选取算法。仿真实验验证了所提模型和方法的有效性。

关键词: 网络安全, 移动目标防御, 信号博弈, 精炼贝叶斯均衡, 防御策略选取

Abstract:

To solve the problem of the optimal strategy selection for moving target defense,the defense strategy was defined formally,the defense principle from the perspective of attack surface shifting and exploration surface enlarging was taken into account.Then,network attack-defense behaviors were analyzed from the sight of dynamic confrontation and bounded information.According to the analysis of attack-defense game types and confrontation process,the moving target defense model based on signaling game was constructed.Meanwhile,the method to quantify strategies was improved and the solution of perfect Bayesian equilibrium was proposed.Furthermore,the optimal defense strategy selection algorithm was designed by the equilibrium analysis.Finally,the simulation demonstrates the effectiveness and feasibility of the proposed optimal strategy and selection method.

Key words: network security, moving target defense, signaling game, perfect Bayesian equilibrium, defense strategy selection

中图分类号:

TP309

蒋侣,张恒巍,王晋东. 基于信号博弈的移动目标防御最优策略选取方法[J]. 通信学报, 2019, 40(6): 128-137.

JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game[J]. Journal on Communications, 2019, 40(6): 128-137.

图/表 6

表1

图1

表2

表3

表4

防御策略描述"

防御策略		策略描述	MTD类型	防御成本
	d₁	IP switch,data storage enlarge ,动态频率	攻击面变换+探测面扩展	220
$t_{d}^{1}$	d₂	protocol switch,port counterchange,固定频率	攻击面转移+攻击面变换	190
	d₃	fingerprint switch,Renew root data ,动态频率	攻击面转移	170
	d₄	port enlarge,protocol switch,固定频率	攻击面转移+探测面扩展	160
	d₅	route enlarge,install oracle patches ,动态频率	探测面扩展	120
$t_{d}^{2}$	d₆	port switch,patch SSH on FTP ,固定频率	攻击面转移	115
	d₇	add physical resources,add address blacklist	探测面扩展	125
	d₈	limit packet to ports,limit ICMP/SYN packets	无	110

表4

图2

参考文献 25

[1]	方滨兴 . 从层次角度看网络空间安全技术的覆盖领域[J]. 网络与信息安全学报, 2015,1(1): 1-6.
	FANG B X . A hierarchy model on the research fields of cyberspace security technology[J]. Chinese Journal of Network and Information Security, 2015,1(1): 1-6.
[2]	JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[M]. Berlin: Springer Science Business MediaPress, 2011.
[3]	蔡桂林, 王宝生, 王天佐 ,等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016,53(5): 968-987.
	CAI G L , WANG B S , WANG T Z ,et al. Research on development of moving target defense technology[J]. Journal of Computer Research and Development, 2016,53(5): 968-987.
[4]	刘效武, 王慧强, 吕宏武 ,等. 网络安全态势认知融合感控模型[J]. 软件学报, 2016,27(8): 2099-2114.
	LIU X W , WANG H Q , LV H W ,et al. Fusion-based cognitive awareness-control model for network security situation[J]. Journal of Software, 2016,27(8): 2099-2114.
[5]	朱建明, 王秦 . 基于博弈论的网络空间安全若干问题分析[J]. 网络与信息安全学报, 2015,1(1): 43-49.
	ZHU J M , WANG Q . Analysis of cyberspace security based on game theory[J]. Chinese Journal of Network and Information Security, 2015,1(1): 43-49.
[6]	MANADHATA P K . Game theoretic approaches to attack surface shifting[J]. ACM Transactions on Information and System Security, 2017,23(2): 145-153.
[7]	CARTER K M , RIORDAN J F , OKHRAVI H . A game theoretic approach to strategy determination for dynamic platform defenses[C]// ACM Workshop on Moving Target Defense. ACM, 2017: 21-30.
[8]	VADLAMUDI S G , SENGUPTA S , KAMBHAMPATI S ,et al. Moving target defense for Web applications using Bayesian Stackelberg games[J]. Adaptive Agents and Multi-Agents Systems, 2016: 1377-1378.
[9]	FILLER T , JUDAS J , FRIDRICH J . Signaling game model:DDoS defense analysis[J]. Journal of Security Engineering, 2016,39(3): 414-417.
[10]	张恒巍, 余定坤, 韩继红 ,等. 信号博弈网络安全威胁评估方法[J]. 西安电子科技大学学报, 2016,43(3): 137-143.
	ZHANG H W , YU D K , HAN J H ,et al. Network security threat assessment based on the signaling game[J]. Journal of Xidian University, 2016,43(3): 137-143.
[11]	张恒巍, 余定坤, 韩继红 ,等. 基于攻防信号博弈模型的防御策略选取方法[J]. 通信学报, 2016,37(5): 51-61.
	ZHANG H W , YU D K , HAN J H ,et al. Defense policies selection method based on attack-defense signaling game model[J]. Journal on Communications, 2016,37(5): 51-61.
[12]	OKHRAVI H , COMELLA A , ROBINSON E ,et al. Creating a cyber moving target for critical infrastructure applications using platform diversity[J]. International Journal of Critical Infrastructure Protection, 2014,5(1): 30-39.
[13]	BENZEL T . A strategic plan for cyber security research and development[J]. IEEE Security ＆ Privacy, 2015,13(4): 3-5.
[14]	FENG X , ZHENG Z , CANSEVER D . A signaling game model for moving target defense[C]// 2017 IEEE Conference on Computer Communications. IEEE, 2017: 1-9.
[15]	LEI C , ZHANG H Q , WAN L M ,et al. Incomplete information Markov game theoretic approach to strategy generation for moving target defense[J]. Computer Communications, 2018,116: 184-199.
[16]	HUANG S R , ZHANG H W , WANG J ,et al. Markov differential game for network defense decision-making method[J]. IEEE Access, 2018: 39621-39634.
[17]	刘江, 张红旗, 刘艺 . 基于不完全信息动态博弈的动态目标防御最优策略选取研究[J]. 电子学报, 2018,46(1): 82-89.
	LIU J , ZHANG H Q , LIU Y . Research on optimal selection of moving target defense policy based on dynamic game with incomplete information[J]. Acta Electronica Sinica, 2018,46(1): 82-89.
[18]	GORDON L , LOEB M , LUCYSHYN W ,et al. Computer crime and security survey[C]// 2014 Computer Security Institute. 2014: 11-34.
[19]	MANADHATA P K , WING J M . An attack surface metric[J]. IEEE Transactions on Software Engineering, 2011,37(3): 371-386.
[20]	LIN J Q , LIU P , JING J W . Using signaling games to model the multi-step attack-defense scenarios on confidentiality[J]. Security Lecture Notes in Computer Science, 2017,39(6): 118-137.
[21]	MALEKI H , VALIZADEH S , KOCH W ,et al. Markov modeling of moving target defense games[C]// ACM Workshop on Moving Target Defense. ACM, 2018: 104-110.
[22]	ZHUANG R , BARDAS A G , DELOACH S A ,et al. A theory of cyber attacks:a step towards analyzing MTD systems[C]// ACM Workshop on Moving Target Defense. ACM, 2017: 211-220.
[23]	GAO X , ZHU Y F . Defense mechanism analysis based on signaling game model[C]// International Conference on Intelligent Human-Machine Systems and Cybernetics. IEEE, 2016: 414-417.
[24]	FUDENBERG D , TIROLE J . Game theory[M]. Boston: Massachusetts Institute of Technology PressPress, 2012.
[25]	ZHU Q,BA?AR T , . Game-theoretic approach to feedback-driven multi-stage moving target defense[C]// Decision and Game Theory for Security. Springer International Publishing, 2013: 246-263.

方法	博弈类型	局中人类型	信号机制	模型通用性	均衡求解	具体应用
文献[6]	完全信息静态博弈	1	—	一般	详细	攻防分析
文献[7]	不完全信息静态博弈	2	—	差	详细	策略选取
文献[9,17]	信号博弈	n	攻击者	一般	简单	机制设计
文献[20]	信号博弈	2	攻击者	差	无	—
文献[21]	马尔科夫博弈	n	—	较差	简单	攻防分析
本文模型及方法	信号博弈	n	防御者	较好	详细	策略选取

序号	节点	服务	脆弱性
1	W₁	IIS	LSASS process
2	W₂	FTP	FTP rhost overwrite
3	O₁	RPC	Code injection
4	O₇	RSH	Rsh login
5	U₉	NETBOIS-SSN	Nullsession
6	U₁₃	FTP	Wu-FTP Sockprintf
7	D₅	SQUID PROXY	Squid port scan
8	D₇	SQL DB

原子攻击名称	分类	攻击成本AC	攻击致命度AL
e₁:remote buffer overflow	root	100	9
e₂:install Trojan	probe	80	3
e₃:steal account and crack it	user	140	5
e₄:send abnormal data to GIOP	root	50	8
e₅:LPC to LSASS process	probe	40	2
e₆:FTP rhost attack	root	120	10
e₇:Oracle TNS Listener	root	90	8
e₈:shutdown Database server	user	150	6
e₉:SR-hard blood	root	120	8

基于信号博弈的移动目标防御最优策略选取方法

Optimal strategy selection method for moving target defense based on signaling game

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 25

相关文章 15

Metrics

推荐阅读 0

[1]	赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56.
[2]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
[3]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[4]	康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135.
[5]	郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92.
[6]	徐潇雨, 胡浩, 张红旗, 刘玉岭. 基于深度确定性策略梯度的随机路由防御方法[J]. 通信学报, 2021, 42(6): 41-51.
[7]	张红斌, 尹彦, 赵冬梅, 刘滨. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021, 42(6): 182-194.
[8]	张腾飞, 余顺争. 移动设备加密流量的用户信息探测研究展望[J]. 通信学报, 2021, 42(2): 154-167.
[9]	程旭, 王莹莹, 张年杰, 付章杰, 陈北京, 赵国英. 基于空间感知的多级损失目标跟踪对抗攻击方法[J]. 通信学报, 2021, 42(11): 242-254.
[10]	黄韬, 刘江, 汪硕, 张晨, 刘韵洁. 未来网络技术与发展趋势综述[J]. 通信学报, 2021, 42(1): 130-150.
[11]	罗智勇,杨旭,刘嘉辉,许瑞. 基于贝叶斯攻击图的网络入侵意图分析模型[J]. 通信学报, 2020, 41(9): 160-169.
[12]	胡永进,马骏,郭渊博,张晗. 基于多阶段网络欺骗博弈的主动防御研究[J]. 通信学报, 2020, 41(8): 32-42.
[13]	陈福才,何威振,程国振,霍树民,周大成. 基于DPDK的内网动态网关关键技术设计[J]. 通信学报, 2020, 41(6): 139-151.
[14]	吴武飞,李仁发,曾刚,谢勇,谢国琪. 智能网联车网络安全研究综述[J]. 通信学报, 2020, 41(6): 161-174.
[15]	王硕,王建华,裴庆祺,汤光明,王洋,刘小虎. 基于动态伪装网络的主动欺骗防御方法[J]. 通信学报, 2020, 41(2): 97-111.