基于多阶段网络欺骗博弈的主动防御研究

doi:10.11959/j.issn.1000-436x.2020112

摘要/Abstract

摘要：

针对网络攻击者需要依赖探测到的信息决定下一步动作这一特点，将非合作信号博弈理论应用于网络攻防分析。通过构建多阶段网络欺骗博弈模型，对网络攻防过程中存在的信号欺骗机制进行深入研究，充分考虑网络欺骗信号衰减作用，实现多阶段网络攻防对抗的动态分析推演。基于攻防分析改进了多阶段网络欺骗博弈均衡求解方法，并设计出最优网络欺骗防御策略选取算法。仿真实验验证了所提模型和方法的有效性，根据实验结果对多阶段网络欺骗博弈存在的规律进行了分析总结，能够为网络安全主动防御研究提供有效指导。

关键词: 网络攻防, 信号博弈, 网络欺骗, 主动防御, 策略选取

Abstract:

In view of the characteristic that attacker depended on the detected information to decide the next actions,the non-cooperative signal game theory was applied to analyze cyber attack and defense.The signal deception mechanism in the process of cyber attack and defense was considered deeply by constructing a multi-stage cyber deception game model,and the dynamic analysis and deduction of the multi-stage cyber attack and defense was realized by considering the attenuation of cyber deception signals.A solution for multi-stage cyber deception game equilibrium was improved based on analysis of cyber attack and defense,and an optimal algorithm for selecting cyber deception defense strategies was designed.The effectiveness of the model is verified by simulations.The rules of multi-stage cyber deception games are summarized based on the results,which can provide effective guidance for the research on cyber active defense.

Key words: cyber attack and defense, signal game, cyber deception, active defense, strategy selection

中图分类号:

TP393

胡永进,马骏,郭渊博,张晗. 基于多阶段网络欺骗博弈的主动防御研究[J]. 通信学报, 2020, 41(8): 32-42.

Yongjin HU,Jun MA,Yuanbo GUO,Han ZHANG. Research on active defense based on multi-stage cyber deception game[J]. Journal on Communications, 2020, 41(8): 32-42.

图/表 10

图1

图2

图3

图4

表1

图5

表2

表3

原子防御策略"

原子防御策略描述	$T_{D_{H}}$			$T_{D_{L}}$
原子防御策略描述	$S_{D_{1}}$	$S_{D_{2}}$	$S_{D_{3}}$	$S_{D_{4}}$	$S_{D_{5}}$	$S_{D_{6}}$
limit packets from ports	√	×	√	×	√	√
install Oracle patches	×	√	√	√	×	×
reinstall listener program	√	√	×	×	×	√
uninstall delete Trojan	√	√	√	√	√	×
renew data(root)	√	×	×	×	×	√
restart database server	×	√	√	√	×	×
limit SYN/ICMP packets	√	√	√		√	√
add physical resource	√	×	√	√	√	×
repair database	√	√	×	×	×	√
correct homepage	×	√	√	×	√	×
delete suspicious account	√	√	√	√	×	√
address blacklist	×	√	√	×	√	×
patch SSH on FTP sever	√	√	√	√	×	×

表3

图6

图7

参考文献 27

[1]	方滨兴 . 从层次角度看网络空间安全技术的覆盖领域[J]. 网络与信息安全学报, 2015,1(1): 1-6.
	FANG B X . A hierarchy model on the research fields of cyberspace security technology[J]. Chinese Journal of Network and Information Security, 2015,1(1): 1-6.
[2]	GORDON L , LOEB M . Budgeting process for information security expenditures[J]. Communications of the ACM, 2018,49(9): 121-125.
[3]	ANDERSON R , . Why information security is hard:an economic perspective[C]// Proceedings of 17th Annual Computer Security Application Conference. Piscataway:IEEE Press, 2019: 39-40.
[4]	ESTEE W , JAN E . Identity deception detection:requirements and a model[J]. Information ＆ Computer Security, 2019,27(4): 562-574.
[5]	BASUS S , WONG J . A taxonomy of intrusion response systems[J]. International Journal of Information and Computer Security, 2019,1(1/2): 169-184.
[6]	王增光, 卢昱, 李玺 . 基于攻防博弈的军事信息网络安全风险评估[J]. 军事运筹与系统工程, 2019,33(2): 35-40.
	WANG Z G , LU Y , LI X . Risk evaluation of military information network security based on offensive and defensive games[J]. Military Operations Research and Systems Engineering, 2019,33(2): 35-40.
[7]	朱建明, 王秦 . 基于博弈论的网络空间安全若干问题分析[J]. 网络与信息安全学报, 2015,1(1): 43-49.
	ZHU J M , WANG Q . Analysis of cyberspace security based on game theory[J]. Chinese Journal of Network and Information Security, 2015,1(1): 43-49.
[8]	JAJODIA S , SUBRAHMANLAN V S , SWARUP V ,et al. Cyber deception[M]. Berlin: SpringerPress, 2016.
[9]	PANG Z H , LIU G P , ZHOU D H ,et al. Secure Networked control under deception attacks[M]. Berlin: SpringerPress, 2019: 147-163.
[10]	张恒巍, 余定坤, 韩继红 ,等. 基于攻防信号博弈模型的防御策略选取方法[J]. 通信学报, 2016,37(5): 51-61.
	ZHANG H W , YU D K , HAN J H ,et al. Defense policies selection method based on attack-defense signaling game model[J]. Journal on Communications, 2016,37(5): 51-61.
[11]	吴昊, 范九伦, 赖成喆 ,等. 基于攻防博弈和蒙特卡洛模拟的网站防御策略选取方法[J]. 通信学报, 2018,39(8): 48-55.
	WU H , FAN J L , LAI C Z ,et al. Website defense strategy selection method based on attack-defense game and Monte Carlo simulation[J]. Journal on Communications, 2018,39(8): 48-55.
[12]	蒋侣, 张恒巍, 王晋东 . 基于信号博弈的移动目标防御最优策略选取方法[J]. 通信学报, 2019,40(6): 128-137.
	JIANG L , ZHANG H W , WANG J D . Optimal strategy selection method for moving target defense based on signaling game[J]. Journal on Communications, 2019,40(6): 128-137.
[13]	FORTI N , BATTISTELLI G , CHISCI L ,et al. Worst-case analysis of joint attack detection and resilient state estimation[C]// IEEE 56th Annual Conference on Decision and Control. Piscataway:IEEE Press, 2018: 182-188.
[14]	RRUSHI J L , . Phantom projector:entrapping malware on machines in production[C]// International Conference on Malicious ＆ Unwanted Software. Piscataway:IEEE Press, 2018: 57-66.
[15]	林旺群, 王慧, 刘家红 . 基于非合作动态博弈的网络安全主动防御技术研究[J]. 计算机研究与发展, 2017,48(2): 306-316.
	LIN W Q , WANG H , LIU J H . Research on active defense technology in network security based on non-cooperative dynamic game theory[J]. Journal of Computer Research and Development, 2017,48(2): 306-316.
[16]	王长春, 程晓航, 朱永文 ,等. 计算机网络对抗行动策略的 Markov博弈模型[J]. 系统工程理论与实践, 2017,34(9): 2402-2410.
	WANG C C , CHENG X H , ZHU Y W ,et al. A Markov game model of computer network operation[J]. Systems Engineering -Theory ＆ Practice, 2017,34(9): 2402-2410.
[17]	贾召鹏, 方滨兴, 刘潮歌 ,等. 网络欺骗技术综述[J]. 通信学报, 2017,38(12): 128-143.
	JIA S P , FANG B X , LIU C G ,et al. Survey on cyber deception[J]. Journal on Communications, 2017,38(12): 128-143.
[18]	LYE K W , JEANNETTE W . Markov game strategies in network security[J]. International Journal of Information Security, 2018,4(1): 71-86.
[19]	HERBERT G . Game theory evolving[M]. Boston: Princeton University PressPress, 2015:10.
[20]	BORKOVSKY R N , DORASZELSKI U , KRYUKOV Y . A user’sguide to solving dynamic stochastic games using the homotopy method[J]. Operation Research, 2019,58(4): 1116-1132.
[21]	王元卓, 于建业, 邱雯 . 网络群体行为的演化博弈模型与分析方法[J]. 计算机学报, 2018,38(2): 282-300.
	WANG Y Z , YU J Y , QIU W . Evolutionary game model and analysis methods for network group behavior[J]. Chinese Journal of Computers, 2018,38(2): 282-300.
[22]	姜伟, 方滨兴, 田志宏 . 基于攻防随机博弈模型的防御策略选取研究[J]. 计算机研究与发展, 2017,47(10): 1714-1723.
	JIANG W , FANG B X , TIAN Z H . Research on defense strategies selection based on attack-defense stochastic game model[J]. Journal of Computer Research and Development, 2017,47(10): 1714-1723.
[23]	中国信息安全测评中心. 国家信息安全漏洞库[R].(2019-10-18)[2020-05-26].
	CNITSEC. China national vulnerability database of information security[R].(2019-10-18)[2020-05-26].
[24]	DORASZELSKI U , ESCOBAR J F . A theory of regular Markov perfect equilibria in dynamic stochastic games genericity,stability and purification[J]. Theoretical Economics, 2019,5(2): 369-402.
[25]	杨峻楠, 张红旗, 张传富 . 基于不完全信息随机博弈的防御决策方法[J]. 网络与信息安全学报, 2018,4(8): 12-20.
	YANG J N , ZHANG H Q , ZHANG C F . Defense decision-making method based on incomplete information stochastic game[J]. Chinese Journal of Network and Information Security, 2018,4(8): 12-20.
[26]	NILIM A , GHAOUI L E . Robust control of Markov decision processes with uncertain transition matrices[J]. Operations Research, 2019,53(5): 780-798.
[27]	张红旗, 杨峻楠, 张传富 . 基于不完全信息随机博弈与 Q-learning的防御决策方法[J]. 通信学报, 2018,39(8): 56-68.
	ZHANG H Q , YANG J N , ZHANG C F . Defense decision-making method based on incomplete information stochastic game and Q-learning[J]. Journal on Communications, 2018,39(8): 56-68.

模型	博弈类型	博弈过程	博弈者类型	通用性	均衡求解	算法复杂度	具体应用
文献[6]模型	静态博弈	单阶段	2	差	简单	O (mn)	网络风险评估
文献[7]模型	静态博弈	单阶段	2	差	简单	O (mn)	网络安全分析
文献[9]模型	动态博弈	单阶段	n	一般	详细	O(n+m) ²	防御策略选取
文献[12]模型	动态博弈	多阶段	n	一般	详细	O(2s(n+m ³))	移动目标防御
MCDGM	动态博弈	多阶段	n	较好	详细	O(n ²+m²)	防御欺骗研究

序号	原子攻击策略描述	权限	AL
a₁	attack address blacklist	root	10
a₂	attack SSH on FTP sever	root	10
a₃	LPC to LSASS process	root	11
a₄	Oracle TNS listener	user	7
a₅	install Web listener program	user	9
a₆	remote buffer overflow	user	8
a₇	install SQL listener program	access	6
a₈	homepage attack	access	6
a₉	steal account and crack it	access	5