基于M-FlipIt博弈模型的拟态防御策略评估

doi:10.11959/j.issn.1000-436x.2020136

通信学报 ›› 2020, Vol. 41 ›› Issue (7): 186-194.doi: 10.11959/j.issn.1000-436x.2020136

基于M-FlipIt博弈模型的拟态防御策略评估

丁绍虎¹,齐宁¹,郭义伟²

¹ 信息工程大学信息技术研究所，河南郑州 450002
² 河南信大网御科技有限公司研发部，河南郑州 450002

修回日期:2020-05-07 出版日期:2020-07-25 发布日期:2020-08-01
作者简介:丁绍虎（1979- ），男，北京人，信息工程大学博士生，主要研究方向为网络安全、新型网络体系结构|齐宁（1983- ），男，山东单县人，博士，信息工程大学讲师，主要研究方向为新一代信息网络、信息安全等|郭义伟（1983- ），男，河南商丘人，河南信大网御科技有限公司工程师，主要研究方向内生安全、云计算等
基金资助:
国家自然科学基金创新研究群体资助项目(61521003)

Evaluation of mimic defense strategy based on M-FlipIt game model

Shaohu DING¹,Ning QI¹,Yiwei GUO²

¹ Institute of Information Technology,Information Engineering University,Zhengzhou 450002,China
² Research and Development Department of Henan Xinda Wangyu Technology Co.,Ltd.,Zhengzhou 450002,China

Revised:2020-05-07 Online:2020-07-25 Published:2020-08-01
Supported by:
The Foundation for Innovative Research Groups of the National Natural Science Foundation of China(61521003)

摘要/Abstract

摘要：

针对先进持久性威胁场景中模拟防御系统安全性能评估的不足，基于FlipIt博弈论模型，提出了一种改进的博弈模型。对不同的异构性条件下的拟态防御动态策略进行评估，并设计案例进行仿真分析。仿真结果表明，不定周期的轮换能够弥补异构性的不足，维持防御者较高的博弈收益。

关键词: 网络空间拟态防御, 高级持续性威胁, 博弈模型, 仿真分析

Abstract:

To make up for the lack of security performance evaluation of the mimic defense systems in the advanced persistent threat scenarios an improved game model based on the FlipIt game theory model was proposed.The dynamic strategy of mimic defense under different heterogeneity conditions was evaluated,and a case study for the simulation analysis was conducted.The simulation results show that the rotation of indefinite period can make up for the lack of heterogeneity and maintain the higher game payoff of defenders.

Key words: cyberspace mimic defense, advanced persistent threat, game model, simulation analysis

中图分类号:

TP393.1

丁绍虎,齐宁,郭义伟. 基于M-FlipIt博弈模型的拟态防御策略评估[J]. 通信学报, 2020, 41(7): 186-194.

Shaohu DING,Ning QI,Yiwei GUO. Evaluation of mimic defense strategy based on M-FlipIt game model[J]. Journal on Communications, 2020, 41(7): 186-194.

图/表 7

图1

图2

图3

表1

图4

图5

图6

参考文献 20

[1]	National Science and Technology Council. Trustworthy cyberspace:strategic plan for the federal cybersecurity research and development program[R]. Executive Office of the President of The United States,(2011-12)[2020-01-08].
[2]	COX B , EVANS D , FILIPI A ,et al. N-variant systems:a secretless framework for security through diversity[C]// Conference on USENIX Security Symposium. Berkeley:USENIX Association, 2006: 1-16.
[3]	HOFMEYR S A , FORREST S . Architecture for an artificial immune system[J]. Evolutionary Computation, 2000,8(4): 443-473.
[4]	KAMPANAKIS P , PERROS H , BEYENE T . SDN-based solutions for moving target defense network protection[C]// The 2014 IEEE International Symposium on World of Wireless,Mobile and Multimedia Networks. Piscataway:IEEE Press, 2014: 1-6.
[5]	邬江兴 . 网络空间拟态防御[J]. 信息安全学报, 2016,1(4): 1-10.
	WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
[6]	任权, 邬江兴, 贺磊 . 基于GSPN的拟态DNS构造策略研究[J]. 信息安全学报, 2019,4(2): 37-52.
	REN Q , WU J X , HEI L . Research on mimic DNS architectural strategy based on generalized stochastic petri net[J]. Journal of Cyber Security, 2019,4(2): 37-52.
[7]	扈红超, 陈福才, 王禛鹏 . 拟态防御 DHR 模型若干问题探讨和性能评估[J]. 信息安全学报, 2016,1(4): 40-51.
	HU H C , CHEN F C , WANG Z P . Performance evaluations on DHR for cyberspace mimic defense[J]. Journal of Cyber Security, 2016,1(4): 40-51.
[8]	张杰鑫, 庞建民, 张铮 . 拟态构造的Web服务器异构性量化方法[J]. 软件学报, 2020,31(2): 564-577.
	ZHANG J X , PANG J M , ZHANG Z . Quantification method for heterogeneity on Web server with mimic construction[J]. Journal of Software, 2020,31(2): 564-577.
[9]	张杰鑫, 庞建民, 张铮 ,等. 拟态构造Web服务器的服务质量量化方法[J]. 计算机科学, 2019,46(11): 109-118.
	ZHANG J X , PANG J M , ZHANG Z ,et al. QoS quantification method for Web server with mimic construction[J]. Computer Science, 2019,46(11): 109-118
[10]	张杰鑫, 庞建民, 张铮 ,等. 面向拟态构造Web服务器的执行体调度算法[J]. 计算机工程, 2019,45(8): 14-21.
	ZHANG J X , PANG J M , ZHANG Z ,et al. Executors scheduling algorithm for Web server with mimic structure[J]. Computer Engineering, 2019,45(8): 14-21.
[11]	李卫超, 张铮, 王立群 ,等. 一种拟态构造的Web威胁态势分析方法[J]. 计算机工程, 2019,45(8): 1-6.
	LI W C , ZHANG Z , WANG L Q ,et al. A web threat situation analysis method for mimic structure[J]. Computer Engineering, 2019,45(8): 1-6.
[12]	DO C T , TRAN N H , HONG C ,et al. Game theory for cyber security and privacy[J]. ACM Computing Surveys, 2017,50(2): 1-37.
[13]	张兴明, 顾泽宇, 魏帅 ,等. 拟态防御马尔可夫博弈模型及防御策略选择[J]. 通信学报, 2018,39(10): 143-154.
	ZHANG X M , GU Z Y , WEI S ,et al. Markov game modeling of mimic defense and defense strategy determination[J]. Journal on Communications, 2018,39(10): 143-154.
[14]	齐超 . 拟态网络操作系统架构及关键技术研究[D]. 郑州:信息工程大学, 2018.
	QI C . Research on the key technologies of mimic network operating system architecture[D]. Zhengzhou:Information Engineering University, 2018.
[15]	廉哲, 殷肖川, 席茜 ,等. 一种基于拟态防御机制的 SDN 虚拟蜜网[J]. 计算机工程与应用, 2019,55(1): 115-120.
	LIAN Z , YIN X C , XI X ,et al. SDN virtual honeynet based on mimic defense mechanism[J]. Computer Engineering and Applications, 2019,55(1): 109-114.
[16]	MARTEN V D , ARI J , ALINA O . FlipIt:the game of “stealthy takeover”[J]. Journal of Cryptology, 2013,26(4): 655-713.
[17]	LASZKA A , HORVATH G , FELEGYHAZI M ,et al. FlipThem:modeling targeted attacks with FlipIt for multiple resources[J]. Lecture Notes in Computer Science, 2014,8840: 175-194.
[18]	ARON L , BENJAMIN J , JENS G . Mitigating covert compromises[C]// Web and Internet Economics. Berlin:Springer, 2013: 319-332.
[19]	VIET P , CARLOS C . Are we compromised? modelling security assessment games[C]// Decision and Game Theory for Security. Berlin:Springer, 2012: 234-247.
[20]	JONES S , OUTKIN A , GEARHART J ,et al. Evaluating moving target defense with PLADD[R]. Sandia National Laboratories,(2015-09-1)[2020-01-08].

攻击结果	攻击者收益u_A	防御者收益u_D
攻击成功	-C_A(t ₀)+T-t₀	-C_D+ ₀t
攻击失败	-C_A(T)	-C_D+T

基于M-FlipIt博弈模型的拟态防御策略评估

Evaluation of mimic defense strategy based on M-FlipIt game model

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 20

相关文章 3

Metrics

推荐阅读 0

[1]	冷涛, 蔡利君, 于爱民, 朱子元, 马建刚, 李超飞, 牛瑞丞, 孟丹. 基于系统溯源图的威胁发现与取证分析综述[J]. 通信学报, 2022, 43(7): 172-188.
[2]	刁嘉文, 方滨兴, 崔翔, 王忠儒, 甘蕊灵, 冯林, 姜海. DNS隐蔽信道综述[J]. 通信学报, 2021, 42(5): 164-178.
[3]	付钰，李洪成，吴晓平，王甲生. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11): 1-14.