拟态防御马尔可夫博弈模型及防御策略选择

doi:10.11959/j.issn.1000-436x.2018223

摘要/Abstract

摘要：

网络拟态防御通过冗余执行体动态性、多样性以及裁决反馈机制增强了主动防御顽健性，而对于其安全性评估尚缺少有效的分析模型，基于经典博弈模型无法满足于其多状态、动态性特点，不具有通用性等问题，提出拟态防御 Markov 博弈模型分析攻防状态间的转移关系以及安全可靠性度量方法，通过非线性规划算法计算攻防博弈均衡，以确定考虑防御代价的最佳防御策略。实验与多目标隐藏技术对比，结果表明拟态防御具有更高的防御效果，结合具体案例给出了针对利用系统漏洞攻击的具体攻防路径，验证了防御策略算法有效性。

关键词: 网络拟态防御, Markov博弈, 冗余执行体, 防御顽健性, 主动防御策略

Abstract:

Network mimic defense technology enhances the robustness of active defense through the redundancy,dynamic and diversity as well as the decision feedback mechanism.However,little work has been done for its security assessment and existing classic game models are not suitable for its dynamic characteristics and lack of universality.A Markov game model was proposed to analyze the transfer relationship between offensive and defensive status and the measurement method of safety and reliability of mimic defense,and calculated the offensive and defensive game equilibrium through non-linear programming algorithm to determine the best defensive strategy considering performance.Experiments give a comparison with the multi-target hiding technique and shows that the mimic defense has a higher defensive effect.Combining with the specific network case,the specific attack and defense path for the exploit of the system vulnerability is given and the effectiveness of the defense strategy algorithm is verified.

Key words: network mimic defense, Markov game, redundant execution units, defense robustness, active defense strategy

中图分类号:

TP393

张兴明,顾泽宇,魏帅,沈剑良. 拟态防御马尔可夫博弈模型及防御策略选择[J]. 通信学报, 2018, 39(10): 143-154.

Xingming ZHANG,Zeyu GU,Shuai WEI,Jianliang SHEN. Markov game modeling of mimic defense and defense strategy determination[J]. Journal on Communications, 2018, 39(10): 143-154.

图/表 15

图1

表1

图2

图3

图4

图5

图6

图7

表2

表3

表4

表5

收益矩阵"

S₀	S₁	S₂	S₃
$(\begin{matrix} - 10 & 25 & 30 \\ 25 & - 10 & 30 \\ - 10 & - 10 & 0 \end{matrix})$	$(\begin{matrix} 25 & - 10 & 0 & 0 & 30 \\ 28 & 28 & 20 & 0 & 30 \\ - 10 & - 10 & 0 & 0 & 0 \end{matrix})$	$(\begin{matrix} - 15 & 30 & 30 \\ - 15 & 0 & 0 \end{matrix})$	$(\begin{matrix} - 15 & 30 \\ 15 & 0 \end{matrix})$
$(\begin{matrix} 5 & - 30 & - 30 \\ - 30 & 5 & - 30 \\ 5 & 5 & 0 \end{matrix})$	$(\begin{matrix} - 30 & 5 & - 5 & - 20 & - 30 \\ - 33 & - 33 & - 25 & - 20 & 0 \\ 5 & 5 & - 5 & - 20 & 0 \end{matrix})$	$(\begin{matrix} 5 & - 50 & - 30 \\ 5 & - 20 & 0 \end{matrix})$	$(\begin{matrix} 5 & - 30 \\ - 25 & 0 \end{matrix})$

表5

表6

图8

图9

参考文献 20

[1]	SUBRAHMANIAN V S , OVELGONNE M , DUMITRAS T ,et al. The global cyber-vulnerability report[M]. Springer International Publishing, 2015.
[2]	OKHRAVI H , HOBSON T , BIGELOW D ,et al. Finding focus in the blur of moving-target techniques[J]. IEEE Security ＆ Privacy Magazine, 2014,12(2): 16-26.
[3]	邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10.
	WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
[4]	PRAKASH A , WELLMAN M P . empirical game-theoretic analysis for moving target defense[C]// ACM Workshop on Moving Target Defense. 2015: 57-65.
[5]	ELDOSOUKY A R , SAAD W , NIYATO D . Single controller stochastic games for optimized moving target defense[C]// ICC 2016 IEEE International Conference on Communications. 2016: 1-6.
[6]	FARHANG S , MANSHAEI M H , ESFAHANI M N ,et al. A dynamic bayesian security game framework for strategic defense mechanism design[M]// Decision and Game Theory for Security. Springer International Publishing, 2014: 319-328.
[7]	KAMBHAMPATI S , KAMBHAMPATI S , KAMBHAMPATI S ,et al. Moving target defense for web applications using bayesian stackelberg games[C]// International Conference on Autonomous Agents ＆Multiagent Systems. 2016: 1377-1378.
[8]	LEI C , MA D H , ZHANG H Q . Optimal strategy selection for moving target defense based on markov game[J]. IEEE Access, 2017,PP(99): 1-1.
[9]	MALEKI H , VALIZADEH S , KOCH W ,et al. Markov modeling of moving target defense games[C]// ACM Workshop on Moving Target Defense. 2016: 81-92.
[10]	魏帅, 于洪, 顾泽宇 ,等. 面向工控领域的拟态安全处理机架构[J]. 信息安全学报, 2017,2(1): 54-73.
	WEI S , YU H , GU Z Y ,et al. Architecture of mimic security processor for industry control system[J]. Journal of Cyber Security, 2017,2(1): 54-73.
[11]	仝青, 张铮, 张为华 ,等. 拟态防御 Web 服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897.
	TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implementation of mimic defense Web server[J]. Journal of Software, 2017,28(4): 883-897.
[12]	马海龙, 伊鹏, 江逸茗 ,等. 基于动态异构冗余机制的路由器拟态防御体系结构[J]. 信息安全学报, 2017,2(1): 29-42.
	MA H L , YI P , JIANG Y M ,et al. Dynamic heterogeneous redundancy based router architecture with mimic defense[J]. Journal of Cyber Security, 2017,2(1): 29-42.
[13]	CARTER K M , RIORDAN J F , OKHRAVI H . A game theoretic approach to strategy determination for dynamic platform defenses[C]// ACM Workshop on Moving Target Defense. 2014: 21-30.
[14]	WANG H , LI F , CHEN S . Towards cost-effective moving target defense against DDoS and covert channel attacks[C]// ACM Workshop on Moving Target Defense. 2016: 15-25.
[15]	WINTERROSE M L , CARTER K M . Strategic evolution of adversaries against temporal platform diversity active cyber defenses[C]// Proceedings of the Agent-Directed Simulation Symposium at the Spring Simulation Multi-conference. 2014: 68-76.
[16]	DORASZELSKI U , ESCOBAR J F . A theory of regular Markov perfect equilibria in dynamic stochastic games:genericity,stability,and purification[J]. Theoretical Economics, 2010,5(3): 369-402.
[17]	BORKOVSKY R N , DORASZELSKI U , KRYUKOV Y . A user’s guide to solving dynamic stochastic games using the homotopy method[J]. Operation Research, 2010,58(4): 1116-1132
[18]	陈小军, 方滨兴, 谭庆丰 ,等. 基于概率攻击图的内部攻击意图推断算法研究[J]. 计算机学报, 2014,37(1): 62-72.
	CHEN X J , FANG B X , TAN Q F ,et al. Inferring attack Intent of malicious insider based on probabilistic attack graph model[J]. Journal of Computer, 2014,37(1): 62-72.
[19]	SINGH U K , JOSHI C . Quantitative security risk evaluation using cvss metrics by estimation of frequency and maturity of exploit[C]// Proceedings of the World Congress on Engineering and Computer Science (WCECS2016). 2016.
[20]	姜伟, 方滨兴, 田志宏 ,等. 基于攻防博弈模型的网络安全测评和最优主动防御[J]. 计算机学报, 2009,32(4): 817-827.
	JIANG W , FANG B X , TIAN Z H ,et al. Evaluating network security and optimal active defense based on attack-defense game model[J]. Journal of Computer, 2009,32(4): 817-827.

符号	说明
N	冗余执行单元（可调度）规模
K	执行单元规模
k	防御容忍度（突破防御所需攻击的最小执行体数量）
l	跳变深度（单个执行体中可动态跳变的种类）
AV	攻击向量（N网络或L本地）
AC	攻击复杂度
vul	系统弱点编号

主机	操作系统	系统弱点信息	No.	CVSS评分	弱点属性
C1	Windows Server 2008	CVE-2017-0299 KASLR	1	5.0	AV:L/AC:L
		CVE-2017-0148 SMB远程缓冲区溢出	2	8.1	AV:N/AC:H
C2	Ubuntu 14.02	CVE-2016-10229 kernel远程执行代码	3	9.8	AV:N/AC:L
		CVE-2017-1000367本地覆盖提权	4	6.4	AV:L/AC:H
C3	Debian 7.0	CVE-2016-10229 内核远程执行代码	5	9.8	AV:N/AC:L
		CVE-2016-1247 web-root提权	6	7.8	AV:L/AC:L
C4	OpenBSD 6.0	CVE-2017-1000364远程内存破坏	7	7.4	AV:L/AC:H
C5	RedHat 6.0	CVE-2017-1000364远程内存破环	7	7.4	AV:L/AC:H
		CVE-2017-1000367本地覆盖提权	4	6.4	AV:L/AC:H

S₀	S₁
a={buffer overflow,code injection,NOP}	a={code injection,ROP,NOP}
d ={ASLR,ISR,NOP}	d ={ASLR,ISR,patch upgrade,system roll-back,NOP}
S₂	S₃
a={privilege gain,NOP}	a={ROP,NOP}
d ={diversified compilation,system roll-back,NOP}	d ={diversified compilation,NOP}

S₀	S₁	S₂	S₃
	P_1,2(a₁,d₁)=0.37
P_0,1(a₁,d₂)=0.41	P_1,2(a₂,d₃)=0.37	P_2,3(a₁,d₂)=0.32
P_0,1(a₂,d₁)=0.78	P_1,0(a₁,d₂)=0.90	P_2,1(a₁,d₁)=0.86	P_3,2(a₁,d₁)=0.82
P_0,0(a₃,d₃)=0.98	P_1,0(a₂,d₄)=0.98	P_2,2(a₂,d₃)=0.98	P_3,3(a₂,d₂)=0.98
	P_1,1(a₃,d₅)=0.98

状态	攻击策略	防御策略	攻击收益	防御收益
S₀	0.236 5 0.763 5 0]	0.292 0.292 0.4159]	16.858 6	-19.777
S₁	1 0 0]	0 0 1 0 0]	20	-20
S₂	1 0]	0.5 0.5 0]	30	-40
S₃	0.404 1 0.595 9]	0.5 0.5]	7.5	-12.5