APT攻击下的无线通信网络最优主动防御决策模型

doi:10.11959/j.issn.1000-0801.2024020

摘要/Abstract

摘要：

最优主动防御决策可以保障无线通信网络的安全稳定性，为了提高无线通信网络的防御效果，提出了APT攻击下的无线通信网络最优主动防御决策模型。关联无线通信网络日志，构建APT攻击对象集合，通过反馈相容系数计算APT攻击事件的绝对相容度，并预测APT攻击行为。基于APT攻击源对无线通信网络攻击的信道带宽，获取无线通信网络受到APT攻击的位置，利用无线通信网络节点的权值系数，提取无线通信网络的APT攻击特征。利用攻防图，计算得到APT攻击对无线通信网络的损害程度，通过定义无线通信网络的安全状态，构建了无线通信网络最优主动防御决策模型。实验结果表明，所提模型在防御无线通信网络的APT攻击时，可以将攻击数据包拒包率和吞吐量分别提高到90%以上和16 000 bit/s以上，并且时延较低，具有更好的防御效果。

关键词: APT攻击, 主动防御, 特征提取, 攻击趋势, 无线通信网络, 决策模型

Abstract:

The optimal active defense decision can ensure the security and stability of wireless communication networks.In order to improve the defense effectiveness of wireless communication networks, an optimal active defense decision model for wireless communication networks under APT attacks was proposed.Wireless communication network logs were associated, a set of APT attack objects were constructed, the absolute compatibility of APT attack events was calculated through feedback compatibility coefficients, and APT attack behaviors were predicted.Based on the channel bandwidth of APT attack sources on wireless communication networks, the location of the wireless communication network being attacked by APT was obtained, and the weight coefficients of wireless communication network nodes were used to extract the APT attack characteristics of the wireless communication network.Using the attack and defense diagram, the degree of damage caused by APT attacks to wireless communication networks was calculated.By defining the security status of wireless communication networks, an optimal active defense decision model for wireless communication networks was constructed.The experimental results show that the proposed model can increase the packet rejection rate and throughput of attack packets to over 90% and 16 000 bit/s respectively when defending against APT attacks in wireless communication networks, with lower time delay and better defense effectiveness.

Key words: APT attack, active defense, feature extraction, attack trend, wireless communication network, decision model

中图分类号:

TP393

孟勐, 王丹妮, 吕军, 张福良. APT攻击下的无线通信网络最优主动防御决策模型[J]. 电信科学, 2024, 40(2): 47-55.

Meng MENG, Danni WANG, Jun LYU, Fuliang ZHANG. Optimal active defense decision model of wireless communication network under APT attack[J]. Telecommunications Science, 2024, 40(2): 47-55.

图/表 9

图1

图2

表1

参数明细"

参数	含义	参数	含义	参数	含义
$X_{i} = {x_{i}^{1}, \dots, x_{i}^{a_{i}}, \dots}$	关联函数	f (x)	隶属度函数	ϕ	尺度因子
$ε (x_{j}^{a_{j}})$	属性	C_g	机密性代价	ϖ	权值系数
T_x	有效期限	ID_c	节点编号	$χ_{k}$	位置
D^*	攻击对象	B_j	主机标识	$\hat{ϖ}$	特征分量
v_i	可信度	γ	措施	Λ^*	特征值
$\partial_{i} (g_{k})$	可信度	S_f	损害	R_E	攻防图
T_i	记录时间	λ_S	损害系数	A	状态节点集合
$ω_{i}$	权重值	S_p	损害	Y	跳跃式过程
V_b	传输速率	ξ	成功概率	q_s	节点权限
g (t)	攻击位置	J^*	机密价值	w_i	权重
t⁰	攻击时延	$x_{i}^{j}$	日志	E (a,b)	期望收益
u_k	权值	Q	关联规则	ID_v	迁移序列号
h_k	权值	$ϑ_{APT}$	信任程度	S_e	损害
$μ^{2} (p)$	残差参数	Q _ij	反馈相容系数	X_APT	攻击序列
$l_{k}$	攻击特征	g_k	攻击事件	F_j	最大路径
Z_g	状态集合	$H_{i} (g_{k})$	绝对相容度	W_S	损害值变量
Z_o	初始安全状态	$\partial_{i} (g_{k})_{new}$	可行路径	$α_{j}$	损害程度
b_j	主机节点名	K_s	信道带宽	F_Y	最优主动防御决策模型
S	损害程度	f	信道频率	$σ_{d}$	危害系数

表1

图3

表2

图4

图5

图6

表3

参考文献 15

[1]	胡永进, 马骏, 郭渊博 ,等. 基于多阶段网络欺骗博弈的主动防御研究[J]. 通信学报, 2020,41(8): 32-42.
	HU Y J , MA J , GUO Y B ,et al. Research on active defense based on multi-stage cyber deception game[J]. Journal on Communications, 2020,41(8): 32-42.
[2]	HUANG Y , WANG W , JIANG T ,et al. Detecting colluding sybil attackers in robotic networks using backscatters[J]. IEEE/ACM Transactions on Networking, 2021,29(2): 793-804.
[3]	CHEN Z X , LU Y Q , QIN J C ,et al. An optimal seed scheduling strategy algorithm applied to cyberspace mimic defense[J]. IEEE Access, 2021(9): 129032-129050.
[4]	李静轩, 朱俊虎, 邱菡 ,等. 基于非零和随机博弈的 APT 攻击主动防御策略选取[J]. 计算机应用研究, 2020,37(10): 3071-3076,3111.
	LI J X , ZHU J H , QIU H ,et al. Active defense strategy selection for anti-APT attack based on non-zero-sum stochastic game[J]. Application Research of Computers, 2020,37(10): 3071-3076,3111.
[5]	王增光, 卢昱, 李玺 . 基于不完全信息博弈的军事信息网络主动防御策略选取[J]. 兵工学报, 2020,41(3): 608-617.
	WANG Z G , LU Y , LI X . Active defense strategy selection of military information network based on incomplete information game[J]. Acta Armamentarii, 2020,41(3): 608-617.
[6]	王小平, 周问, 刘博 . 三体对抗策略的预警机主动防御最优协同制导算法[J]. 空军工程大学学报(自然科学版), 2020,21(2): 16-23.
	WANG X P , ZHOU W , LIU B . A design of active defense optimal collaborative guidance algorithm for active defense of early warning aircraft based on three-body confrontation strategy[J]. Journal of Air Force Engineering University (Natural Science Edition), 2020,21(2): 16-23.
[7]	黄万伟, 袁博, 王苏南 ,等. 基于非零和信号博弈的主动防御模型[J]. 郑州大学学报(工学版), 2022,43(1): 90-96.
	HUANG W W , YUAN B , WANG S N ,et al. Proactive defense model based on non-zero-sum signal game[J]. Journal of Zhengzhou University (Engineering Science), 2022,43(1): 90-96.
[8]	田锋, 周安民, 刘亮 ,等. ARS：基于文件行为的勒索软件主动防御技术研究[J]. 四川大学学报(自然科学版), 2021,58(2): 97-105.
	TIAN F , ZHOU A M , LIU L ,et al. ARS:research on proactive defense technology of ransomware based on file behavior[J]. Journal of Sichuan University (Natural Science Edition), 2021,58(2): 97-105.
[9]	王丹妮, 陈伟, 羊洋 ,等. 基于高斯增强和迭代攻击的对抗训练防御方法[J]. 计算机科学, 2021,48(S1): 509-513,537.
	WANG D N , CHEN W , YANG Y ,et al. Countermeasure training defense method based on Gaussian enhancement and iterative attack[J]. Computer Science, 2021,48(S1): 509-513,537.
[10]	尚立, 陈明, 张磊 ,等. SDN中基于机器学习的DDoS攻击协同防御[J]. 电力系统保护与控制, 2021,49(16): 170-176.
	SHANG L , CHEN M , ZHANG L ,et al. Cooperative defense of DDoS attack based on machine learning in SDN[J]. Power System Protection and Control, 2021,49(16): 170-176.
[11]	谢升旭, 魏伟, 邢长友 ,等. 面向 SDN 拓扑发现的 LDoS 攻击防御技术研究[J]. 计算机工程与应用, 2020,56(10): 88-93.
	XIE S X , WEI W , XING C Y ,et al. Research on LDoS attack defense technology for SDN topology discovery[J]. Computer Engineering and Applications, 2020,56(10): 88-93.
[12]	蒋跃宇, 承昊新, 王康 ,等. PLC-RF 无线传输网络中的能效最优设计方法[J]. 电信科学, 2023,39(4): 111-119.
	JIANG Y Y , CHENG H X , WANG K ,et al. Design method of energy efficiency optimization in PLC-RF wireless transmission networks[J]. Telecommunications Science, 2023,39(4): 111-119.
[13]	顾泽宇, 张兴明, 魏帅 . 基于增强学习的自适应动态防御机制[J]. 小型微型计算机系统, 2019,40(2): 401-406.
	GU Z Y , ZHANG X M , WEI S . Adaptive dynamic defense mechanism based on reinforcement learning[J]. Journal of Chinese Computer Systems, 2019,40(2): 401-406.
[14]	李元诚, 杨珊珊 . 基于改进自注意力机制生成对抗网络的智能电网 GPS 欺骗攻击防御方法[J]. 电力自动化设备, 2021,41(11): 100-106.
	LI Y C , YANG S S . Defense method of smart grid GPS spoofing attack based on improved self-attention generative adversarial network[J]. Electric Power Automation Equipment, 2021,41(11): 100-106.
[15]	王增光, 卢昱, 李玺 . 多阶段信号博弈的装备保障信息网络主动防御[J]. 火力与指挥控制, 2020,45(12): 142-148.
	WANG Z G , LU Y , LI X . Research on active defense of equipment support information network based on multi-stage signaling game[J]. Fire Control ＆ Command Control, 2020,45(12): 142-148.

应用程序名称	代码行数/行	APT攻击数量/个
A	1 758	6
B	4 563	14
C	9 873	32
D	24 561	68
E	42 389	72
F	57 636	108
G	62 798	165
H	99 876	214

APT攻击数量/个	基于轻量级系统ScatterID技术	最优种子调度策略算法	基于非零和随机博弈防御决策模型	基于不完全信息博弈防御决策模型	文中防御决策模型
10	60 ms	53 ms	55 ms	70 ms	45 ms
20	65 ms	57 ms	61 ms	76 ms	49 ms
30	70 ms	61 ms	66 ms	79 ms	53 ms
平均时延	65 ms	57 ms	60.7 ms	75 ms	49 ms