通信学报 ›› 2023, Vol. 44 ›› Issue (5): 52-63.doi: 10.11959/j.issn.1000-436x.2023091

• 学术论文 • 上一篇    下一篇

基于有限理性的网络防御策略智能规划方法

刘盈泽, 郭渊博, 方晨, 李勇飞, 陈庆礼   

  1. 信息工程大学密码工程学院,河南 郑州 450001
  • 修回日期:2023-03-26 出版日期:2023-05-25 发布日期:2023-05-01
  • 作者简介:刘盈泽(1994- ),女,河南郑州人,信息工程大学博士生,主要研究方向为网络安全防御
    郭渊博(1975- ),男,陕西周至人,博士,信息工程大学教授、博士生导师,主要研究方向为网络防御、数据挖掘、机器学习和人工智能安全等
    方晨(1993- ),男,安徽宿松人,信息工程大学讲师,主要研究方向为机器学习、隐私安全
    李勇飞(1998- ),男,河南开封人,信息工程大学硕士生,主要研究方向为威胁情报实体抽取及关系抽取
    陈庆礼(1998- ),男,河南新乡人,信息工程大学硕士生,主要研究方向为人工智能安全
  • 基金资助:
    国家自然科学基金资助项目(62276091);河南省重大公益专项基金资助项目(201300311200)

Intelligent planning method for cyber defense strategies based on bounded rationality

Yingze LIU, Yuanbo GUO, Chen FANG, Yongfei LI, Qingli CHEN   

  1. Department of Cryptogram Engineering, Information Engineering University, Zhengzhou 450001, China
  • Revised:2023-03-26 Online:2023-05-25 Published:2023-05-01
  • Supported by:
    The National Natural Science Foundation of China(62276091);The Major Public Welfare Project of Henan Province(201300311200)

摘要:

考虑到网络防御主体通常具有资源受限等特点,基于智能化攻防对抗的理念研究了有限理性条件下的网络防御策略智能规划与自主实施。首先,融合攻击图、通用与领域专有知识构建网络防御安全本体;在此基础上,利用知识推理推荐安全防御策略,以更好地适应受保护网络信息资产的安全需求及当前所面临的攻击威胁;最后,结合有限理性的智能规划方法,实现网络安全防御资源受限、网络信息资产动态变化等约束条件下的防御策略自主规划与实施。实例表明,动态攻击下所提方法具有稳健性。将所提方法与现有基于博弈论及攻击图方法进行对比,实验结果表明在对抗一次典型的APT攻击时所提方法的防御有效性提高了5.6%~26.12%。

关键词: 网络防御, 防御策略推荐, 智能规划, 有限理性, 安全本体

Abstract:

Considering that network defense subjects were usually resource-constrained, an intelligent planning and au-tonomous implementation of network defense strategies under bounded rationality was studied considering the concept of intelligent confrontation.First, attack graph, general knowledge and domain-specific knowledge were fused to construct a network defense security ontology.On that basis, knowledge reasoning was utilized to recommend security defense strategies to better adapt to the security needs of protected network information assets and current attack threats.Finally, an autonomous planning and implementation of defense strategies was achieved under the constraints of limited network security defense resources and dynamic changes of network information assets with the help of bounded rationality.The example shows that the proposed method is robust under dynamic attacks.The experiments show that the defense effec-tiveness is improved by 5.6%~26.12% compared with existing game theory and attack graph-based methods against a typical APT attack.

Key words: cyber defense, defense strategy recommendation, intelligent planning, bounded rationality, security ontology

中图分类号: 

No Suggested Reading articles found!