安全数据采集代理顽健部署策略研究

doi:10.11959/j.issn.1000-436x.2019121

Abstract

Abstract:

With the frequent occurrence of “network black production” incidents,attackers strategically launch target attacks with the idea of “profit-seeking”.Existing network monitoring systems lack accurate and effective monitoring strategies for “strategic attacks”.Therefore,in an adversarial environment,how to optimize the deployment of collection agents for better monitoring results becomes an extremely important issue.Based on this,a robust deployment strategy of collection agents was proposed for the above mentioned problem.Firstly,the idea of attack-defense game was introduced to measure the collection agents,threat events and their relations,then the MADG model was built.Secondly,considering that the traditional accurate solution algorithm cannot solve the problem,the robust acquisition agent deployment algorithm called RCD algorithm was designed to approximate the problem by using the sub-module and non-growths of the objective function.Finally,the RCD algorithm was verified.The experimental results show that the above model and method is feasible,effective and expandable.

Key words: collection agent, security data, defender-attacker game theory, robust, deployment strategy

CLC Number:

TP302

Figures/Tables 18

组合	威胁事件	影响I	攻击可能发生的概率P	攻击效用值R	$C= \frac{C_{max} + C_{min}}{2}$	max(f,c)	FCA	上一轮	增量	增量最小
	1	14	1	14	9.722 703 175	14
0	2	20	1	20	9.722 703 175	20	13.430 675 79	-	-	-
	3	5	1	5	9.722 703 175	9.722 703 18
	4	10	1	10	9.722 703 175	10
	1	14	0.691 6	9.682 4	9.722 703 175	9.722 703 18
1	2	20	1	20	9.722 703 175	20	12.361 351 59	13.430 675 79	-1.069 324 206
	3	5	1	5	9.722 703 175	9.722 703 18
	4	10	1	10	9.722 703 175	10
	1	14	0.76	10.64	9.722 703 175	10.64
2	2	20	0.85	17	9.722 703 175	17	11.840 675 79	13.430 675 79	-1.59
	3	5	0.541 45	2.707 25	9.722 703 175	9.722 703 18
	4	10	1	10	9.722 703 175	10
	1	14	1	14	9.722 703 175	14
3	2	20	0.487 5	9.75	9.722 703 175	9.75	10.868 175 79	13.430 675 79	-2.562 5	-2.5625
	3	5	1	5	9.722 703 175	9.722 703 18
	4	10	1	10	9.722 703 175	10
	1	14	1	14	9.722 703 175	14
4	2	20	0.6	12	9.722 703 175	12	11.361 351 59	13.430 675 79	-2.069 324 206
	3	5	1	5	9.722 703 175	9.722 70318
	4	10	0.85	8.5	9.722 703 175	9.722 70318
	1	14	1	14	9.722 703 175	14
5	2	20	1	20	9.722 703 175	20	13.361 351 59	13.430 675 79	-0.069 324 206
	3	5	1	5	9.722 703 175	9.722 70318
	4	10	0.28	2.8	9.722 703 175	9.722 70318
	1	14	0.691 6	9.682 4	9.722 703 175	9.722 70318
31	2	20	0.487 5	9.75	9.722 703 175	9.75	9.798 851 588	10.868 175 79	-1.069 324 206
	3	5	1	5	9.722 703 175	9.722 70318
	4	10	1	10	9.722 703 175	10
	1	14	0.76	10.64	9.722 703 175	10.64
32	23	205	0.487 50.541 45	9.752.707 25	9.722 703 1759.722 703 175	9.759.722 70318	9.958 851 588	10.868 175 79	-0.909 324 206
	4	10	0.73	7.3	9.722 703 175	9.722 70318				-1.069 324 206
	1	14	1	14	9.722 703 175	14				-1.069 324 206
34	2	20	0.292 5	5.85	9.722 703 175	9.722 70318	10.792 027 38	10.868 175 79	-0.076 148 413
	3	5	1	5	9.722 703 175	9.722 70318
	4	10	0.85	8.5	9.722 703 175	9.722 70318
	1	14	1	14	9.722 703 175	14
35	2	20	0.487 5	9.75	9.722 703 175	9.75	10.798 851 59	10.868 175 79	-0.069 324 206
	3	5	1	5	9.722 703 175	9.722 70318
	4	10	0.28	2.8	9.722 703 175	9.722 70318
312	1	14	0.691 6	9.682 4	9.722 703 175	9.722 70318
	2	20	0.487 5	9.75	9.722 703 175	9.75	9.729 527 381	9.798 851 588	-0.069 324 206	-0.076 148 413
	3	5	0.541 45	2.707 25	9.722 703 175	9.722 70318
	4	10	0.73	7.3	9.722 703 175	9.722 70318

组合	威胁事件	影响I	攻击可能发生的概率P	攻击效用值R	$C= \frac{C_{max} + C_{min}}{2}$	max(f,c)	FCA	上一轮	增量	增量最小
	1	14	0.691 6	9.682 4	9.722 703 175	9.722 70318
314	2	20	0.292 5	5.85	9.722 703 175	9.722 70318	9.722 703 175	9.798 851 588	-0.076 148 413
	3	5	1	5	9.722 703 175	9.722 70318
	4	10	0.85	8.5	9.722 703 175	9.722 70318				-0.076 148 413
	1	14	0.691 6	9.682 4	9.722 703 175	9.722 70318				-0.076 148 413
315	2	20	0.487 5	9.75	9.722 703 175	9.75	9.729 527 381	9.798 851 588	-0.069 324 206
	3	5	1	5	9.722 703 175	9.722 703 18
	4	10	0.28	2.8	9.722 703 175	9.722 703 18

References 27

[1]	马莉波, 李星, 张亮 . 有效扫描监测系统建模与部署[J]. 软件学报, 2009,20(4): 845-857.
	MA L B , LI X , ZHANG L . On modeling and deploying an effective scan monitoring system[J]. Journal of Software, 2009,20(4): 845-857.
[2]	TALELE N , TEUTSCH J , ERBACHER R ,et al. Monitor placement for large-scale systems[C]// The 19th ACM symposium on Access control models and technologies (SACMT’14). 2014: 29-40.
[3]	AQIL A . Resource efficient frameworks for network and security problems[D]. California:University of California,Riverside, 2017.
[4]	BREITBART Y , CHAN C Y , GAROFALAKIS M ,et al. Efficiently monitoring bandwidth and latency in IP networks[C]// INFOCOM, 2001: 1-10.
[5]	HOCHBAUM D S . Approximation algorithm for NP-Hard problems[M]. Boston: PWS Publishing CompanyPress, 1997.
[6]	SUH K , GUO Y , KUROSE J ,et al. Locating network monitors:complexity,heuristics and coverage[C]// INFOCOM 2005. 2005: 351-361.
[7]	CHAUDET C , FLEURY E , GUéRIN LASSOUS I ,et al. Optimal positioning of active and passive monitoring devices[C]// The CoNEXT. 2005: 71-82.
[8]	蔡志平, 刘芳, 赵文涛 ,等. 网络测量部署模型及其优化算法[J]. 软件学报, 2008,19(2): 419-431.
	CAI Z P , LIU F , ZHAO W T ,et al. Deploying models and optimization algorithms of network measurement[J]. Journal of Software, 2008,19(2): 419-431.
[9]	LESKOVEC J , KRAUSE A , GUESTRIN C ,et al. Cost-effective outbreak detection in networks[C]// The 13th ACM SIGKDD International Conference on Knowledge Discovery and Datamining. 2007: 420-429.
[10]	KRAUSE A , MCMAHAN B , GUESTRIN C ,et al. Selecting observations against adversarial objectives[C]// International Conference on Neural Information Processing Systems. 2007: 777-784.
[11]	COMBOUL M , GHANEM R . Value of information in the design of resilient water distribution sensor networks[J]. Journal of Water Resources Planning and Management, 2012,139(4): 449-455.
[12]	YU Y , XIAO G . On early detection of strong infections in complex networks[J]. Journal of Physics A Mathematical ＆ Theoretical, 2014,47(6): 881-892.
[13]	ZHOU C , LU W X , ZHANG J Z ,et al. Early detection of dynamic harmful cascades in large-scale networks[J]. Journal of Computational Science, 2018(28): 304-317.
[14]	THAKORE U , GABRIEL A W , WILLIAM H S . A quantitative method-ology for security monitor deployment[C]// 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 2016: 1-12.
[15]	MARBACK A , DO H , HE K ,et al. A threat model‐based approach to security testing[J]. Software:Practice and Experience, 2013,43(2): 241-258.
[16]	PARDUE H , LANDRY J , YASINSAC A . A risk assessment model for voting systems using threat trees and Monte Carlo simulation[C]// 2009 First International Workshop on Requirements Engineering for e-Voting Systems (RE-VOTE). 2010: 55-60.
[17]	MORIKAWA I , YAMAOKA Y . Threat tree templates to ease difficulties in threat modeling[C]// 2011 14th International Conference on Network-Based Information Systems. 2011: 673-678.
[18]	ZHOU D , YAN Z , FU Y ,et al. A survey on network data collection[J]. Journal of Network and Computer Applications, 2018,116(8): 9-23.
[19]	LIU G , YAN Z , PEDRYCZ W . Data collection for attack detection and security measurement in mobile Ad Hoc networks:a survey[J]. Journal of Network and Computer Applications, 2018,105(3): 105-122.
[20]	LIN H , YAN Z , CHEN Y ,et al. A survey on network security-related data collection technologies[J]. IEEE Access, 2018,6(3): 18345-18365.
[21]	HE L , YAN Z , ATIQUZZAMAN M . LTE/LTE-a network security data collection and analysis for security measurement:a survey[J]. IEEE Access, 2018,6(1): 4220-4242.
[22]	CUPPENS F , ORTALO R . LAMBDA:a language to model a database for detection of attacks[C]// International Workshop on Recent Advances in Intrusion Detection. 2000: 197-216.
[23]	TOTEL E , BERNARD V , LUDOVIC M . A language driven intrusion detection system for event and alert correlation[C]// Security and Protection in Information Processing Systems. 2004: 209-224.
[24]	HOSMER H H , . Security is fuzzy!:applying the fuzzy logic paradigm to the multipolicy paradigm[C]// Workshop on New Security Paradigms. 1993: 175-184.
[25]	FEIGE U . A threshold of ln n for approximating set cover[J]. Journal of the ACM, 1998,45(4): 634-652.
[26]	NEMHAUSER G L , WOLSEY L A , FISHER M L . An analysis of approximations for maximizing submodular set functions—I[J]. Mathematical Programming, 1978,14(1): 265-294.
[27]	FUJITO T . Approximation algorithms for submodular set cover with applications[J]. IEICE Transactions on Information and Systems, 2000,83(3): 480-487.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	含义
V	系统中所有的设备节点集合
v	系统中任意一个设备节点
Ψ	威胁事件集合
ψ	威胁事件
S	内嵌式采集代理集合
S_d	采集代理的部署集合
s_i	第i个采集代理
C	所有特征信标集合
?	特征信标
τ	最小特征信标集合
?(s)	采集代理和特征信标对应关系
γ(ψ)	检测威胁事件的证据
Conf(ψ,S_d)	置信度
Risk_ψ	威胁事件ψ的风险
P_ψ	威胁事件ψ发生概率
I_ψ	威胁事件ψ影响值

最小特征信标集合	概率
{?₁}	0.3
{?₂}	0.8
{?₃}	0.5
{?₈}	0.7
{?₁₁}	0.8
{?₄}	0.5
{?₅}	1.0
{?₆}	0.3
{?₇,?₁₀}	0.9
{?₁₂}	0.3
{?₁₃}	0.8

采集代理	置信度
s₁	0.3
s₂	0.3
s₃	0.5
s₄	0.5
s₅	0.9

威胁事件	影响值
ψ₁	14
ψ₂	20
ψ₃	5
ψ₄	10

求解算法	部署集合S_d	增量	效用函数值
EXACT算法	1,3,4]	—	9.682 4
GOMD算法^[14]	1,3,4]	0.076 148 413	9.682 4
RCD算法	1,3,4]	—	9.682 4

Robust deployment strategy for security data collection agent

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 18

References 27

Related Articles 15

Metrics

Recommended 0

设备节点数量/个	EXACT算法	MMI^[12]算法	GOMD^[14]算法	RCD算法
0	19	19	19	19
5	18	19	18	18
10	17	18	17	17
15	17.76	19	18	17.76
20	18	18	19	18
25	17	19	19	17
30	17	19	19	17
35	18	19	19	18
40	18	19	19	18
45	17	19	18	17
50	18.24	19	19	18.24

采集代理数量/个	EXACT算法	MMI ^[12]算法	GOMD^[14]算法RCD算法
0	19	19	19 19
3	18.24	19	1918.24
5	—	19	1918.24
10	—	19	1918.24
15	—	19	1918.24
20	—	19	1918.24
25	—	19	1918.24

[1]	Jinyin CHEN, Haiyang XIONG, Haonan MA, Yayu ZHENG. CLB-Defense: based on contrastive learning defense for graph neural network against backdoor attack [J]. Journal on Communications, 2023, 44(4): 154-166.
[2]	Yiteng WU, Wei LIU, Hongtao YU. Label flipping adversarial attack on graph neural network [J]. Journal on Communications, 2021, 42(9): 65-74.
[3]	Wanming HAO, Jinkun XIE, Gangcan SUN, Zhengyu ZHU, Yiqing ZHOU. Robust chance-constrained optimization algorithm design for secure wireless powered backscatter communication system [J]. Journal on Communications, 2021, 42(3): 100-110.
[4]	Fengkui GONG, Ni WEN, Guo LI, Yang GAO. Low-complexity and frequency-offset-robust synchronization algorithm based on CAZAC sequence [J]. Journal on Communications, 2021, 42(2): 64-71.
[5]	Weihua WU,Guanhua CHAI,Qinghai YANG,Runzi LIU. Deep and robust resource allocation for random access network based with imperfect CSI [J]. Journal on Communications, 2020, 41(7): 29-37.
[6]	Yongjun XU,Hao XIE,Qianbin CHEN,Jinzhao LIN,Qilie LIU. Energy efficiency optimization algorithm for heterogeneous NOMA network based on imperfect CSI [J]. Journal on Communications, 2020, 41(7): 131-140.
[7]	Yongjun XU,Yang YANG,Qilie LIU,Qianbin CHEN,Jinzhao LIN. Robust power and subcarrier allocation algorithm for cognitive network based on interference efficiency maximization [J]. Journal on Communications, 2020, 41(1): 84-93.
[8]	Leqing ZHU,Yu GUO,Lingqiang MO,Daxing ZHANG. DGANS:robustness image steganography model based on double GAN [J]. Journal on Communications, 2020, 41(1): 125-133.
[9]	Yongjun XU,Yuan HU,Guoquan LI,Jinzhao LIN,Qianbin CHEN. Robust resource allocation algorithm for heterogeneous wireless networkwith SWIPT [J]. Journal on Communications, 2019, 40(7): 186-196.
[10]	Chao LIU,Zhiguo ZHANG,Jinping SUN. Amplitude information based robust tracking method for multiple marine targets [J]. Journal on Communications, 2019, 40(2): 60-69.
[11]	Xingming ZHANG,Zeyu GU,Shuai WEI,Jianliang SHEN. Markov game modeling of mimic defense and defense strategy determination [J]. Journal on Communications, 2018, 39(10): 143-154.
[12]	Hao HE,Yong-rui CHEN,Wei-dong YI,Ming LI. Deployment strategy for static chargers in WRSN [J]. Journal on Communications, 2017, 38(Z1): 156-164.
[13]	Shi-lei ZHU,You ZHOU,Xiu-kun REN,Han-ying HU. Robust interference alignment algorithm for cognitive MIMO interference network [J]. Journal on Communications, 2016, 37(3): 157-164.
[14]	Kai WU,Tao SU,Qiang LI,Xue-hui HE. Design of robust constant beamwidth beamformer with maximal sparsity [J]. Journal on Communications, 2015, 36(9): 160-168.
[15]	Wei-wei ZHANG,Chen ZHAO,De-tian HUANG,Pei ZHANG,Yi-xian YANG. Semi-fragile video watermarking algorithm for H.264/AVC based on cost strategy [J]. Journal on Communications, 2015, 36(10): 110-118.