基于信号博弈的移动目标防御最优策略选取方法

doi:10.11959/j.issn.1000-436x.2019125

Abstract

Abstract:

To solve the problem of the optimal strategy selection for moving target defense,the defense strategy was defined formally,the defense principle from the perspective of attack surface shifting and exploration surface enlarging was taken into account.Then,network attack-defense behaviors were analyzed from the sight of dynamic confrontation and bounded information.According to the analysis of attack-defense game types and confrontation process,the moving target defense model based on signaling game was constructed.Meanwhile,the method to quantify strategies was improved and the solution of perfect Bayesian equilibrium was proposed.Furthermore,the optimal defense strategy selection algorithm was designed by the equilibrium analysis.Finally,the simulation demonstrates the effectiveness and feasibility of the proposed optimal strategy and selection method.

Key words: network security, moving target defense, signaling game, perfect Bayesian equilibrium, defense strategy selection

CLC Number:

TP309

JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game[J]. Journal on Communications, 2019, 40(6): 128-137.

Figures/Tables 6

防御策略		策略描述	MTD类型	防御成本
	d₁	IP switch,data storage enlarge ,动态频率	攻击面变换+探测面扩展	220
$t_{d}^{1}$	d₂	protocol switch,port counterchange,固定频率	攻击面转移+攻击面变换	190
	d₃	fingerprint switch,Renew root data ,动态频率	攻击面转移	170
	d₄	port enlarge,protocol switch,固定频率	攻击面转移+探测面扩展	160
	d₅	route enlarge,install oracle patches ,动态频率	探测面扩展	120
$t_{d}^{2}$	d₆	port switch,patch SSH on FTP ,固定频率	攻击面转移	115
	d₇	add physical resources,add address blacklist	探测面扩展	125
	d₈	limit packet to ports,limit ICMP/SYN packets	无	110

References 25

[1]	方滨兴 . 从层次角度看网络空间安全技术的覆盖领域[J]. 网络与信息安全学报, 2015,1(1): 1-6.
	FANG B X . A hierarchy model on the research fields of cyberspace security technology[J]. Chinese Journal of Network and Information Security, 2015,1(1): 1-6.
[2]	JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[M]. Berlin: Springer Science Business MediaPress, 2011.
[3]	蔡桂林, 王宝生, 王天佐 ,等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016,53(5): 968-987.
	CAI G L , WANG B S , WANG T Z ,et al. Research on development of moving target defense technology[J]. Journal of Computer Research and Development, 2016,53(5): 968-987.
[4]	刘效武, 王慧强, 吕宏武 ,等. 网络安全态势认知融合感控模型[J]. 软件学报, 2016,27(8): 2099-2114.
	LIU X W , WANG H Q , LV H W ,et al. Fusion-based cognitive awareness-control model for network security situation[J]. Journal of Software, 2016,27(8): 2099-2114.
[5]	朱建明, 王秦 . 基于博弈论的网络空间安全若干问题分析[J]. 网络与信息安全学报, 2015,1(1): 43-49.
	ZHU J M , WANG Q . Analysis of cyberspace security based on game theory[J]. Chinese Journal of Network and Information Security, 2015,1(1): 43-49.
[6]	MANADHATA P K . Game theoretic approaches to attack surface shifting[J]. ACM Transactions on Information and System Security, 2017,23(2): 145-153.
[7]	CARTER K M , RIORDAN J F , OKHRAVI H . A game theoretic approach to strategy determination for dynamic platform defenses[C]// ACM Workshop on Moving Target Defense. ACM, 2017: 21-30.
[8]	VADLAMUDI S G , SENGUPTA S , KAMBHAMPATI S ,et al. Moving target defense for Web applications using Bayesian Stackelberg games[J]. Adaptive Agents and Multi-Agents Systems, 2016: 1377-1378.
[9]	FILLER T , JUDAS J , FRIDRICH J . Signaling game model:DDoS defense analysis[J]. Journal of Security Engineering, 2016,39(3): 414-417.
[10]	张恒巍, 余定坤, 韩继红 ,等. 信号博弈网络安全威胁评估方法[J]. 西安电子科技大学学报, 2016,43(3): 137-143.
	ZHANG H W , YU D K , HAN J H ,et al. Network security threat assessment based on the signaling game[J]. Journal of Xidian University, 2016,43(3): 137-143.
[11]	张恒巍, 余定坤, 韩继红 ,等. 基于攻防信号博弈模型的防御策略选取方法[J]. 通信学报, 2016,37(5): 51-61.
	ZHANG H W , YU D K , HAN J H ,et al. Defense policies selection method based on attack-defense signaling game model[J]. Journal on Communications, 2016,37(5): 51-61.
[12]	OKHRAVI H , COMELLA A , ROBINSON E ,et al. Creating a cyber moving target for critical infrastructure applications using platform diversity[J]. International Journal of Critical Infrastructure Protection, 2014,5(1): 30-39.
[13]	BENZEL T . A strategic plan for cyber security research and development[J]. IEEE Security ＆ Privacy, 2015,13(4): 3-5.
[14]	FENG X , ZHENG Z , CANSEVER D . A signaling game model for moving target defense[C]// 2017 IEEE Conference on Computer Communications. IEEE, 2017: 1-9.
[15]	LEI C , ZHANG H Q , WAN L M ,et al. Incomplete information Markov game theoretic approach to strategy generation for moving target defense[J]. Computer Communications, 2018,116: 184-199.
[16]	HUANG S R , ZHANG H W , WANG J ,et al. Markov differential game for network defense decision-making method[J]. IEEE Access, 2018: 39621-39634.
[17]	刘江, 张红旗, 刘艺 . 基于不完全信息动态博弈的动态目标防御最优策略选取研究[J]. 电子学报, 2018,46(1): 82-89.
	LIU J , ZHANG H Q , LIU Y . Research on optimal selection of moving target defense policy based on dynamic game with incomplete information[J]. Acta Electronica Sinica, 2018,46(1): 82-89.
[18]	GORDON L , LOEB M , LUCYSHYN W ,et al. Computer crime and security survey[C]// 2014 Computer Security Institute. 2014: 11-34.
[19]	MANADHATA P K , WING J M . An attack surface metric[J]. IEEE Transactions on Software Engineering, 2011,37(3): 371-386.
[20]	LIN J Q , LIU P , JING J W . Using signaling games to model the multi-step attack-defense scenarios on confidentiality[J]. Security Lecture Notes in Computer Science, 2017,39(6): 118-137.
[21]	MALEKI H , VALIZADEH S , KOCH W ,et al. Markov modeling of moving target defense games[C]// ACM Workshop on Moving Target Defense. ACM, 2018: 104-110.
[22]	ZHUANG R , BARDAS A G , DELOACH S A ,et al. A theory of cyber attacks:a step towards analyzing MTD systems[C]// ACM Workshop on Moving Target Defense. ACM, 2017: 211-220.
[23]	GAO X , ZHU Y F . Defense mechanism analysis based on signaling game model[C]// International Conference on Intelligent Human-Machine Systems and Cybernetics. IEEE, 2016: 414-417.
[24]	FUDENBERG D , TIROLE J . Game theory[M]. Boston: Massachusetts Institute of Technology PressPress, 2012.
[25]	ZHU Q,BA?AR T , . Game-theoretic approach to feedback-driven multi-stage moving target defense[C]// Decision and Game Theory for Security. Springer International Publishing, 2013: 246-263.

Metrics

Recommended 0

No Suggested Reading articles found!

方法	博弈类型	局中人类型	信号机制	模型通用性	均衡求解	具体应用
文献[6]	完全信息静态博弈	1	—	一般	详细	攻防分析
文献[7]	不完全信息静态博弈	2	—	差	详细	策略选取
文献[9,17]	信号博弈	n	攻击者	一般	简单	机制设计
文献[20]	信号博弈	2	攻击者	差	无	—
文献[21]	马尔科夫博弈	n	—	较差	简单	攻防分析
本文模型及方法	信号博弈	n	防御者	较好	详细	策略选取

序号	节点	服务	脆弱性
1	W₁	IIS	LSASS process
2	W₂	FTP	FTP rhost overwrite
3	O₁	RPC	Code injection
4	O₇	RSH	Rsh login
5	U₉	NETBOIS-SSN	Nullsession
6	U₁₃	FTP	Wu-FTP Sockprintf
7	D₅	SQUID PROXY	Squid port scan
8	D₇	SQL DB

原子攻击名称	分类	攻击成本AC	攻击致命度AL
e₁:remote buffer overflow	root	100	9
e₂:install Trojan	probe	80	3
e₃:steal account and crack it	user	140	5
e₄:send abnormal data to GIOP	root	50	8
e₅:LPC to LSASS process	probe	40	2
e₆:FTP rhost attack	root	120	10
e₇:Oracle TNS Listener	root	90	8
e₈:shutdown Database server	user	150	6
e₉:SR-hard blood	root	120	8

Optimal strategy selection method for moving target defense based on signaling game

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 25

Related Articles 15

Metrics

Recommended 0

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[3]	Xiaoyu XU, Hao HU, Hongqi ZHANG, Yuling LIU. Random routing defense method based on deep deterministic policy gradient [J]. Journal on Communications, 2021, 42(6): 41-51.
[4]	Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194.
[5]	Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167.
[6]	Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254.
[7]	Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150.
[8]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[9]	Fucai CHEN,Weizhen HE,Guozhen CHENG,Shumin HUO,Dacheng ZHOU. Design of key technologies for intranet dynamic gateway based on DPDK [J]. Journal on Communications, 2020, 41(6): 139-151.
[10]	Shuo WANG,Jianhua WANG,Qingqi PEI,Guangming TANG,Yang WANG,Xiaohu LIU. Active deception defense method based on dynamic camouflage network [J]. Journal on Communications, 2020, 41(2): 97-111.
[11]	Jinglei TAN,Hengwei ZHANG,Hongqi ZHANG,Hui JIN,Cheng LEI. Optimal strategy selection approach of moving target defense based on Markov time game [J]. Journal on Communications, 2020, 41(1): 42-52.
[12]	Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113.
[13]	Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov [J]. Journal on Communications, 2019, 40(10): 79-89.
[14]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.
[15]	Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD [J]. Journal on Communications, 2018, 39(7): 15-25.