基于深度学习的拟态裁决方法研究

doi:10.11959/j.issn.1000-436x.2024047

Abstract

Abstract:

Due to software and hardware differentiation, the problem of false positives mistakenly identified as network attack behavior caused by inconsistent mimic decision results frequently occurs.Therefore, a mimic decision method based on deep learning was proposed.By constructing an unsupervised autoencoder-decoder deep learning model, the deep semantic features of diverse normal response data were explored from different executions and its statistical rules were analyzed and summarized.Additionally, the offline learning-online decision-making mechanism and the feedback optimization mechanism were designed to solve false positive problem, thereby accurately detecting network attacks and improving target system security resilience.Since statistical rules of normal response data was understood and mastered by deep learning model, the mimic decision results among different executions could remain consistent, indicating that the target system was in a secure state.However, once the target system was subjected to a network attacks, the response data outputted by the different executions was deviated from statistical distribution of deep learning model.Therefore, inconsistent mimic decision results were presented, indicating that the affected execution was under attack and the target system was exposed to potential security threats.The experiments show that the performance of the proposed method is significantly superior to the popular mimic decision methods, and the average prediction accuracy is improved by 14.89%, which is conducive to integrating the method into the mimic transformation of real application to enhance the system’s defensive capability.

Key words: mimic defense, active defense, mimic decision, deep learning, offline learning-online decision-making

CLC Number:

TP393.08

Xiaohan YANG, Guozhen CHENG, Wenyan LIU, Shuai ZHANG, Bing HAO. Research on mimic decision method based on deep learning[J]. Journal on Communications, 2024, 45(2): 79-89.

Figures/Tables 19

网络结构	ACC	DR	FAR
1个自编码层和1个解码层	87.5%	75.0%	0
2个自编码层和2个解码层	$99 . 5 %$	$99 . 0 %$	0
3个自编码层和3个解码层	97.5%	95.0%	0

Epoch	ACC	DR	FAR
50	90.0%	80.2%	0
100	90.8%	81.6%	0
150	98.0%	95.7%	0
200	$99 . 5 %$	$99 . 0 %$	0
250	$99 . 5 %$	$99 . 0 %$	0

方法	ACC	DR	FAR
未引入反馈优化机制	98.5%	97.1%	0
本文方法	$99 . 5 %$	$99 . 0 %$	0

方法	ACC	DR	FAR
全体一致性裁决	48.61%	3.27%	22.83%
多数裁决	62.35%	44.21%	19.45%
自适应增量式裁决	65.54%	50.07%	14.56%
余弦相似度裁决	62.13%	48.74%	17.89%
本文方法	$97 . 20 %$	$94 . 80 %$	$3 . 10 %$

阈值	ACC	DR	FAR
0.01	72.51%	68.35%	0
0.015	83.36%	76.82%	0
0.03	79.84%	98.86%	59.81%
本文阈值0.02	$99 . 50 %$	$99 . 00 %$	0

References 25

[1]	YANG A M , LU C M , LI J ,et al. Application of meta-learning in cyberspace security:a survey[J]. Digital Communications and Networks, 2023,9(1): 67-78.
[2]	WU J X . Development paradigms of cyberspace endogenous safety and security[J]. Science China Information Sciences, 2022,65(5): 156301.
[3]	SEPCZUK M . Dynamic Web application firewall detection supported by cyber mimic defense approach[J]. Journal of Network and Computer Applications, 2023,213:103596.
[4]	MOLINA-CORONADO B , MORI U , MENDIBURU A ,et al. Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process[J]. IEEE Transactions on Network and Service Management, 2020,17(4): 2451-2479.
[5]	ZHAO R J , GUI G , XUE Z ,et al. A novel intrusion detection method based on lightweight neural network for Internet of things[J]. IEEE Internet of Things Journal, 2022,9(12): 9960-9972.
[6]	WU Y H , HU X D . Industrial Internet security protection based on an industrial firewall[C]// Proceedings of the 2021 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA). Piscataway:IEEE Press, 2021: 239-247.
[7]	邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10.
	WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
[8]	吴铤, 胡程楠, 陈庆南 ,等. 基于执行体划分的防御增强型动态异构冗余架构[J]. 通信学报, 2021,42(3): 122-134.
	WU T , HU C N , CHEN Q N ,et al. Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition[J]. Journal on Communications, 2021,42(3): 122-134.
[9]	周大成, 陈鸿昶, 程国振 ,等. 面向持久性连接的自适应拟态表决器设计与实现[J]. 通信学报, 2022,43(6): 71-84.
	ZHOU D C , CHEN H C , CHENG G Z ,et al. Design and implementation of adaptive mimic voting device oriented to persistent connection[J]. Journal on Communications, 2022,43(6): 71-84.
[10]	张进, 葛强, 徐伟海 ,等. 拟态路由器BGP代理的设计实现与形式化验证[J]. 通信学报, 2023,44(3): 33-44.
	ZHANG J , GE Q , XU W H ,et al. Design,implementation and formal verification of BGP proxy for mimic router[J]. Journal on Communications, 2023,44(3): 33-44.
[11]	姚东, 张铮, 张高斐 ,等. 多变体执行安全防御技术研究综述[J]. 信息安全学报, 2020,5(5): 77-94.
	YAO D , ZHANG Z , ZHANG G F ,et al. A survey on multi-variant execution security defense technology[J]. Journal of Cyber Security, 2020,5(5): 77-94.
[12]	ZHENG Y , LI Z , XU X L ,et al. Dynamic defenses in cyber security:techniques,methods and challenges[J]. Digital Communications and Networks, 2022,8(4): 422-435.
[13]	邬江兴 . 论网络空间内生安全问题及对策[J]. 中国科学:信息科学, 2022,52(10): 1929-1937.
	WU J X . On endogenous security problems in cyberspace and countermeasures[J]. Scientia Sinica (Informationis), 2022,52(10): 1929-1937.
[14]	邬江兴 . 拟态防御技术构建国家信息网络空间内生安全[J]. 信息通信技术, 2019,13(6): 4-6.
	WU J X . Mimicry defense technology to build endogenous security in national information network space[J]. Information and Communications Technologies, 2019,13(6): 4-6.
[15]	PARHAMI B . Voting algorithms[J]. IEEE Transactions on Reliability, 1994,43(4): 617-629.
[16]	CHOI J , GOH K . Dynamics of consensus formation on multiplex networks:the majority-vote model[C]// Proceedings of APS March Meeting. California:APS Press, 2018: 1-15.
[17]	VIHINEN M . Majority vote and other problems when using computational tools[J]. Human Mutation, 2014,35(8): 912-914.
[18]	武兆琪, 张帆, 郭威 ,等. 一种基于执行体异构度的拟态裁决优化方法[J]. 计算机工程, 2020,46(5): 12-18.
	WU Z Q , ZHANG F , GUO W ,et al. A mimic arbitration optimization method based on heterogeneous degree of executors[J]. Computer Engineering, 2020,46(5): 12-18.
[19]	沈丛麒, 陈双喜, 吴春明 ,等. 基于信誉度与相异度的自适应拟态控制器研究[J]. 通信学报, 2018,39(S2): 173-180.
	SHEN C Q , CHEN S X , WU C M ,et al. Research on adaptive mimicry controller based on credibility and dissimilarity[J]. Journal on Communications, 2018,39(S2): 173-180.
[20]	ZHANG P Y , LI C H , WANG C B . VisCode:embedding information in visualization images using encoder-decoder network[J]. IEEE Transactions on Visualization and Computer Graphics, 2021,27(2): 326-336.
[21]	BECHTLE S , MOLCHANOV A , CHEBOTAR Y ,et al. Meta learning via learned loss[C]// Proceedings of the 25th International Conference on Pattern Recognition (ICPR). Piscataway:IEEE Press, 2021: 4161-4168.
[22]	祝永胜, 张铮, 李继忠 . 一种 Web 服务用户代理/表决器设计方法[J]. 信息工程大学学报, 2017,18(5): 613-617.
	ZHU Y S , ZHANG Z , LI J Z . Web server user agent/voter design method[J]. Journal of Information Engineering University, 2017,18(5): 613-617.
[23]	李卫超, 张铮, 王立群 ,等. 基于拟态防御架构的多余度裁决建模与风险分析[J]. 信息安全学报, 2018,3(5): 64-74.
	LI W C , ZHANG Z , WANG L Q ,et al. The modeling and risk assessment on redundancy adjudication of mimic defense[J]. Journal of Cyber Security, 2018,3(5): 64-74.
[24]	AKCAY S , ATAPOUR-ABARGHOUEI A , BRECKON T P . GANomaly:semi-supervised anomaly detection via adversarial training[C]// Proceedings of Asian Conference on Computer Vision. Berlin:Springer, 2019: 622-637.
[25]	YANG G , ZHANG Y . Investigating the relationship between compression ratio,anomaly detection and generative capability of deep autoencoder networks[J]. Neurcomputing, 2019,342(1): 202-211.

Metrics

Recommended 0

No Suggested Reading articles found!

网络层	输出尺寸	设置
FC₁	1×256	激活函数ReLU
FC₂	1×25	激活函数ReLU
FC₃	1×2	激活函数ReLU
FC₄	1×25	激活函数ReLU
FC₅	1×256	—

执行体	硬件	软件
执行体1	CPU架构：X86	ubuntu20.04
执行体2	CPU架构：X86	centos7.9
执行体3	CPU架构：ARM(鲲鹏920)	centos7.9

方法	ACC	DR	FAR	时延（180个样本）/ms
全体一致性裁决	60.00%	5.70%	0	226
多数裁决	81.60%	50.90%	0	182
自适应增量式裁决	82.56%	53.42%	0	468
余弦相似度裁决	78.76%	42.33%	0	238
GANomaly	99.47%	99.02%	0	113
自编码-解码0	90.38%	85.93%	0	17
自编码-解码1	99.51%	98.95%	0	34
本文方法	99.50%	99.00%	0	19

方法	ACC	DR	FAR	时延（180个样本）/ms
GANomaly	99.47%	99.02%	0	113
自编码-解码1	99.51%	98.95%	0	34
本文方法	99.50%	99.00%	0	19

FC₃层输出	ACC	DR	FAR	时延（180个样本）/ms
1×20	99.50%	98.97%	0	30
1×10	99.48%	99.01%	0	28
1×5	99.50%	99.00%	0	25
1×2	99.50%	99.00%	0	19
1×1	94.23%	91.86%	0	19

Research on mimic decision method based on deep learning

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 19

References 25

Related Articles 15

Metrics

Recommended 0

[1]	Tao WANG, Hao FENG, Rongxin MI, Lin LI, Zhenxue HE, Yiming FU, Shu WU. Road vehicle detection based on improved YOLOv3-SPP algorithm [J]. Journal on Communications, 2024, 45(2): 68-78.
[2]	Shuwen YU, Wei XU, Jiacheng YAO. Causality adversarial attack generation algorithm for intelligent unmanned communication system [J]. Journal on Communications, 2024, 45(1): 54-62.
[3]	Xuejun ZHANG, Fenghe ZHANG, Jiyang GAI, Xiaogang DU, Wenjie ZHOU, Teli CAI, Bo ZHAO. mVulSniffer: a multi-type source code vulnerability sniffer method [J]. Journal on Communications, 2023, 44(9): 149-160.
[4]	Mian LI, Yang LI, Zonghui ZHANG, Qingjiang SHI. Communication-efficient distributed precoding design for Massive MIMO [J]. Journal on Communications, 2023, 44(8): 37-48.
[5]	Huijiao WANG, Xin ZHANG, Yongzhuang WEI, Lingchen LI. Novel distinguisher for SM4 cipher algorithm based on deep learning [J]. Journal on Communications, 2023, 44(7): 171-184.
[6]	Shuai MA, Ke PEI, Huayan QI, Hang LI, Wen CAO, Hongmei WANG, Hailiang XIONG, Shiyin LI. Research on geomagnetic indoor high-precision positioning algorithm based on generative model [J]. Journal on Communications, 2023, 44(6): 211-222.
[7]	Rongpeng LI, Bingyan WANG, Honggang ZHANG, Zhifeng ZHAO. Design of knowledge enhanced semantic communication receiver [J]. Journal on Communications, 2023, 44(6): 70-76.
[8]	Dongyu CHEN, Hua CHEN, Limin FAN, Yifang FU, Jian WANG. Research on test strategy for randomness based on deep learning [J]. Journal on Communications, 2023, 44(6): 23-33.
[9]	Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44.
[10]	Yun ZHANG, Jing ZHOU, Jingwei HUANG, Shujuan YU, Liya HUANG. Channel estimation for OFDM system based on deep learning [J]. Journal on Communications, 2023, 44(12): 124-133.
[11]	Gang XIE, Quanyi WANG, Xinlin XIE, Jian’an WANG. Lightweight Transformer traffic scene semantic segmentation algorithm integrating multi-scale depth convolution [J]. Journal on Communications, 2023, 44(10): 213-225.
[12]	Jie YANG, Biao DONG, Xue FU, Yu WANG, Guan GUI. Lightweight decentralized learning-based automatic modulation classification method [J]. Journal on Communications, 2022, 43(7): 134-142.
[13]	Dacheng ZHOU, Hongchang CHEN, Guozhen CHENG, Weizhen HE, Ke SHANG, Hongchao HU. Design and implementation of adaptive mimic voting device oriented to persistent connection [J]. Journal on Communications, 2022, 43(6): 71-84.
[14]	Xiuzhang YANG, Guojun PENG, Zichuan LI, Yangqi LYU, Side LIU, Chenguang LI. Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF [J]. Journal on Communications, 2022, 43(6): 58-70.
[15]	Yurong LIAO, Haining WANG, Cunbao LIN, Yang LI, Yuqiang FANG, Shuyan NI. Research progress of deep learning-based object detection of optical remote sensing image [J]. Journal on Communications, 2022, 43(5): 190-203.