拟态防御马尔可夫博弈模型及防御策略选择

doi:10.11959/j.issn.1000-436x.2018223

Abstract

Abstract:

Network mimic defense technology enhances the robustness of active defense through the redundancy,dynamic and diversity as well as the decision feedback mechanism.However,little work has been done for its security assessment and existing classic game models are not suitable for its dynamic characteristics and lack of universality.A Markov game model was proposed to analyze the transfer relationship between offensive and defensive status and the measurement method of safety and reliability of mimic defense,and calculated the offensive and defensive game equilibrium through non-linear programming algorithm to determine the best defensive strategy considering performance.Experiments give a comparison with the multi-target hiding technique and shows that the mimic defense has a higher defensive effect.Combining with the specific network case,the specific attack and defense path for the exploit of the system vulnerability is given and the effectiveness of the defense strategy algorithm is verified.

Key words: network mimic defense, Markov game, redundant execution units, defense robustness, active defense strategy

CLC Number:

TP393

Xingming ZHANG,Zeyu GU,Shuai WEI,Jianliang SHEN. Markov game modeling of mimic defense and defense strategy determination[J]. Journal on Communications, 2018, 39(10): 143-154.

Figures/Tables 15

S₀	S₁	S₂	S₃
$(\begin{matrix} - 10 & 25 & 30 \\ 25 & - 10 & 30 \\ - 10 & - 10 & 0 \end{matrix})$	$(\begin{matrix} 25 & - 10 & 0 & 0 & 30 \\ 28 & 28 & 20 & 0 & 30 \\ - 10 & - 10 & 0 & 0 & 0 \end{matrix})$	$(\begin{matrix} - 15 & 30 & 30 \\ - 15 & 0 & 0 \end{matrix})$	$(\begin{matrix} - 15 & 30 \\ 15 & 0 \end{matrix})$
$(\begin{matrix} 5 & - 30 & - 30 \\ - 30 & 5 & - 30 \\ 5 & 5 & 0 \end{matrix})$	$(\begin{matrix} - 30 & 5 & - 5 & - 20 & - 30 \\ - 33 & - 33 & - 25 & - 20 & 0 \\ 5 & 5 & - 5 & - 20 & 0 \end{matrix})$	$(\begin{matrix} 5 & - 50 & - 30 \\ 5 & - 20 & 0 \end{matrix})$	$(\begin{matrix} 5 & - 30 \\ - 25 & 0 \end{matrix})$

References 20

[1]	SUBRAHMANIAN V S , OVELGONNE M , DUMITRAS T ,et al. The global cyber-vulnerability report[M]. Springer International Publishing, 2015.
[2]	OKHRAVI H , HOBSON T , BIGELOW D ,et al. Finding focus in the blur of moving-target techniques[J]. IEEE Security ＆ Privacy Magazine, 2014,12(2): 16-26.
[3]	邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10.
	WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
[4]	PRAKASH A , WELLMAN M P . empirical game-theoretic analysis for moving target defense[C]// ACM Workshop on Moving Target Defense. 2015: 57-65.
[5]	ELDOSOUKY A R , SAAD W , NIYATO D . Single controller stochastic games for optimized moving target defense[C]// ICC 2016 IEEE International Conference on Communications. 2016: 1-6.
[6]	FARHANG S , MANSHAEI M H , ESFAHANI M N ,et al. A dynamic bayesian security game framework for strategic defense mechanism design[M]// Decision and Game Theory for Security. Springer International Publishing, 2014: 319-328.
[7]	KAMBHAMPATI S , KAMBHAMPATI S , KAMBHAMPATI S ,et al. Moving target defense for web applications using bayesian stackelberg games[C]// International Conference on Autonomous Agents ＆Multiagent Systems. 2016: 1377-1378.
[8]	LEI C , MA D H , ZHANG H Q . Optimal strategy selection for moving target defense based on markov game[J]. IEEE Access, 2017,PP(99): 1-1.
[9]	MALEKI H , VALIZADEH S , KOCH W ,et al. Markov modeling of moving target defense games[C]// ACM Workshop on Moving Target Defense. 2016: 81-92.
[10]	魏帅, 于洪, 顾泽宇 ,等. 面向工控领域的拟态安全处理机架构[J]. 信息安全学报, 2017,2(1): 54-73.
	WEI S , YU H , GU Z Y ,et al. Architecture of mimic security processor for industry control system[J]. Journal of Cyber Security, 2017,2(1): 54-73.
[11]	仝青, 张铮, 张为华 ,等. 拟态防御 Web 服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897.
	TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implementation of mimic defense Web server[J]. Journal of Software, 2017,28(4): 883-897.
[12]	马海龙, 伊鹏, 江逸茗 ,等. 基于动态异构冗余机制的路由器拟态防御体系结构[J]. 信息安全学报, 2017,2(1): 29-42.
	MA H L , YI P , JIANG Y M ,et al. Dynamic heterogeneous redundancy based router architecture with mimic defense[J]. Journal of Cyber Security, 2017,2(1): 29-42.
[13]	CARTER K M , RIORDAN J F , OKHRAVI H . A game theoretic approach to strategy determination for dynamic platform defenses[C]// ACM Workshop on Moving Target Defense. 2014: 21-30.
[14]	WANG H , LI F , CHEN S . Towards cost-effective moving target defense against DDoS and covert channel attacks[C]// ACM Workshop on Moving Target Defense. 2016: 15-25.
[15]	WINTERROSE M L , CARTER K M . Strategic evolution of adversaries against temporal platform diversity active cyber defenses[C]// Proceedings of the Agent-Directed Simulation Symposium at the Spring Simulation Multi-conference. 2014: 68-76.
[16]	DORASZELSKI U , ESCOBAR J F . A theory of regular Markov perfect equilibria in dynamic stochastic games:genericity,stability,and purification[J]. Theoretical Economics, 2010,5(3): 369-402.
[17]	BORKOVSKY R N , DORASZELSKI U , KRYUKOV Y . A user’s guide to solving dynamic stochastic games using the homotopy method[J]. Operation Research, 2010,58(4): 1116-1132
[18]	陈小军, 方滨兴, 谭庆丰 ,等. 基于概率攻击图的内部攻击意图推断算法研究[J]. 计算机学报, 2014,37(1): 62-72.
	CHEN X J , FANG B X , TAN Q F ,et al. Inferring attack Intent of malicious insider based on probabilistic attack graph model[J]. Journal of Computer, 2014,37(1): 62-72.
[19]	SINGH U K , JOSHI C . Quantitative security risk evaluation using cvss metrics by estimation of frequency and maturity of exploit[C]// Proceedings of the World Congress on Engineering and Computer Science (WCECS2016). 2016.
[20]	姜伟, 方滨兴, 田志宏 ,等. 基于攻防博弈模型的网络安全测评和最优主动防御[J]. 计算机学报, 2009,32(4): 817-827.
	JIANG W , FANG B X , TIAN Z H ,et al. Evaluating network security and optimal active defense based on attack-defense game model[J]. Journal of Computer, 2009,32(4): 817-827.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	说明
N	冗余执行单元（可调度）规模
K	执行单元规模
k	防御容忍度（突破防御所需攻击的最小执行体数量）
l	跳变深度（单个执行体中可动态跳变的种类）
AV	攻击向量（N网络或L本地）
AC	攻击复杂度
vul	系统弱点编号

主机	操作系统	系统弱点信息	No.	CVSS评分	弱点属性
C1	Windows Server 2008	CVE-2017-0299 KASLR	1	5.0	AV:L/AC:L
		CVE-2017-0148 SMB远程缓冲区溢出	2	8.1	AV:N/AC:H
C2	Ubuntu 14.02	CVE-2016-10229 kernel远程执行代码	3	9.8	AV:N/AC:L
		CVE-2017-1000367本地覆盖提权	4	6.4	AV:L/AC:H
C3	Debian 7.0	CVE-2016-10229 内核远程执行代码	5	9.8	AV:N/AC:L
		CVE-2016-1247 web-root提权	6	7.8	AV:L/AC:L
C4	OpenBSD 6.0	CVE-2017-1000364远程内存破坏	7	7.4	AV:L/AC:H
C5	RedHat 6.0	CVE-2017-1000364远程内存破环	7	7.4	AV:L/AC:H
		CVE-2017-1000367本地覆盖提权	4	6.4	AV:L/AC:H

S₀	S₁
a={buffer overflow,code injection,NOP}	a={code injection,ROP,NOP}
d ={ASLR,ISR,NOP}	d ={ASLR,ISR,patch upgrade,system roll-back,NOP}
S₂	S₃
a={privilege gain,NOP}	a={ROP,NOP}
d ={diversified compilation,system roll-back,NOP}	d ={diversified compilation,NOP}

S₀	S₁	S₂	S₃
	P_1,2(a₁,d₁)=0.37
P_0,1(a₁,d₂)=0.41	P_1,2(a₂,d₃)=0.37	P_2,3(a₁,d₂)=0.32
P_0,1(a₂,d₁)=0.78	P_1,0(a₁,d₂)=0.90	P_2,1(a₁,d₁)=0.86	P_3,2(a₁,d₁)=0.82
P_0,0(a₃,d₃)=0.98	P_1,0(a₂,d₄)=0.98	P_2,2(a₂,d₃)=0.98	P_3,3(a₂,d₂)=0.98
	P_1,1(a₃,d₅)=0.98

状态	攻击策略	防御策略	攻击收益	防御收益
S₀	0.236 5 0.763 5 0]	0.292 0.292 0.4159]	16.858 6	-19.777
S₁	1 0 0]	0 0 1 0 0]	20	-20
S₂	1 0]	0.5 0.5 0]	30	-40
S₃	0.404 1 0.595 9]	0.5 0.5]	7.5	-12.5

Markov game modeling of mimic defense and defense strategy determination

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 20

Related Articles 15

Metrics

Recommended 0

[1]	Jingbo LI, Li MA, Yang LI, Yingxun FU, Dongchao MA. Optimized design of sensing transmission and computing collaborative industrial Internet [J]. Journal on Communications, 2023, 44(6): 12-22.
[2]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[3]	Zhen CHEN, Wenhui CHEN, Xiaowei LIU, Dianlong YOU, Linlin LIU, Limin SHEN. Functional complementarity relationship enhanced cloud API recommendation method [J]. Journal on Communications, 2023, 44(6): 125-137.
[4]	Debin WEI, Chengsheng PAN, Li YANG, Zuoren YAN. Adaptive random early detection algorithm based on network traffic level grade prediction [J]. Journal on Communications, 2023, 44(6): 154-166.
[5]	Yuancheng LI, Yongtai QIN. Deep reinforcement learning based algorithm for real-time QoS optimization of software-defined security middle platform [J]. Journal on Communications, 2023, 44(5): 181-192.
[6]	Yingjie XIA, Siyu ZHU, Xuejiao LIU. Research on efficient cross trust-domain group authentication with conditional privacy of vehicle platoon under blockchian architecture [J]. Journal on Communications, 2023, 44(4): 111-123.
[7]	Renchao XIE, Wen WEN, Qinqin TANG, Yunlong LIU, Gaochang XIE, Tao HUANG. Survey on rail transit mobile edge computing network security [J]. Journal on Communications, 2023, 44(4): 201-215.
[8]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[9]	Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN, Yongliang ZHOU, Jiali MA. Method based on contrastive incremental learning for fine-grained malicious traffic classification [J]. Journal on Communications, 2023, 44(3): 1-11.
[10]	Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44.
[11]	Pujie JING, Liangmin WANG, Xuewen DONG, Yushu ZHANG, Qian WANG, Sohail Muhammad. CHA: cross-chain based hierarchical architecture for practicable blockchain regulatory [J]. Journal on Communications, 2023, 44(3): 93-104.
[12]	Jian SHU, Jiawei SHI, Linlan LIU, Al-Kali Manar. Topology prediction for opportunistic network based on spatiotemporal convolution [J]. Journal on Communications, 2023, 44(3): 145-156.
[13]	Dongbin WANG, Dongzhe WU, Hui ZHI, Kun GUO, Xu ZHANG, Jinqiao SHI, Yu ZHANG, Yueming LU. Preventing flow table overflow against denial of service attack in software defined network [J]. Journal on Communications, 2023, 44(2): 1-11.
[14]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[15]	Yuntao ZHANG, Binxing FANG, Chunlai DU, Zhongru WANG, Zhijian CUI, Shouyou SONG. Container escape detection method based on heterogeneous observation chain [J]. Journal on Communications, 2023, 44(1): 49-63.