计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (9): 333-339.doi: 10.11896/jsjkx.220400011

• 信息安全 • 上一篇    下一篇

蜜罐博弈中信念驱动的攻防策略优化机制

姜洋洋, 宋丽华, 邢长友, 张国敏, 曾庆伟   

  1. 陆军工程大学指挥控制工程学院 南京 210007
  • 收稿日期:2022-04-01 修回日期:2022-04-30 出版日期:2022-09-15 发布日期:2022-09-09
  • 通讯作者: 宋丽华(songlihua_mail@189.cn)
  • 作者简介:(460734257@qq.com)
  • 基金资助:
    国家自然科学基金面上项目(62172432)

Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game

JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei   

  1. College of Command and Control Engineering,Army Engineering University,Nanjing 210007,China
  • Received:2022-04-01 Revised:2022-04-30 Online:2022-09-15 Published:2022-09-09
  • About author:JIANG Yang-yang,born in 1998,postgraduate.His main research interests include cyberspace security and so on.
    SONG Li-hua,born in 1976,Ph.D,professor,master supervisor.Her main research interests include network security active defense technology and so on.
  • Supported by:
    National Natural Science Foundation of China(62172432).

PDF (PC)

454

摘要: 作为一种典型的欺骗防御手段,蜜罐技术在主动诱捕攻击者方面具有重要意义。然而现有设计方法主要通过博弈模型来优化蜜罐的诱捕决策,忽略了攻击者的信念对双方博弈决策的影响,存在自适应优化决策能力弱、易被攻击者识破并利用等不足。为此,提出了基于信念的蜜罐博弈机制(Belief Based Honeypot Game Mechanism,BHGM)。BHGM基于攻击者完成任务的多轮博弈过程,重点关注蜜罐采取动作对攻击者信念的影响以及信念对攻击者是否继续攻击的影响。同时,基于树上限置信区间(Upper Confidence Bound Apply to Tree,UCT)设计了信念驱动的攻防最优策略求解算法。仿真实验结果表明,信念驱动的攻击方策略能基于当前信念选择继续攻击或及时止损以获得最大收益,而信念驱动的蜜罐策略在考虑风险的情况下能尽量降低攻击方怀疑,以诱骗其继续攻击,从而获得更大收益。

关键词: 欺骗防御, 蜜罐, 博弈论, UCT算法, 纳什均衡

Abstract: As a typical deception defense means,honeypot technology is of great significance in actively trapping attackers.The existing design methods mainly optimize the trapping decision of honeypot through the game model,ignoring the impact of the attacker's belief on the game decision of both sides.There are some shortcomings,such as weak adaptive optimization decision-making ability,easy to be seen through and used by the attacker and so on.Therefore,a belief based honeypot game mechanism(BHGM) is proposed.Based on the multi round game process of attacker completing the task,BHGM focuses on the impact of honeypot action on attacker's belief and the impact of belief on whether the attacker continues to attack.At the same time,a belief driven algorithm for solving the optimal attack and defense strategy is designed based on the upper confidence bound apply to tree(UCT).Simulation results show that the belief driven attacker strategy can choose to continue the attack or stop the loss in time based on the current belief to obtain the maximum profit,while the belief driven honeypot strategy can reduce attacker's suspicion as much as possible to lure him to continue the attack and obtain greater profit.

Key words: Deception defense, Honeypot, Game theory, UCT algorithm, Nash equilibrium

中图分类号: 

  • TP393
[1]SPITZNER L.Honeypots:tracking hackers[M].Reading:Addison-Wesley,2003.
[2]PROVOS N.Honeyd:A virtual honeypot daemon[C]//10thDFN-CERT Workshop.Hamburg,Germany,2003:2-4.
[3]VALLI C,RABADIA P,WOODWARD A.Patterns and patter-an investigation into ssh activity using kippo honeypots[OL]. https://ro.ecu.edu.au/adf/129/.
[4]PA Y M P,SUZUKI S,YOSHIOKA K,et al.{IoTPOT}:Analysing the Rise of {IoT} Compromises[C]//9th USENIX Workshop on Offensive Technologies(WOOT 15).2015.
[5]MCCARTY B.The honeynet arms race[J].IEEE Security & Privacy,2003,1(6):79-82.
[6]KRAWETZ N.Anti-honeypot technology[J].IEEE Security & Privacy,2004,2(1):76-79.
[7]WANG P,WU L,CUNNINGHAM R,et al.Honeypot detection in advanced botnet attacks[J].International Journal of Information and Computer Security,2010,4(1):30-51.
[8]SURNIN O,HUSSAIN F,HUSSAIN R,et al.Probabilistic estimation of honeypot detection in Internet of things environment[C]//2019 International Conference on Computing,Networking and Communications(ICNC).IEEE,2019:191-196.
[9]DOWLING S,SCHUKAT M,BARRETT E.New frameworkfor adaptive and agile honeypots[J].ETRI Journal,2020,42(6):965-975.
[10]ZHANG F,ZHOU S,QIN Z,et al.Honeypot:a supplemented active defense system for network security[C]//Proceedings of the Fourth International Conference on Parallel and Distributed Computing,Applications and Technologies.IEEE,2003:231-235.
[11]SEIFERT C,WELCH I,KOMISARCZUK P.Taxonomy ofhoneypots[OL].http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.5339.
[12]WAGENER G,DULAUNOY A,ENGEL T.Self adaptive high interaction honeypots driven by game theory[C]//Symposium on Self-Stabilizing Systems.Berlin:Springer,2009:741-755.
[13]HAYATLE O,OTROK H,YOUSSEF A.A game theoretic investigation for high interaction honeypots[C]//2012 IEEE International Conference on Communications(ICC).IEEE,2012:6662-6667.
[14]LI B,XIAO Y,SHI Y,et al.Anti-Honeypot Enabled Optimal Attack Strategy for Industrial Cyber-Physical Systems[J].IEEE Open Journal of the Computer Society,2020,1:250-261.
[15]HUANG W,SUN Y,OU W,et al.A Flow Scheduling Model for SDN Honeypot Using Multi-Layer Attack Graphs and Signaling Game[C]//2021 7th International Conference on Computer and Communications(ICCC).IEEE,2021:2012-2020.
[16]WANG J,YANG H Y,FAN C Y.A SDN dynamic honeypotbased on multi-stage attack response [J].Netinfo Security,2021,21(1):27-40.
[17]KOCSIS L,SZEPESVÁRI C,WILLEMSON J.Improved monte-carlo search[OL].https://www.researchgate.net/publication/228341626_Improved_monte-carlo_search.
[18]FEI Y,NING J,JIANG W.A quantifiable Attack-Defense Trees model for APT attack[C]//2018 IEEE 3rd Advanced Information Technology,Electronic and Automation Control Conference(IAEAC).IEEE,2018:2303-2306.
[1] 袁唯淋, 罗俊仁, 陆丽娜, 陈佳星, 张万鹏, 陈璟.
智能博弈对抗方法:博弈论与强化学习综合视角对比分析
Methods in Adversarial Intelligent Game:A Holistic Comparative Analysis from Perspective of Game Theory and Reinforcement Learning
计算机科学, 2022, 49(8): 191-204. https://doi.org/10.11896/jsjkx.220200174
[2] 高春刚, 王永杰, 熊鑫立.
MTDCD:一种对抗网络入侵的混合防御机制
MTDCD:A Hybrid Defense Mechanism Against Network Intrusion
计算机科学, 2022, 49(7): 324-331. https://doi.org/10.11896/jsjkx.210600193
[3] 方韬, 杨旸, 陈佳馨.
D2D辅助移动边缘计算下的卸载策略优化
Optimization of Offloading Decisions in D2D-assisted MEC Networks
计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114
[4] 胥昊, 曹桂均, 闫璐, 李科, 王振宏.
面向铁路集装箱的高可靠低时延无线资源分配算法
Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container
计算机科学, 2022, 49(6): 39-43. https://doi.org/10.11896/jsjkx.211200143
[5] 李少辉, 张国敏, 宋丽华, 王秀磊.
基于不完全信息博弈的反指纹识别分析
Incomplete Information Game Theoretic Analysis to Defend Fingerprinting
计算机科学, 2021, 48(8): 291-299. https://doi.org/10.11896/jsjkx.210100148
[6] 魏礼奇, 赵志宏, 白光伟, 沈航.
基于生成对抗网络的位置隐私博弈机制
Location Privacy Game Mechanism Based on Generative Adversarial Networks
计算机科学, 2021, 48(10): 266-271. https://doi.org/10.11896/jsjkx.200900021
[7] 高雅卓, 刘亚群, 张国敏, 邢长友, 王秀磊.
基于多阶段博弈的虚拟化蜜罐动态部署机制
Multi-stage Game Based Dynamic Deployment Mechanism of Virtualized Honeypots
计算机科学, 2021, 48(10): 294-300. https://doi.org/10.11896/jsjkx.210500071
[8] 毛莺池, 周彤, 刘鹏飞.
基于延迟接受的多用户任务卸载策略
Multi-user Task Offloading Based on Delayed Acceptance
计算机科学, 2021, 48(1): 49-57. https://doi.org/10.11896/jsjkx.200600129
[9] 包峻波, 闫光辉, 李俊成.
结合非完全信息博弈的SIR传播模型
SIR Propagation Model Combing Incomplete Information Game
计算机科学, 2020, 47(6): 230-235. https://doi.org/10.11896/jsjkx.190400164
[10] 陈梦蓉,林英,兰微,单今朝.
基于“奖励制度”的DPoS共识机制改进
Improvement of DPoS Consensus Mechanism Based on Positive Incentive
计算机科学, 2020, 47(2): 269-275. https://doi.org/10.11896/jsjkx.190400013
[11] 赵金龙, 张国敏, 邢长友, 宋丽华, 宗祎本.
一种对抗网络侦察的自适应欺骗防御机制
Self-adaptive Deception Defense Mechanism Against Network Reconnaissance
计算机科学, 2020, 47(12): 304-310. https://doi.org/10.11896/jsjkx.200900126
[12] 翟永, 刘津, 刘磊, 陈杰.
基于博弈论的空间数据中心私有云资源分配管理分析
Analysis of Private Cloud Resource Allocation Management Based on Game Theory in Spatial Data Center
计算机科学, 2020, 47(11A): 373-379. https://doi.org/10.11896/jsjkx.200500106
[13] 王帅辉, 胡谷雨, 潘雨, 张志越, 张海峰, 潘志松.
基于博弈论的符号网络社团发现算法
Community Detection in Signed Networks with Game Theory
计算机科学, 2020, 47(11A): 449-453. https://doi.org/10.11896/jsjkx.200200049
[14] 蔡威, 白光伟, 沈航, 成昭炜, 张慧丽.
移动群智感知中基于强化学习的双赢博弈
Reinforcement Learning Based Win-Win Game for Mobile Crowdsensing
计算机科学, 2020, 47(10): 41-47. https://doi.org/10.11896/jsjkx.200700070
[15] 刘海波,武天博,沈晶,史长亭.
基于GAN-LSTM的APT攻击检测
Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory
计算机科学, 2020, 47(1): 281-286. https://doi.org/10.11896/jsjkx.181102103
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发