计算机科学 ›› 2022, Vol. 49 ›› Issue (9): 333-339.doi: 10.11896/jsjkx.220400011
姜洋洋, 宋丽华, 邢长友, 张国敏, 曾庆伟
JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei
摘要: 作为一种典型的欺骗防御手段,蜜罐技术在主动诱捕攻击者方面具有重要意义。然而现有设计方法主要通过博弈模型来优化蜜罐的诱捕决策,忽略了攻击者的信念对双方博弈决策的影响,存在自适应优化决策能力弱、易被攻击者识破并利用等不足。为此,提出了基于信念的蜜罐博弈机制(Belief Based Honeypot Game Mechanism,BHGM)。BHGM基于攻击者完成任务的多轮博弈过程,重点关注蜜罐采取动作对攻击者信念的影响以及信念对攻击者是否继续攻击的影响。同时,基于树上限置信区间(Upper Confidence Bound Apply to Tree,UCT)设计了信念驱动的攻防最优策略求解算法。仿真实验结果表明,信念驱动的攻击方策略能基于当前信念选择继续攻击或及时止损以获得最大收益,而信念驱动的蜜罐策略在考虑风险的情况下能尽量降低攻击方怀疑,以诱骗其继续攻击,从而获得更大收益。
中图分类号:
[1]SPITZNER L.Honeypots:tracking hackers[M].Reading:Addison-Wesley,2003. [2]PROVOS N.Honeyd:A virtual honeypot daemon[C]//10thDFN-CERT Workshop.Hamburg,Germany,2003:2-4. [3]VALLI C,RABADIA P,WOODWARD A.Patterns and patter-an investigation into ssh activity using kippo honeypots[OL]. https://ro.ecu.edu.au/adf/129/. [4]PA Y M P,SUZUKI S,YOSHIOKA K,et al.{IoTPOT}:Analysing the Rise of {IoT} Compromises[C]//9th USENIX Workshop on Offensive Technologies(WOOT 15).2015. [5]MCCARTY B.The honeynet arms race[J].IEEE Security & Privacy,2003,1(6):79-82. [6]KRAWETZ N.Anti-honeypot technology[J].IEEE Security & Privacy,2004,2(1):76-79. [7]WANG P,WU L,CUNNINGHAM R,et al.Honeypot detection in advanced botnet attacks[J].International Journal of Information and Computer Security,2010,4(1):30-51. [8]SURNIN O,HUSSAIN F,HUSSAIN R,et al.Probabilistic estimation of honeypot detection in Internet of things environment[C]//2019 International Conference on Computing,Networking and Communications(ICNC).IEEE,2019:191-196. [9]DOWLING S,SCHUKAT M,BARRETT E.New frameworkfor adaptive and agile honeypots[J].ETRI Journal,2020,42(6):965-975. [10]ZHANG F,ZHOU S,QIN Z,et al.Honeypot:a supplemented active defense system for network security[C]//Proceedings of the Fourth International Conference on Parallel and Distributed Computing,Applications and Technologies.IEEE,2003:231-235. [11]SEIFERT C,WELCH I,KOMISARCZUK P.Taxonomy ofhoneypots[OL].http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.5339. [12]WAGENER G,DULAUNOY A,ENGEL T.Self adaptive high interaction honeypots driven by game theory[C]//Symposium on Self-Stabilizing Systems.Berlin:Springer,2009:741-755. [13]HAYATLE O,OTROK H,YOUSSEF A.A game theoretic investigation for high interaction honeypots[C]//2012 IEEE International Conference on Communications(ICC).IEEE,2012:6662-6667. [14]LI B,XIAO Y,SHI Y,et al.Anti-Honeypot Enabled Optimal Attack Strategy for Industrial Cyber-Physical Systems[J].IEEE Open Journal of the Computer Society,2020,1:250-261. [15]HUANG W,SUN Y,OU W,et al.A Flow Scheduling Model for SDN Honeypot Using Multi-Layer Attack Graphs and Signaling Game[C]//2021 7th International Conference on Computer and Communications(ICCC).IEEE,2021:2012-2020. [16]WANG J,YANG H Y,FAN C Y.A SDN dynamic honeypotbased on multi-stage attack response [J].Netinfo Security,2021,21(1):27-40. [17]KOCSIS L,SZEPESVÁRI C,WILLEMSON J.Improved monte-carlo search[OL].https://www.researchgate.net/publication/228341626_Improved_monte-carlo_search. [18]FEI Y,NING J,JIANG W.A quantifiable Attack-Defense Trees model for APT attack[C]//2018 IEEE 3rd Advanced Information Technology,Electronic and Automation Control Conference(IAEAC).IEEE,2018:2303-2306. |
[1] | 袁唯淋, 罗俊仁, 陆丽娜, 陈佳星, 张万鹏, 陈璟. 智能博弈对抗方法:博弈论与强化学习综合视角对比分析 Methods in Adversarial Intelligent Game:A Holistic Comparative Analysis from Perspective of Game Theory and Reinforcement Learning 计算机科学, 2022, 49(8): 191-204. https://doi.org/10.11896/jsjkx.220200174 |
[2] | 高春刚, 王永杰, 熊鑫立. MTDCD:一种对抗网络入侵的混合防御机制 MTDCD:A Hybrid Defense Mechanism Against Network Intrusion 计算机科学, 2022, 49(7): 324-331. https://doi.org/10.11896/jsjkx.210600193 |
[3] | 方韬, 杨旸, 陈佳馨. D2D辅助移动边缘计算下的卸载策略优化 Optimization of Offloading Decisions in D2D-assisted MEC Networks 计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114 |
[4] | 胥昊, 曹桂均, 闫璐, 李科, 王振宏. 面向铁路集装箱的高可靠低时延无线资源分配算法 Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container 计算机科学, 2022, 49(6): 39-43. https://doi.org/10.11896/jsjkx.211200143 |
[5] | 李少辉, 张国敏, 宋丽华, 王秀磊. 基于不完全信息博弈的反指纹识别分析 Incomplete Information Game Theoretic Analysis to Defend Fingerprinting 计算机科学, 2021, 48(8): 291-299. https://doi.org/10.11896/jsjkx.210100148 |
[6] | 魏礼奇, 赵志宏, 白光伟, 沈航. 基于生成对抗网络的位置隐私博弈机制 Location Privacy Game Mechanism Based on Generative Adversarial Networks 计算机科学, 2021, 48(10): 266-271. https://doi.org/10.11896/jsjkx.200900021 |
[7] | 高雅卓, 刘亚群, 张国敏, 邢长友, 王秀磊. 基于多阶段博弈的虚拟化蜜罐动态部署机制 Multi-stage Game Based Dynamic Deployment Mechanism of Virtualized Honeypots 计算机科学, 2021, 48(10): 294-300. https://doi.org/10.11896/jsjkx.210500071 |
[8] | 毛莺池, 周彤, 刘鹏飞. 基于延迟接受的多用户任务卸载策略 Multi-user Task Offloading Based on Delayed Acceptance 计算机科学, 2021, 48(1): 49-57. https://doi.org/10.11896/jsjkx.200600129 |
[9] | 包峻波, 闫光辉, 李俊成. 结合非完全信息博弈的SIR传播模型 SIR Propagation Model Combing Incomplete Information Game 计算机科学, 2020, 47(6): 230-235. https://doi.org/10.11896/jsjkx.190400164 |
[10] | 陈梦蓉,林英,兰微,单今朝. 基于“奖励制度”的DPoS共识机制改进 Improvement of DPoS Consensus Mechanism Based on Positive Incentive 计算机科学, 2020, 47(2): 269-275. https://doi.org/10.11896/jsjkx.190400013 |
[11] | 赵金龙, 张国敏, 邢长友, 宋丽华, 宗祎本. 一种对抗网络侦察的自适应欺骗防御机制 Self-adaptive Deception Defense Mechanism Against Network Reconnaissance 计算机科学, 2020, 47(12): 304-310. https://doi.org/10.11896/jsjkx.200900126 |
[12] | 翟永, 刘津, 刘磊, 陈杰. 基于博弈论的空间数据中心私有云资源分配管理分析 Analysis of Private Cloud Resource Allocation Management Based on Game Theory in Spatial Data Center 计算机科学, 2020, 47(11A): 373-379. https://doi.org/10.11896/jsjkx.200500106 |
[13] | 王帅辉, 胡谷雨, 潘雨, 张志越, 张海峰, 潘志松. 基于博弈论的符号网络社团发现算法 Community Detection in Signed Networks with Game Theory 计算机科学, 2020, 47(11A): 449-453. https://doi.org/10.11896/jsjkx.200200049 |
[14] | 蔡威, 白光伟, 沈航, 成昭炜, 张慧丽. 移动群智感知中基于强化学习的双赢博弈 Reinforcement Learning Based Win-Win Game for Mobile Crowdsensing 计算机科学, 2020, 47(10): 41-47. https://doi.org/10.11896/jsjkx.200700070 |
[15] | 刘海波,武天博,沈晶,史长亭. 基于GAN-LSTM的APT攻击检测 Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory 计算机科学, 2020, 47(1): 281-286. https://doi.org/10.11896/jsjkx.181102103 |
|