Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (9): 333-339.doi: 10.11896/jsjkx.220400011

• Information Security • Previous Articles     Next Articles

Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game

JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei   

  1. College of Command and Control Engineering,Army Engineering University,Nanjing 210007,China
  • Received:2022-04-01 Revised:2022-04-30 Online:2022-09-15 Published:2022-09-09
  • About author:JIANG Yang-yang,born in 1998,postgraduate.His main research interests include cyberspace security and so on.
    SONG Li-hua,born in 1976,Ph.D,professor,master supervisor.Her main research interests include network security active defense technology and so on.
  • Supported by:
    National Natural Science Foundation of China(62172432).

PDF (PC)

452

Abstract: As a typical deception defense means,honeypot technology is of great significance in actively trapping attackers.The existing design methods mainly optimize the trapping decision of honeypot through the game model,ignoring the impact of the attacker's belief on the game decision of both sides.There are some shortcomings,such as weak adaptive optimization decision-making ability,easy to be seen through and used by the attacker and so on.Therefore,a belief based honeypot game mechanism(BHGM) is proposed.Based on the multi round game process of attacker completing the task,BHGM focuses on the impact of honeypot action on attacker's belief and the impact of belief on whether the attacker continues to attack.At the same time,a belief driven algorithm for solving the optimal attack and defense strategy is designed based on the upper confidence bound apply to tree(UCT).Simulation results show that the belief driven attacker strategy can choose to continue the attack or stop the loss in time based on the current belief to obtain the maximum profit,while the belief driven honeypot strategy can reduce attacker's suspicion as much as possible to lure him to continue the attack and obtain greater profit.

Key words: Deception defense, Honeypot, Game theory, UCT algorithm, Nash equilibrium

CLC Number: 

  • TP393
[1]SPITZNER L.Honeypots:tracking hackers[M].Reading:Addison-Wesley,2003.
[2]PROVOS N.Honeyd:A virtual honeypot daemon[C]//10thDFN-CERT Workshop.Hamburg,Germany,2003:2-4.
[3]VALLI C,RABADIA P,WOODWARD A.Patterns and patter-an investigation into ssh activity using kippo honeypots[OL]. https://ro.ecu.edu.au/adf/129/.
[4]PA Y M P,SUZUKI S,YOSHIOKA K,et al.{IoTPOT}:Analysing the Rise of {IoT} Compromises[C]//9th USENIX Workshop on Offensive Technologies(WOOT 15).2015.
[5]MCCARTY B.The honeynet arms race[J].IEEE Security & Privacy,2003,1(6):79-82.
[6]KRAWETZ N.Anti-honeypot technology[J].IEEE Security & Privacy,2004,2(1):76-79.
[7]WANG P,WU L,CUNNINGHAM R,et al.Honeypot detection in advanced botnet attacks[J].International Journal of Information and Computer Security,2010,4(1):30-51.
[8]SURNIN O,HUSSAIN F,HUSSAIN R,et al.Probabilistic estimation of honeypot detection in Internet of things environment[C]//2019 International Conference on Computing,Networking and Communications(ICNC).IEEE,2019:191-196.
[9]DOWLING S,SCHUKAT M,BARRETT E.New frameworkfor adaptive and agile honeypots[J].ETRI Journal,2020,42(6):965-975.
[10]ZHANG F,ZHOU S,QIN Z,et al.Honeypot:a supplemented active defense system for network security[C]//Proceedings of the Fourth International Conference on Parallel and Distributed Computing,Applications and Technologies.IEEE,2003:231-235.
[11]SEIFERT C,WELCH I,KOMISARCZUK P.Taxonomy ofhoneypots[OL].http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.5339.
[12]WAGENER G,DULAUNOY A,ENGEL T.Self adaptive high interaction honeypots driven by game theory[C]//Symposium on Self-Stabilizing Systems.Berlin:Springer,2009:741-755.
[13]HAYATLE O,OTROK H,YOUSSEF A.A game theoretic investigation for high interaction honeypots[C]//2012 IEEE International Conference on Communications(ICC).IEEE,2012:6662-6667.
[14]LI B,XIAO Y,SHI Y,et al.Anti-Honeypot Enabled Optimal Attack Strategy for Industrial Cyber-Physical Systems[J].IEEE Open Journal of the Computer Society,2020,1:250-261.
[15]HUANG W,SUN Y,OU W,et al.A Flow Scheduling Model for SDN Honeypot Using Multi-Layer Attack Graphs and Signaling Game[C]//2021 7th International Conference on Computer and Communications(ICCC).IEEE,2021:2012-2020.
[16]WANG J,YANG H Y,FAN C Y.A SDN dynamic honeypotbased on multi-stage attack response [J].Netinfo Security,2021,21(1):27-40.
[17]KOCSIS L,SZEPESVÁRI C,WILLEMSON J.Improved monte-carlo search[OL].https://www.researchgate.net/publication/228341626_Improved_monte-carlo_search.
[18]FEI Y,NING J,JIANG W.A quantifiable Attack-Defense Trees model for APT attack[C]//2018 IEEE 3rd Advanced Information Technology,Electronic and Automation Control Conference(IAEAC).IEEE,2018:2303-2306.
[1] YUAN Wei-lin, LUO Jun-ren, LU Li-na, CHEN Jia-xing, ZHANG Wan-peng, CHEN Jing. Methods in Adversarial Intelligent Game:A Holistic Comparative Analysis from Perspective of Game Theory and Reinforcement Learning [J]. Computer Science, 2022, 49(8): 191-204.
[2] GAO Chun-gang, WANG Yong-jie, XIONG Xin-li. MTDCD:A Hybrid Defense Mechanism Against Network Intrusion [J]. Computer Science, 2022, 49(7): 324-331.
[3] FANG Tao, YANG Yang, CHEN Jia-xin. Optimization of Offloading Decisions in D2D-assisted MEC Networks [J]. Computer Science, 2022, 49(6A): 601-605.
[4] XU Hao, CAO Gui-jun, YAN Lu, LI Ke, WANG Zhen-hong. Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container [J]. Computer Science, 2022, 49(6): 39-43.
[5] LI Shao-hui, ZHANG Guo-min, SONG Li-hua, WANG Xiu-lei. Incomplete Information Game Theoretic Analysis to Defend Fingerprinting [J]. Computer Science, 2021, 48(8): 291-299.
[6] WEI Li-qi, ZHAO Zhi-hong, BAI Guang-wei, SHEN Hang. Location Privacy Game Mechanism Based on Generative Adversarial Networks [J]. Computer Science, 2021, 48(10): 266-271.
[7] GAO Ya-zhuo, LIU Ya-qun, ZHANG Guo-min, XING Chang-you, WANG Xiu-lei. Multi-stage Game Based Dynamic Deployment Mechanism of Virtualized Honeypots [J]. Computer Science, 2021, 48(10): 294-300.
[8] MAO Ying-chi, ZHOU Tong, LIU Peng-fei. Multi-user Task Offloading Based on Delayed Acceptance [J]. Computer Science, 2021, 48(1): 49-57.
[9] BAO Jun-bo, YAN Guang-hui, LI Jun-cheng. SIR Propagation Model Combing Incomplete Information Game [J]. Computer Science, 2020, 47(6): 230-235.
[10] CHEN Meng-rong,LIN Ying,LAN Wei,SHAN Jin-zhao. Improvement of DPoS Consensus Mechanism Based on Positive Incentive [J]. Computer Science, 2020, 47(2): 269-275.
[11] ZHAO Jin-long, ZHANG Guo-min, XING Chang-you, SONG Li-hua, ZONG Yi-ben. Self-adaptive Deception Defense Mechanism Against Network Reconnaissance [J]. Computer Science, 2020, 47(12): 304-310.
[12] ZHAI Yong, LIU Jin, LIU Lei, CHEN Jie. Analysis of Private Cloud Resource Allocation Management Based on Game Theory in Spatial Data Center [J]. Computer Science, 2020, 47(11A): 373-379.
[13] WANG Shuai-hui, HU Gu-yu, PAN Yu, ZHANG Zhi-yue, ZHANG Hai-feng, PAN Zhi-song. Community Detection in Signed Networks with Game Theory [J]. Computer Science, 2020, 47(11A): 449-453.
[14] CAI Wei, BAI Guang-wei, SHEN Hang, CHENG Zhao-wei, ZHANG Hui-li. Reinforcement Learning Based Win-Win Game for Mobile Crowdsensing [J]. Computer Science, 2020, 47(10): 41-47.
[15] LIU Hai-bo,WU Tian-bo,SHEN Jing,SHI Chang-ting. Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory [J]. Computer Science, 2020, 47(1): 281-286.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.