基于动态伪装网络的主动欺骗防御方法  被引量：7

作　　者：王硕[1,2] 王建华 裴庆祺 汤光明[1] 王洋[1] 刘小虎[1] WANG Shuo;WANG Jianhua;PEI Qingqi;TANG Guangming;WANG Yang;LIU Xiaohu(Department of Cryptogram Engineering,Information Engineering University,Zhengzhou 450001,China;National Key Laboratory of Integrated Services Network,Xidian University,Xi’an 710071,China;Shaanxi Key Laboratory of Blockchain and Security Computing,Xidian University,Xi’an 710071,China)

机构地区：[1]信息工程大学密码工程学院,河南郑州450001 [2]西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西西安710071 [3]西安电子科技大学陕西省区块链与安全计算重点实验室,陕西西安710071

出　　处：《通信学报》2020年第2期97-111,共15页Journal on Communications

基　　金：国家自然科学基金资助项目（No.U1636209）;陕西省重点研发计划基金资助项目（No.2019ZDLGY13-04,No.2019ZDLGY13-07)~~

摘　　要：针对现有蜜罐易被攻击者识破而导致其抵御渗透攻击时经常失效的问题,提出一种基于动态伪装网络的主动欺骗防御方法。首先,给出动态伪装网络定义并描述基于动态伴随网络的主动欺骗攻防场景;然后,在分析攻防交互过程的基础上,构建信号博弈模型来指导最优欺骗策略选取;进一步,设计基于双层威胁渗透图的攻防策略收益量化方法;最后,提出一种统一纯策略与混策略的博弈均衡求解方法。实验结果表明,基于动态伪装网络,精炼贝叶斯均衡能够为防御者实施最优防御策略提供有效指导,实现防御者收益最大化。此外,还总结了利用动态伪装网络进行主动欺骗防御的特点与规律。In view of the problem that the existing honeypots often fail to resist the penetration attack due to the lack of confidentiality, an active deception defense method based on dynamic camouflage network(DCN) was presented. The definition of DCN was given firstly, and then the attacker-defender scenario of active deception based on DCN was described. Next, the interaction process of the attacker-defender scenario was modeled by using a signaling game, whose equilibrium can guide the selection of optimal deception strategy. Furthermore, to quantify the payoffs accurately, the two-layer threat penetration graph(TLTPG) was introduced. Finally, the solution for game equilibrium was designed, through which pure strategy and mixed strategy could be calculated simultaneously. The experimental results show that, based on the dynamic camouflage network, the perfect Bayesian equilibrium can provide effective guidance for the defender to implement the optimal defense strategy and maximize the benefits of the defender. In addition, the characteristics and rules of active deception defense DCN-based are summarized.

关 键 词：蜜罐 网络欺骗防御 动态伪装网络 信号博弈 博弈均衡 

分 类 号：TP393.8[自动化与计算机技术—计算机应用技术]