基于不完全信息博弈的反指纹识别分析  被引量：3

作　　者：李少辉 张国敏 宋丽华 王秀磊 LI Shao-hui;ZHANG Guo-min;SONG Li-hua;WANG Xiu-lei(Army Engineering University,Nanjing 210000,China)

机构地区：[1]陆军工程大学,南京210000

出　　处：《计算机科学》2021年第8期291-299,共9页Computer Science

基　　金：江苏省自然科学青年基金(BK20200582)。

摘　　要：网络侦察为网络攻击杀伤链的首要阶段,而指纹识别是网络侦察的重要组成部分,是成功实施网络攻击的先决条件。主动防御尤其是欺骗防御理念的推广促使防御者采取指纹信息隐藏、混淆等手段迷惑攻击者,降低其网络侦察效能,从而使防御者在对抗中获得一定的先发优势,攻防双方的对抗行为也因此提前到了网络侦察阶段。欺骗是攻防双方理性主体之间的战略对抗,博弈论正是研究理性决策者之间冲突与合作的定量科学,可以对各种防御性欺骗的参与者、行动等元素进行建模,指导防御者如何更好地利用欺骗技术。文中使用不完全信息动态博弈模型分析网络攻防双方从侦察到攻击的交互过程,分析计算了可能出现的各种精炼贝叶斯纳什均衡,并基于不同场景对均衡结果进行了讨论,为防御者优化欺骗策略达到更好的反指纹识别效果提出建议。Fingerprinting,which is an important part of reconnaissance,the first stage of network attack killing chain,is the prerequisite of successful implementation of network attack.The promotion of the concept of active defense,especially deception defense,encourages the defenders to confuse the attackers by means of fingerprint information hiding and obfuscation,thus reducing the effectiveness of their network reconnaissance.Therefore,the defenders can obtain a certain first-mover advantage in the confrontation,and the confrontation of both sides is also advanced to the stage of reconnaissance.Deception is the strategic confrontation between the rational agents of both sides,game theory is a quantitative science to study the conflict and cooperation between rational decision players.It can model the players and actions of various defensive deception,and guide the defenders to make better use of deception technology.In this paper,the dynamic game model with incomplete information is used to analyze the interactive process from reconnaissance to attack.The possible perfect Bayesian Nash equilibrium are analyzed and calculated,and the equilibrium are discussed based on different scenarios.Suggestions are put forward for the defenders to optimize the deceptive strategy to achieve better anti-fingerprinting effect.

关 键 词：网络侦察 指纹识别 欺骗防御 不完全信息动态博弈 精炼贝叶斯纳什均衡 

分 类 号：TP398.08[自动化与计算机技术—计算机应用技术]