面向智能渗透攻击的欺骗防御方法  被引量：6

作　　者：陈晋音[1,2] 胡书隆 邢长友 张国敏 CHEN Jinyin;HU Shulong;XING Changyou;ZHANG Guomin(College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China;Institute of Cyber Space Security,Zhejiang University of Technology,Hangzhou 310023,China;College of Command&Control Engineering,Army Engineering University,Nanjing 210007,China)

机构地区：[1]浙江工业大学信息工程学院,浙江杭州310023 [2]浙江工业大学网络空间安全研究院,浙江杭州310023 [3]陆军工程大学指挥控制工程学院,江苏南京210007

出　　处：《通信学报》2022年第10期106-120,共15页Journal on Communications

基　　金：国家自然科学基金资助项目(No.62072406);浙江省重点研发计划基金资助项目(No.2021C01117);2020年工业互联网创新发展工程基金资助项目(No.TC200H01V);浙江省万人计划科技创新领军人才基金资助项目(No.2020R52011)。

摘　　要：基于强化学习的智能渗透攻击旨在将渗透过程建模为马尔可夫决策过程,以不断试错的方式训练攻击者进行渗透路径寻优,从而使攻击者具有较强的攻击能力。为了防止智能渗透攻击被恶意利用,提出一种面向基于强化学习的智能渗透攻击的欺骗防御方法。首先,获取攻击者在构建渗透攻击模型时的必要信息(状态、动作、奖励);其次,分别通过状态维度置反扰乱动作生成,通过奖励值符号翻转进行混淆欺骗,实现对应于渗透攻击的前期、中期及末期的欺骗防御;最后,在同一网络环境中展开3个阶段的防御对比实验。实验结果表明,所提方法可以有效降低基于强化学习的智能渗透攻击成功率,其中,扰乱攻击者动作生成的欺骗方法在干扰比例为20%时,渗透攻击成功率降低为0。The intelligent penetration attack based on reinforcement learning aims to model the penetration process as a Markov decision process,and train the attacker to optimize the penetration path in a trial-and-error manner,so as to achieve strong attack performance.In order to prevent intelligent penetration attacks from being maliciously exploited,a deception defense method for intelligent penetration attack based on reinforcement learning was proposed.Firstly,obtaining the necessary information for the attacker to construct the penetration model,which included state,action and reward.Secondly,conducting deception defense against the attacker through inverting the state dimension,disrupting the action generation,and flipping the reward value sign,respectively,which corresponded to the early,middle and final stages of the penetration attack.At last,the three-stage defense comparison experiments were carried out in the same network environment.The results show that the proposed method can effectively reduce the success rate of intelligent penetration attacks based on reinforcement learning.Besides,the deception method that disrupts the action generation of the attacker can reduce the penetration attack success rate to 0 when the interference ratio is 20%.

关 键 词：强化学习 智能渗透攻击 攻击路径 欺骗防御 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]