非完全信息下协作式入侵检测系统检测库配置研究  

作　　者：石月楼 杨旦杰 冯宇 李永强[1] SHI Yuelou;YANG Danjie;FENG Yu;LI Yongqiang(College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023)

机构地区：[1]浙江工业大学信息工程学院,杭州310023

出　　处：《高技术通讯》2024年第2期162-172,共11页Chinese High Technology Letters

基　　金：国家自然科学基金(61973276)资助项目。

摘　　要：本文研究了有限时间下非完全信息协作式入侵检测系统(IDS)的检测库配置。针对各入侵检测系统面对不同类型攻击时的最优检测库的配置以及检测库分配的矛盾,提出了一种双层检测库配置方法。第1层研究的是各攻击者的策略制定以及对应入侵检测系统的最优检测库配置方案;第2层研究的是如何解决多个入侵检测系统加载同一检测库的矛盾,给出了基于策略共享的集中式分配方法。第1层研究又可分为2步解决:第1步针对攻击者无法获知系统的真实状态、与入侵检测系统之间存在着信息不对称的问题,提出构建一个基于信念的随机博弈框架,通过后向递归算法求解,并证明该解就是博弈的稳态纳什均衡(SNE)策略;第2步通过求解混合Markov决策过程得到各入侵检测系统的最优检测库配置方案。仿真结果表明,本文所提方法能有效地得到协作式入侵检测系统面对不同类型攻击时的最优检测库配置方案。This paper studies the configuration problem of cooperative intrusion detection systems(IDS) with information limitation in finite-time horizon.Aiming at the optimal configuration of the detection libraries when facing different types of attacks and the contradiction in the allocation process,a method of two-layer detection libraries allocation scheme is proposed.In the first layer,the decision-making process of each intrusion detection system and the corresponding attacker are studied.In the second layer,the contradiction of loading detection libraries is solved by a centralized resource allocation method based on sharing strategy.In addition,the problem of the first layer can be solved in two steps.Firstly,by virtue of the fact that the attacker is not aware of the state,which leads to the information asymmetry,a belief-based stochastic game is constructed.And the strategy solved by the backward recursion algorithm is a stationary Nash equilibrium(SNE) strategy of the belief-based stochastic game.Secondly,the optimal detection libraries allocation plan can be solved by a hybrid Markov decision process.The simulation results show that the proposed algorithm is effective in obtaining the optimal configuration of detection libraries when facing different types of attacks.

关 键 词：非完全信息博弈 MARKOV决策过程 入侵检测系统(IDS) 资源分配 网络安全 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]