The Generation Method of Network Defense Strategy Combining with Attack Graph and Game Model

doi:10.3969/j.issn.1671-1122.2021.01.001

Abstract

Abstract:

In recent years, incidents threatening network security have become more frequent, hackers’ attack methods have become more and more sophisticated, and the difficulty of network security protection has continued to increase Aiming at the problem of the complex and changeable attack strategies and the imperfect rationality of the attacker in the actual network attack and defense environment, the article integrated the attack graph into the attack and defensive game model, and introduced a reinforcement learning algorithm to design a network active defense strategy generation method. The article first proposed a network vulnerability assessment model based on an improved attack graph, this model successfully compresses strategy space and effectively reduces the difficulty of modeling; then the article built a game model for network attack and defense, designed the attacker and defender’s decision-making on the network attack and defense strategy as a multi-stage random game model. At the same time, the article introduces reinforcement learning Minimax-Q Learning to design a self-learning network defense algorithm, through this algorithm, the defender can learn a series of attack behaviors to solve the optimal defense strategy for the attacker. Finally, the article verifies the effectiveness and advancement of the algorithm through simulation experiments. At the same time, the article introduced reinforcement learning Minimax-Q to design a self-learning network defense strategy selection algorithm, through this algorithm, the defender can learn a series of attack behaviors to solve the optimal defense strategy for the attacker. Finally, the article verified the effectiveness and advancement of the algorithm through simulation experiments., it shows that the proposed method has certain guiding significance for network defense.

Key words: network security, attack graph, game model, Minimax-Q, optimal defense strategy

CLC Number:

TP309

JIN Zhigang, WANG Xinjian, LI Gen, YUE Shunmin. The Generation Method of Network Defense Strategy Combining with Attack Graph and Game Model[J]. Netinfo Security, 2021, 21(1): 1-9.

Figures/Tables 8

References 13

[1]	GB/T 22239-2019 Information Security Technology—Base Line for Classified Protection of Cyber Security[S]. Beijing: Standardization Administration of the People's Republic of China, 2019.
	GB/T 22239-2019 信息安全技术网络安全等级保护基本要求[S]. 北京:中国国家标准化管理委员会, 2019.
[2]	National Internet Emergency Center. Report on China Internet network security in 2019[M]. Beijing: Posts and Telecommunications Press, 2020.
	国家计算机网络应急技术处理协调中心. 2019年中国互联网网络安全报告[M]. 北京: 人民邮电出版社, 2020.
[3]	LYE K W, WING J M. Game strategies in network security[J]. International Journal of Information Security, 2005,4(2):71-86.
[4]	WANG Jiaxin, FENG Yi, YOU Rui. Measuring Network Security by Dependency Relationship Graph and Common Vulnerability Scoring System[J]. Journal of Computer Applications, 2019,39(6):1719-1727.
	王佳欣, 冯毅, 由睿. 基于依赖关系图和通用漏洞评分系统的网络安全度量[J]. 计算机应用, 2019,39(6):1719-1727.
[5]	HU Hao, LIU Yuling, ZHANG Yuchen, et al. Survey of Attack Graph Based Network Security Metric[J]. Chinese Journal of Network and Information Security, 2018,4(9):5-20.
	胡浩, 刘玉岭, 张玉臣, 等. 基于攻击图的网络安全度量研究综述[J]. 网络与信息安全学报, 2018,4(9):5-20.
[6]	CONITZER V, SANDHOLM T. Computing the Optimal Strategy to Commit to [C] // ACM. The 7th ACM Conference on Electronic Commerce, June 11-15, 2006, New York, NY, USA. Ann Arbor: Association for Computing Machinery, 2006: 82-90.
[7]	LIU Jingwei, LIU Jingju, LU Yuliang, et al. Application of Game Theory in Network Security Situation Awareness[J]. Journal of Computer Applications, 2017,37(S2):48-51, 64.
	刘景玮, 刘京菊, 陆余良, 等. 博弈论在网络安全态势感知中的应用[J]. 计算机应用, 2017,37(S2):48-51,64.
[8]	CAI Xingpu, Wang Qi, TAI Wei, et al. A Multi-stage Game Based Defense Method against False Data Injection Attack on Cyber Physical Power System[J]. Electric Power Construction, 2019,40(5):48-54.
	蔡星浦, 王琦, 邰伟, 等. 基于多阶段博弈的电力CPS虚假数据注入攻击防御方法[J]. 电力建设, 2019,40(5):48-54.
[9]	SHELAR D, AMIN S. Security Assessment of Electricity Distribution Networks under DER Node Compromises[J]. IEEE Transactions on Control of Network Systems, 2017,4(1):23-36.
[10]	ZHANG Hongqi, YANG Junnan, ZHANG Chuanfu. Defense Decision-making Method Based on Incomplete Information Stochastic Game and Q-learning[J]. Journal on Communications, 2018,39(8):56-68.
	张红旗, 杨峻楠, 张传富. 基于不完全信息随机博弈与Q-learning的防御决策方法[J]. 通信学报, 2018,39(8):56-68.
[11]	WANG Zengguang, LU Yu, LI Xi. Active Defense Strategy Selection of Military Information Network Based on Incomplete Information Game[J]. Acta Armamentarii, 2020,41(3):608-617.
	王增光, 卢昱, 李玺. 基于不完全信息博弈的军事信息网络主动防御策略选取[J]. 兵工学报, 2020,41(3):608-617.
[12]	LITTMAN, MICHAEL L. Markov Games as a Framework for Multi-agent Reinforcement Learning[C] //Machine Learning Proceedings. Proceedings of the Eleventh International Conference on Machine Learning (ML-94), June 27-July 2, 1994, Rutgers University, New Brunswick, NJ. San Mateo: Morgan Kauffman Publishers, 1994: 157-153.
[13]	BIANCHI Reinaldo A C, MARTINS Murilo F, RIBEIRO Carlos H C, et al. Heuristically-accelerated Multiagent Reinforcement Learning[J]. IEEE Transactions on Cybernetics, 2014,44(2):252-265. URL pmid: 23757547

主机/服务器	CVE编号	漏洞信息	利用漏洞的攻击动作编号
Web服务器	CVE-2013-2249	模块安全漏洞	a1
	CVE-2020-4362	权限提升漏洞	a10
	CVE-2017-0101	整数溢出漏洞	a6
H1	CVE-2019-0708	远程桌面远程代码执行漏洞	a11
	CVE-2014-8631	安全绕过漏洞	a5
	CVE-2019-9766	缓冲区溢出漏洞	a9
H2	CVE-2011-0638	USB 数据任意程序执行漏洞	a2
H3	CVE-2018-1111	远程代码执行漏洞	a12
H3	CVE-2015-1793	OpenSSL证书验证安全限制绕过漏洞	a8
H4	CVE-2015-2808	弱密码套件漏洞	a7
网络文件服务器	CVE-2014-7226	HttpFileServer代码注入漏洞	a3
数据库服务器	CVE-2016-6617	SQL注入漏洞	a4

防御策略	描述
DMQ-R	防御者采取Minimax-Q算法,攻击者采取随机策略,双方进行攻防博弈后,得到的防御策略
DQL-R	防御者采取Q-learning算法,攻击者采取随机策略,双方进行攻防博弈后,得到的防御策略
DMQ-MQ	防御者和攻击者都采取Minimax-Q算法,双方进行攻防博弈后,得到的防御策略
DQL-QL	防御者和攻击者都采取Q-learning算法,双方进行攻防博弈后,得到的防御策略

[1]	WANG Juan, YANG Hongyuan, FAN Chengyang. A SDN Dynamic Honeypot with Multi-phase Attack Response [J]. Netinfo Security, 2021, 21(1): 27-40.
[2]	DONG Qiang, LUO Guoming, SHI Hongkui, ZHANG Yongyue. Research on Authentication and Key Agreement Method of IMS-based Mobile Communication Private Network [J]. Netinfo Security, 2021, 21(1): 88-96.
[3]	LIU Daheng, LI Hongling. Research on QR Code Phishing Detection [J]. Netinfo Security, 2020, 20(9): 42-46.
[4]	LI Shibin, LI Jing, TANG Gang, LI Yi. Method of Network Security States Prediction and Risk Assessment for Industrial Control System Based on HMM [J]. Netinfo Security, 2020, 20(9): 57-61.
[5]	LAI Jiangliang, HOU Yifan, LU Xuming. Research on Comprehensive Effectiveness Analysis of Network Security System Based on Information Metrics and Loss [J]. Netinfo Security, 2020, 20(8): 81-88.
[6]	RAN Jinpeng, WANG Xiang, ZHAO Shanghong, GAO Hanghang. Virtual SDN Network Embedding Algorithm Based on Fruit Fly Optimization [J]. Netinfo Security, 2020, 20(6): 65-74.
[7]	MENG Xiangru, XU Jiang, KANG Qiaoyan, HAN Xiaoyang. Secure Virtual Network Embedding Algorithm Based on Entropy Weight VIKOR [J]. Netinfo Security, 2020, 20(5): 21-28.
[8]	JIN Hui, ZHANG Hongqi, ZHANG Chuanfu, HU Hao. Research on Active Defense Decision-making Method Based on QRD in Complex Network [J]. Netinfo Security, 2020, 20(5): 72-82.
[9]	ZHAO Zhiyan, JI Xiaomo. Research on the Intelligent Fusion Model of Network Security Situation Awareness [J]. Netinfo Security, 2020, 20(4): 87-93.
[10]	JING Tao, WAN Wei. Research on a P2P Network Communication Behavior Analytical Method for Status Migration Attribute-oriented [J]. Netinfo Security, 2020, 20(1): 16-25.
[11]	Yue QIU. Network Security Risk Analysis and Assessment of Large-scale Sports Events [J]. Netinfo Security, 2019, 19(9): 61-65.
[12]	Mengru GAO, Fangjun XIE, Hongqin DONG, Xiang LIN. Research on Network Security Evaluation System Oriented to Critical Information Infrastructure [J]. Netinfo Security, 2019, 19(9): 111-114.
[13]	Wenli SHANG, Long YIN, Xianda LIU, Jianming ZHAO. Construction Technology and Application of Industrial Control System Security and Trusted Environment [J]. Netinfo Security, 2019, 19(6): 1-10.
[14]	Ke ZHANG, Youjie WANG, Shaoyin CHENG, Lidong WANG. Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks [J]. Netinfo Security, 2019, 19(5): 22-29.
[15]	Jianming FU, Lin LI, Rui ZHENG, Suriguga. Survey of Network Attack Detection Based on GAN [J]. Netinfo Security, 2019, 19(2): 1-9.