基于OODA的网络对抗试验方法研究

发布时间：2018-07-20 12:51

【摘要】：随着互联网的发展,它已经逐步地深刻改变了我们的生活,渗透到了人类社会的各个角落,尤其移动互联网时代使互联网又经历了一次飞跃性的发展。互联网不仅与个人生活相关,更是成为了国家层面的战略性资源。所以网络安全具有重要意义。本课题对网络攻防对抗做了一些探索,并从攻击者的角度提出了基于OODA的网络对抗模型——OODA-Net AD模型。OODA-Net AD模型共有四个子模块分别是:通信数据获取模块、协议特征分析模块、攻击策略选择模块和攻击执行模块,这四个模块中的第二和第三个模块是研究重点。而且最后对OODA-Net AD模型进行了仿真和测试。第二个模块即协议特征分析模块实现的功能是对捕获到的数据包进行分析并提取出协议的一些特征,在该模型中使用了基于数据流分析的协议特征识别技术,首先使用n-gram生成技术将原始的网络数据包中的每条通信消息转换成n-gram序列;然后利用基于LDA模型的关键字识别技术提取出协议的关键字集合,在对LDA模型进行求解的时候用到Gibbs抽样方法;由于捕获到的数据包中会有可能存在两个数据包分别属于不同的协议但是它们拥有近似的关键字的情况,这种情况下需要用层次聚类算法对数据包进行聚类,使用了Information Bottleneck方法作为衡量聚类效果的指标;为了挖掘出频繁字节序列本文使用了序列对齐技术,这里采用的方法是启发式多重序列对比算法。第三个模块即攻击策略选择模块要从众多的攻击技术中选取一种能给攻击者带来最大收益的策略,这里使用了一个基于博弈论的最优攻击策略选择方案。在该方案中,首先需要对攻防双方的成本和收益进行量化;在完成量化工作后,建立攻击策略选择模型,该模型是一个完全信息非合作非零和博弈模型,然后求解模型的纳什均衡状态即可,该攻击策略选择模型的优点在于简洁直观同时模型的求解算法也很成熟。
[Abstract]:With the development of the Internet, it has gradually changed our life and penetrated into every corner of human society, especially in the era of mobile Internet, which has made the Internet experiencing a rapid development. The Internet is not only related to personal life, but also a strategic resource at home level. This topic has made some exploration on network attack and defense confrontation, and proposed a network confrontation model based on OODA from the angle of attacker - OODA-Net AD model.OODA-Net AD model with four sub modules: communication data acquisition module, protocol feature analysis module, attack strategy selection module and attack execution module, The second and third modules of the four modules are the focus of the study. Finally, the OODA-Net AD model is simulated and tested. The function of the second modules, the protocol feature analysis module, is to analyze the captured data packets and extract some features of the protocol. In the model, a protocol based on data flow analysis is used. The feature recognition technology first uses n-gram generation technology to convert every communication message in the original network packet into n-gram sequence, and then uses the keyword recognition technology based on LDA model to extract the keyword set of the protocol, and uses the Gibbs sampling method when the LDA model is solved; because of the captured data packets. There may be two packets belonging to different protocols, but they have approximate keywords. In this case, a hierarchical clustering algorithm is used to cluster the packets, and the Information Bottleneck method is used as an indicator to measure the clustering effect; and the sequence of frequent byte sequences is used in this paper. The method of alignment is a heuristic multiple sequence contrast algorithm. The third module, the attack strategy selection module, selects a strategy to bring the maximum benefit to the attacker from many attacks. In this case, a game theory based optimal attack strategy selection scheme is used. The cost and benefit of both the attack and defense are quantified. After completing the quantization work, the attack strategy selection model is established. The model is a complete information non cooperative nonzero sum game model, and then solves the Nash equilibrium state of the model. The advantage of the attack strategy selection model is very simple and intuitive and the solution algorithm of the model is very mature.
【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】