基于专家系统的高级持续性威胁云端检测博弈
发布时间:2018-11-22 15:34
【摘要】:云计算系统是高级持续性威胁(advanced persistent threats,APT)的重要攻击目标.自动化的APT检测器很难准确发现APT攻击,用专家系统对可疑行为进行二次检测可以减少检测错误.但是专家系统完成二次检测需要花费一段额外的时间,可能导致防御响应延迟,而且专家系统本身也会产生误判.在综合考虑APT检测器和专家系统的虚警率和漏报率的基础上,用博弈论方法讨论在云计算系统的APT检测和防御中,利用专家系统进行二次检测的必要性.设计了一个基于专家系统的APT检测方案,并提出一个ES-APT检测博弈模型,推导其纳什均衡,据此研究了专家系统对云计算系统安全性能的改善作用.此外,当无法获得APT攻击模型时,提出了一种利用强化学习算法获取最优防御策略的方案.仿真结果表明:基于WoLF-PHC算法的动态ES-APT检测方案较之其他对照方案能够提高防御者的效用和云计算系统的安全性.
[Abstract]:Cloud computing system is an important target of advanced persistent threat to (advanced persistent threats,APT. It is difficult for automated APT detectors to detect APT attacks accurately. Using expert system to detect suspicious behavior twice can reduce the detection errors. However, it takes an extra period of time for the expert system to complete the secondary detection, which may lead to the delay of defense response, and the expert system itself will lead to misjudgment. On the basis of synthetically considering the false alarm rate and false alarm rate of APT detector and expert system, the necessity of using expert system to carry out secondary detection in APT detection and defense of cloud computing system is discussed by using game theory method. A scheme of APT detection based on expert system is designed, and a game model of ES-APT detection is proposed, and its Nash equilibrium is deduced. Based on this, the improvement of security performance of cloud computing system by expert system is studied. In addition, when the APT attack model can not be obtained, a reinforcement learning algorithm is proposed to obtain the optimal defense strategy. The simulation results show that the dynamic ES-APT detection scheme based on WoLF-PHC algorithm can improve the effectiveness of the defender and the security of cloud computing system compared with other control schemes.
【作者单位】: 中国科学院大学网络空间安全学院;物联网信息安全技术北京市重点实验室(中国科学院信息工程研究所);厦门大学通信工程系;
【基金】:国家重点研发计划项目(2016YFB0800202) 国防基础科研计划项目(JCKY2016602B001) 国家自然科学基金项目(U1636120,61671396) 北京市科委科技计划专项项目(Z161100002616032) CCF启明星辰鸿雁基金项目(2016-010)~~
【分类号】:TP393.08
[Abstract]:Cloud computing system is an important target of advanced persistent threat to (advanced persistent threats,APT. It is difficult for automated APT detectors to detect APT attacks accurately. Using expert system to detect suspicious behavior twice can reduce the detection errors. However, it takes an extra period of time for the expert system to complete the secondary detection, which may lead to the delay of defense response, and the expert system itself will lead to misjudgment. On the basis of synthetically considering the false alarm rate and false alarm rate of APT detector and expert system, the necessity of using expert system to carry out secondary detection in APT detection and defense of cloud computing system is discussed by using game theory method. A scheme of APT detection based on expert system is designed, and a game model of ES-APT detection is proposed, and its Nash equilibrium is deduced. Based on this, the improvement of security performance of cloud computing system by expert system is studied. In addition, when the APT attack model can not be obtained, a reinforcement learning algorithm is proposed to obtain the optimal defense strategy. The simulation results show that the dynamic ES-APT detection scheme based on WoLF-PHC algorithm can improve the effectiveness of the defender and the security of cloud computing system compared with other control schemes.
【作者单位】: 中国科学院大学网络空间安全学院;物联网信息安全技术北京市重点实验室(中国科学院信息工程研究所);厦门大学通信工程系;
【基金】:国家重点研发计划项目(2016YFB0800202) 国防基础科研计划项目(JCKY2016602B001) 国家自然科学基金项目(U1636120,61671396) 北京市科委科技计划专项项目(Z161100002616032) CCF启明星辰鸿雁基金项目(2016-010)~~
【分类号】:TP393.08
【相似文献】
相关期刊论文 前6条
1 袁玉婷;刘芬;邵双;冯姗;;个人健康顾问系统设计——基于辅助诊断专家系统[J];现代商贸工业;2014年07期
2 周洪伟;张来顺;原锦辉;;用遗传算法改进基于专家系统的入侵检测系统[J];计算机工程与设计;2007年09期
3 周明明;彭煈;;基于Web的专家系统实现技术研究[J];四川理工学院学报(自然科学版);2007年03期
4 寇净磊;董国超;;多Agent专家系统网格研究[J];科技信息;2009年10期
5 王修权;;基于Web专家系统机构浅析[J];黑龙江科技信息;2012年12期
6 钟振兴;;基于多系统数据接口的整合技术研究与实现[J];信息通信;2014年02期
相关硕士学位论文 前5条
1 刘欣;基于确定性因子理论的肺癌诊断Web专家系统的研究与实现[D];吉林大学;2017年
2 陆耀华;使用JESS开发基于Web的专家系统研究[D];同济大学;2007年
3 杨盼盼;基于Web Services的专家系统的研究及应用[D];西安工业大学;2012年
4 赵R挖,
本文编号:2349775
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2349775.html
