共查询到20条相似文献,搜索用时 31 毫秒
1.
To solve the problem of the optimal strategy selection for moving target defense,the defense strategy was defined formally,the defense principle from the perspective of attack surface shifting and exploration surface enlarging was taken into account.Then,network attack-defense behaviors were analyzed from the sight of dynamic confrontation and bounded information.According to the analysis of attack-defense game types and confrontation process,the moving target defense model based on signaling game was constructed.Meanwhile,the method to quantify strategies was improved and the solution of perfect Bayesian equilibrium was proposed.Furthermore,the optimal defense strategy selection algorithm was designed by the equilibrium analysis.Finally,the simulation demonstrates the effectiveness and feasibility of the proposed optimal strategy and selection method. 相似文献
2.
3.
Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths. 相似文献
4.
For the problem that the existed game model was challenging to model the dynamic continuous characteristics of network attack and defense confrontation effectively,a method based on Markov time game was proposed to select the optimal strategy for moving target defense.Based on the analysis of the attack and defense confrontation process of moving targets,the set of moving target attack and defense strategies was constructed.The dynamics of the single-stage moving target defense process was described by time game.The randomness of multi-stage moving target defense state transformation was described by Markov decision process.At the same time,by abstracting the use of resource vulnerability by attack-defense participants as the alternation of the control of the attack surface,the versatility of the game model was effectively guaranteed.On this basis,the existence of equilibrium was analyzed and proved,and the optimal strategy selection algorithm was designed.Finally,the practicality of the constructed model and the effectiveness of the algorithm are verified by an application example. 相似文献
5.
现有研究者采用威胁建模和安全分析系统的方法评估和预测软件定义网络(software defined network, SDN)安全威胁,但该方法未考虑SDN控制器的漏洞利用概率以及设备在网络中的位置,安全评估不准确。针对以上问题,根据设备漏洞利用概率和设备关键度结合PageRank算法,设计了一种计算SDN中各设备重要性的算法;根据SDN攻击图和贝叶斯理论设计了一种度量设备被攻击成功概率的方法。在此基础上设计了一种基于贝叶斯攻击图的SDN安全预测算法,预测攻击者的攻击路径。实验结果显示,该方法能够准确预测攻击者的攻击路径,为安全防御提供更准确的依据。 相似文献
6.
为了解决大规模无人机集群组网中的网络资源有限、有效分配网络资源难度大的问题,本文针对任意对无人机收发节点构成的通信网络,联合考虑时域、频域、空域,提出了一种基于图着色的三维网络资源分配算法。具体的,本文利用方向回溯阵列天线在传统时频二维网络资源划分的基础上开辟空间维度,得到三维网络资源划分问题。为了解决该三维资源分配问题,本文首先将其建模为图着色问题,然后提出了启发式和贪婪式两种复杂度不同、适应场景也不同的图着色算法,并进一步设计了由着色结果到网络资源分配方案的映射算法。仿真结果验证了所提方法的有效性,相较于传统时分多址接入和时频二维资源分配而言,大大提高了吞吐量和传包成功率。 相似文献
7.
结合无线传感器网络现有的安全方案存在密钥管理和安全认证效率低等问题的特点,提出了无线传感器网络的轻量级安全体系和安全算法。采用门限秘密共享机制的思想解决了无线传感器网络组网中遭遇恶意节点的问题;采用轻量化ECC算法改造传统ECC算法,优化基于ECC的CPK体制的思想,在无需第三方认证中心CA的参与下,可减少认证过程中的计算开销和通信开销,密钥管理适应无线传感器网络的资源受限和传输能耗相当于计算能耗千倍等特点,安全性依赖于椭圆离散对数的指数级分解计算复杂度;并采用双向认证的方式改造,保证普通节点与簇头节点间的通信安全,抵御中间人攻击。 相似文献
8.
针对云原生环境下攻击场景的复杂性导致移动目标防御策略配置困难的问题,该文提出一种基于深度强化学习的移动目标防御策略优化方案(SmartSCR)。首先,针对云原生环境容器化、微服务化等特点,对其安全威胁及攻击者攻击路径进行分析;然后,为了定量分析云原生复杂攻击场景下移动目标防御策略的防御效率,提出微服务攻击图模型并对防御效率进行刻画。最后,将移动目标防御策略的优化问题建模为马尔可夫决策过程,并使用深度强化学习解决云原生应用规模较大时带来的状态空间爆炸问题,对最优移动目标防御配置进行求解。实验结果表明,SmartSCR能够在云原生应用规模较大时快速收敛,并实现逼近最优的防御效率。 相似文献
9.
云计算、大数据、5G通信等技术的快速发展,有力的促进了计算机网络在多个领域的普及和使用,人们已经进入到了“互联网+”时代,实现了工作、生活和学习的数字化、智能化和共享化。计算机网络在为人们提供各种便利服务的同时也面临着许多的安全威胁,比如木马、病毒等,不法分子攻击网络数据中心,破坏用户服务终端及服务器,为人们带来严重的威胁。网络安全学者或企业机构也提出了许多安全防御技术,比如入侵检测技术、深度包过滤技术、防火墙技术、数据加密技术等,一定程度上提高了网络安全防御的能力,但是随着互联网数据流量的增多,需要引入更加先进的人工智能技术,以便能够快速的采集、分析网络数据流,确定数据流中是否存在病毒或木马,以便及时的对其进行查杀,进一步提高网络安全防御的主动性、积极性 相似文献
10.
11.
视频合成孔径雷达(ViSAR)在地面动目标检测和感兴趣区域(ROI)的动态监测方面具有巨大的潜力。对地面运动目标的检测与跟踪一直是ViSAR的研究热点。针对现有基于深度学习的ViSAR动目标检测方法存在的依赖预训练模型,模型迁移难等问题,本文提出了一种基于深度学习与多目标跟踪(MOT)算法的ViSAR动目标阴影检测方法。该方法首先设计了一种从零开始深度学习的网络模型,实现动目标阴影的单帧检测。为了提高检测性能的鲁棒性,采用了基于卡尔曼滤波和逐帧数据关联的多目标跟踪算法跟踪动目标。实测数据处理结果表明该方法具有良好的检测性能。 相似文献
12.
13.
Moving target defense is a revolutionary technology which changes the situation of attack and defense.How to effectively achieve forwarding path mutation is one of the hotspot in this field.Since existing mechanisms are blindness and lack of constraints in the process of mutation,it is hard to maximize mutation defense benefit under the condition of good network quality of services.A novel of network moving target defense technique based on optimal forwarding path migration was proposed.Satisfiability modulo theory was adopted to formally describe the mutation constraints,so as to prevent transient problem.Optimization combination between routing path and mutation period was chosen by using optimal routing path generation method based on security capacity matrix so as to maximum defense benefit.Theoretical and experimental analysis show the defense cost and benefit in resisting passive sniffing attacks.The capability of achieving maximum defense benefit under the condition of ensuring network quality of service is proved. 相似文献
14.
针对Faster R-CNN算法中对于红外舰船目标特征提取不充分、容易出现重复检测的问题,提出了一种基于改进Faster R-CNN的红外舰船目标检测算法。首先通过在主干网络VGG-16中依次引出三段卷积后的3个特征图,将其进行特征拼接形成多尺度特征图,得到具有更丰富语义信息的特征向量;其次基于数据集进行Anchor的改进,重新设置Anchor boxes的个数与尺寸;最后优化改进后Faster R-CNN的损失函数,提高检测算法的整体性能。通过对测试数据集进行分析实验,结果表明改进后的检测算法平均精确度达到83.98%,较之于原Faster R-CNN,精确度提升了3.95%。 相似文献
15.
针对当前社会网络的匿名化隐私保护方法存在信息损失量巨大、网络关系结构被改变严重等问题,提出一种保持网络结构稳定的k-度匿名隐私保护模型SimilarGraph,运用动态规划方法对社会网络按照节点度序列进行最优簇划分,然后采用移动边操作方式重构网络图以实现图的k-度匿名化。区别于传统的数值扰乱或图修改如随机增加、删除节点或边等方法,该模型的优势在于既不增加网络边数和节点数,也不破坏网络原有连通性和关系结构。实验结果表明,SimilarGraph匿名化方法不仅能有效提高网络抵御度属性攻击的能力,并且还能保持网络结构稳定,同时具有较理想的信息损失代价。 相似文献
16.
Xiaoyu Xu Hao Hu Yuling Liu Jinglei Tan Hongqi Zhang Haotian Song 《Digital Communications & Networks》2022,8(3):373-387
Eavesdropping attacks have become one of the most common attacks on networks because of their easy implementation. Eavesdropping attacks not only lead to transmission data leakage but also develop into other more harmful attacks. Routing randomization is a relevant research direction for moving target defense, which has been proven to be an effective method to resist eavesdropping attacks. To counter eavesdropping attacks, in this study, we analyzed the existing routing randomization methods and found that their security and usability need to be further improved. According to the characteristics of eavesdropping attacks, which are “latent and transferable”, a routing randomization defense method based on deep reinforcement learning is proposed. The proposed method realizes routing randomization on packet-level granularity using programmable switches. To improve the security and quality of service of legitimate services in networks, we use the deep deterministic policy gradient to generate random routing schemes with support from powerful network state awareness. In-band network telemetry provides real-time, accurate, and comprehensive network state awareness for the proposed method. Various experiments show that compared with other typical routing randomization defense methods, the proposed method has obvious advantages in security and usability against eavesdropping attacks. 相似文献
17.
In order to take an active part in network attack and defense,a moving target defense solution on network layer based on OpenFlow was proposed,using the flexibility of network brought by OpenFlow network architecture.On the network layer,through mapping the correspondent nodes’ addresses to pseudo-random virtual addresses in the LAN and mapping correspondent nodes’ ports to virtual ports,achieving the hiding of correspond nodes in the whole network and the information of network architecture.Researches verify the system’s effectiveness.Comparing with existing moving target defense solutions,the proposed algorithm can be deployed easily in the traditional network,and realize comprehensive protection of the corresponding in the whole network. 相似文献
18.
19.
For the dramatic increase in the number and variety of mobile malware had created enormous challenge for information security of mobile network users,a value-derivative GRU-based mobile malware traffic detection approach was proposed in order to solve the problem that it was difficult for a RNN-based mobile malware traffic detection approach to capture the dynamic changes and critical information of abnormal network traffic.The low-order and high-order dynamic change information of the malicious network traffic could be described by the value-derivative GRU approach at the same time by introducing the concept of “accumulated state change”.In addition,a pooling layer could ensure that the algorithm can capture key information of malicious traffic.Finally,simulation were performed to verify the effect of accumulated state changes,hidden layers,and pooling layers on the performance of the value-derivative GRU algorithm.Experiments show that the mobile malware traffic detection approach based on value-derivative GRU has high detection accuracy. 相似文献