基于改进蚁群算法的防护策略选择模型

网络攻击的多步性增加了预测攻击路径的难度，难以对攻击提供有效的安全防护，而传统的解决方案需要花费较高的成本来修复大量的网络漏洞。针对上述问题，对网络攻击的防护问题展开研究，提出一种基于改进蚁群算法的防护策略选择模型（Hardening Measures Selection Mode based on an Improved Ant?Colony?Optimization，HMSMIACO）。该模型由三部分组成：在现有攻击图的基础上，运用能够描述多步原子攻击间因果关系的贝叶斯信念网络构建用于评估网络安全风险的概率攻击图；结合防护成本与收益的量化指标，提出一种能够模拟攻击者决策过程的路径预测算法；鉴于防护策略选择问题是一个NP-hard问题，选择适用于中等规模网络环境的一种改进蚁群算法求解该问题，并获得该网络环境下近似最优的防护策略集。最后，通过实验说明了HMSMIACO在降低网络安全风险问题上的可行性与有效性。

Security Hardening Measures Selection Model Based on Improved Ant Colony Optimization

The multi-step feature of network attacks increases the difficulty of predicting attack paths and makes it difficult to provide effective security against attacks. Traditional solutions take a high cost to repair a large number of network vulnerabilities. In order to solve the above problems, this paper studies the protection of network attacks and proposes a Hardening Measure Selection Mode based on an Improved Ant Colony Optimization（HMSMIACO）. The model consists of three parts. Firstly, based on the existing attack graph, a Bayesian belief network, which can describe the relationship between multi-step atomic attacks, is used to construct a probabilistic attack graph for assessing network security risks. Secondly, a path prediction algorithm that can simulate the attacker’s decision-making process is proposed based on quantitative indicators of defense costs and benefits. Thirdly, considering the selection of protection strategy is an NP-hard problem, this paper chooses an improved ant colony algorithm which is suitable for medium-scale network environment to solve the problem and obtains the optimal protection strategy set in the network environment. Finally, the experiments show that HMSMIACO is feasible and effective in reducing the network security risk.