拟态式蜜罐诱骗特性的博弈理论分析

该文基于非合作不完全信息动态博弈理论,形式化描述了拟态式蜜罐诱骗博弈的各局中人策略和收益,构建了诱骗博弈收益矩阵,推理分析了拟态式蜜罐诱骗博弈中存在的贝叶斯纳什均衡策略,通过进一步讨论博弈均衡条件和影响因素并与传统蜜罐博弈相比较,给出了拟态式蜜罐模型中保护色、警戒色等机制在诱骗博弈中的适用条件,证明了拟态式蜜罐模型具有更好的主动性、有效性和迷惑性.     

蜜罐技术研究新进展

蜜罐技术是网络防御中的陷阱技术,它通过吸引诱骗攻击者并记录其攻击行为,从而研究学习敌手的攻击目的和攻击手段,保护真实服务资源。然而,传统蜜罐技术存在着静态配置、固定部署等先天不足,极易被攻击者识别绕过而失去诱骗价值。因此,如何提高蜜罐的动态性与诱骗性成为蜜罐领域的关键问题。该文对近年来国内外蜜罐领域研究成果进行了梳理,首先总结了蜜罐发展历史,随后以蜜罐关键技术为核心,对执行过程、部署方式、反识别思想、博弈理论基础进行了分析;最后,对近年来不同蜜罐防御成果分类叙述,并对蜜罐技术发展趋势进行了分析陈述,针对潜在安全威胁,展望新兴领域防御应用。     

网络诱骗的基本原理、要求及应用分析

对网络诱骗的基本原理和基本要求进行了阐述,列举了蜜罐主机、陷阱网络、诱导以及欺骗信息设计4种网络诱骗技术,并对应用最早、最多的蜜罐主机技术进行了分析。     

基于Markov演化博弈的网络防御策略选取方法

当前运用博弈理论的网络安全研究大多采用完全理性假设,本文针对现实社会中攻防双方的有限理性限制条件和攻防过程的动态变化特征,基于非合作演化博弈理论,从有限理性约束出发,将演化博弈模型与Markov决策相结合,构建多阶段Markov攻防演化博弈模型,实现对多阶段、多状态攻防对抗的动态分析推演;依据博弈的折扣总收益设计目标函数,提出多阶段博弈均衡的求解方法,给出最优防御策略选取算法.通过实验验证了模型和方法的有效性.     

基于攻防信号博弈模型的防御策略选取方法

当前基于博弈理论的防御策略选取方法大多采用完全信息或静态博弈模型,为更加符合网络攻防实际,从动态对抗和有限信息的视角对攻防行为进行研究。构建攻防信号博弈模型,对策略量化计算方法进行改进,并提出精炼贝叶斯均衡求解算法。在博弈均衡分析的基础上,设计了最优防御策略选取算法。通过实验验证了模型和算法的有效性,并在分析实验数据的基础上总结了攻防信号博弈的一般性规律,能够指导不同类型防御者的决策。     

下一代异构网络中基于进化博弈论的业务负载均衡

阐述了进化博弈论(EGT)的基本理论和模型，并将其应用于异构(heterogeneous)通信网络的业务负载均衡问题中，给出了一种基于进化博弈理论的异构网络业务分配模型。应用复制动力学的动态学习能力，进化博弈模型中的用户方通过动态调整分配策略，可以获得进化稳定策略(ESS)下均衡的负载分配和改善的期望效用(utility，或适应度fitness)。计算机仿真结果从负载分配的稳定、均衡和改善的平均期望效用三个方面验证了进化博弈模型在异构网络负载均衡问题中的有效性。     

网络安全之蜜罐技术篇

本文从多个方面对蜜罐技术进行全面的阐述。首先介绍蜜罐的概念，阐述它的安全价值。然后介绍4种不同的蜜罐配置方式：诱骗服务、弱化系统、强化系统和用户模式服务器，并根据不同的分类原则对蜜罐进行分类。然后介绍了。些典型的蜜罐产品，最后总结了蜜罐的优缺点及其发展趋势。     

具有指纹库扩展功能的蜜罐系统开发研究

蜜罐是一种通过伪装成真实系统或服务来诱骗攻击者的网络安全技术。蜜罐有着许多其他网络安全技术无法比拟的优点,已经成为当前网络安全领域里研究的热点。首先介绍蜜罐的概念以及开源蜜罐软件Honeyd的基本特点和基本要素,然后介绍基于Honeyd所开发的蜜罐诱捕系统,最后指出该蜜罐系统指纹库无法更新的缺陷,并提出重要的改进方案。     

一种研究型虚拟蜜罐网络的设计与实现

信息时代的到来需要计算机安全防护从被动防御转为主动防御，从而使蜜罐技术在网络对抗中日益受到重视。蜜罐技术研究的重点在于如何设计一个严格控制的网络诱骗环境。文中设计并实现了一个研究型虚拟蜜罐网络。首先，提出了虚拟蜜网的总体设计目标及蜜网拓扑结构，然后，实现了蜜罐网络并分析了各功能模块。对蜜罐网络的攻击测试结果表明该蜜罐网络达到了设计目标。     

博弈条件下雷达波形设计策略研究

为提高电子战中弹载雷达检测性能,该文提出基于纳什均衡的雷达波形设计方法。首先建立电子战条件下雷达与干扰信号博弈模型,基于最大化信干噪比(SINR)准则,分别设计了雷达和干扰的波形策略;然后通过数学推导论证了博弈纳什均衡解的存在性,设计了一种重复剔除严格劣势的多次迭代注水方法来实现纳什均衡;通过二步注水法推导了非均衡的maxmin优化方案;最后通过仿真实验测试不同策略下雷达检测性能。仿真结果证明,基于纳什均衡的雷达信号设计有助于提升博弈条件下雷达检测性能,对比未博弈时,雷达检测概率最高可提升12.02%,较maxmin策略最高可提升3.82%,证明所设计的纳什均衡策略更接近帕累托最优。     

Honeypot game‐theoretical model for defending against APT attacks with limited resources in cyber‐physical systems

A cyber‐physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well‐funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game‐theoretical model considering both low‐ and high‐interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.     

Research on active defense based on multi-stage cyber deception game

In view of the characteristic that attacker depended on the detected information to decide the next actions,the non-cooperative signal game theory was applied to analyze cyber attack and defense.The signal deception mechanism in the process of cyber attack and defense was considered deeply by constructing a multi-stage cyber deception game model,and the dynamic analysis and deduction of the multi-stage cyber attack and defense was realized by considering the attenuation of cyber deception signals.A solution for multi-stage cyber deception game equilibrium was improved based on analysis of cyber attack and defense,and an optimal algorithm for selecting cyber deception defense strategies was designed.The effectiveness of the model is verified by simulations.The rules of multi-stage cyber deception games are summarized based on the results,which can provide effective guidance for the research on cyber active defense.     

基于多阶段攻防信号博弈的最优主动防御

从网络攻防对抗的实际场景出发,针对具有不完全信息约束的多阶段动态攻防过程,构建了多阶段攻防信号博弈模型.针对多阶段攻防过程中信号作用衰减的问题,提出信号衰减因子进行量化描述.在此基础上,设计了多阶段攻防博弈均衡的求解方法,并给出了最优主动防御策略选取算法.通过仿真实验验证了本文模型和方法的有效性,并且分析总结了多阶段攻防博弈的规律.     

分布式自选举动态阵列蜜罐系统的设计与实现

Traditional honeypot is in fact a “passive proactive” defense mechanism because it may lose the value entirely once the adversary has detected the existence of the static trap and bypassed it. Our work focuses on a Self Election dynamic honeypot framework which aims to bewilder attackers by coordinating and switching roles periodically to form a huge dynamic puzzle. In this paper, we discuss the UDP Spokesman synchronization scheme and the Self Election coordination method, perform the framework simulation of the dynamic array honeypot with NS2, carry out the prototype implementation by Java, and then validate the effectiveness and feasibility on the simulation and prototype system. The promising results of applying this framework to mitigate the effects of attacks are shown and analyzed. Our work demonstrates that the Self Election dynamic array honeypot system is feasible and effective for proactive network confrontation.     

网络虚拟化环境中底层资源的动态选择研究 —— 一种基于演化博弈的方法

从虚拟网络的角度考虑虚拟网络对底层资源的选择问题,将虚拟网络对底层网络中物理路径的自主选择抽象成一个演化博弈,虚拟网络通过反复博弈学习来调整物理路径的选择。利用模仿者动态方程分析博弈中不同策略的比例动态变化,证明了模仿者动态是底层资源动态选择博弈的合理策略更新机制。应用势博弈理论分析了博弈的演化过程,证明了演化的结果会达到演化平衡,确保了每个虚拟网络都获得了最优策略选择。最后基于模仿者动态策略选择机制提出了一个演化算法,通过数值仿真模拟了不同初始策略分布下虚拟网络对底层网络路径的选择过程,实验结果表明演化博弈收敛到了稳定点,仿真结果与理论分析的结果相吻合。     

Optimal strategy selection approach of moving target defense based on Markov time game

For the problem that the existed game model was challenging to model the dynamic continuous characteristics of network attack and defense confrontation effectively,a method based on Markov time game was proposed to select the optimal strategy for moving target defense.Based on the analysis of the attack and defense confrontation process of moving targets,the set of moving target attack and defense strategies was constructed.The dynamics of the single-stage moving target defense process was described by time game.The randomness of multi-stage moving target defense state transformation was described by Markov decision process.At the same time,by abstracting the use of resource vulnerability by attack-defense participants as the alternation of the control of the attack surface,the versatility of the game model was effectively guaranteed.On this basis,the existence of equilibrium was analyzed and proved,and the optimal strategy selection algorithm was designed.Finally,the practicality of the constructed model and the effectiveness of the algorithm are verified by an application example.     

Optimal strategy selection method for moving target defense based on signaling game

To solve the problem of the optimal strategy selection for moving target defense,the defense strategy was defined formally,the defense principle from the perspective of attack surface shifting and exploration surface enlarging was taken into account.Then,network attack-defense behaviors were analyzed from the sight of dynamic confrontation and bounded information.According to the analysis of attack-defense game types and confrontation process,the moving target defense model based on signaling game was constructed.Meanwhile,the method to quantify strategies was improved and the solution of perfect Bayesian equilibrium was proposed.Furthermore,the optimal defense strategy selection algorithm was designed by the equilibrium analysis.Finally,the simulation demonstrates the effectiveness and feasibility of the proposed optimal strategy and selection method.     

Incentive analysis for cooperative interactive multiview video streaming

In interactive multiview video streaming (IMVS), users can periodically select one out of many captured views available for observation. In single-view video streaming, cooperative strategies where peers share received packets of the same video have proven to be effective in reducing server׳s upload burden, and incentive mechanisms are designed to stimulate user cooperation. However, exploiting user cooperation in higher dimensional IMVS is difficult, since users watching different views makes it difficult to establish partnership, and users switching views frequently and independently makes it difficult to maintain partnership over time. In this paper, we use a multiview video frame structure for IMVS to support cooperative view-switching, where peers may help each other even if they are observing different views. We then model peers׳ interaction as an indirect reciprocity game, where each user is assigned a reputation level. To gain a higher reputation level, users help others, which in turn leads to a higher likelihood to receive others׳ help later. In this work, we focus on how view switching, the key feature of IMVS, affects user cooperation. By modeling users׳ decision making as a Markov decision process, our analysis shows that users tend to cooperate at some views but not others: given peers can predict their future view navigation paths probabilistically, for a peer who is likely to enter a view-switching path not requiring others׳ help, he also has less incentive to cooperate. Furthermore, we observe that the game may have multiple Nash Equilibria corresponding to different cooperation levels, e.g., users cooperate at all views in the full cooperation equilibrium, while users only cooperate at certain views in the partial cooperation equilibrium. The particular equilibrium the game will converge to depends on the initial cooperation level of the game. To stimulate user cooperation at all views, we propose a Pay-for-Cooperation (PfC) scheme at the beginning of the game to drive the game to the full cooperation equilibrium to improve system efficiency. Our simulation results show the effectiveness of PfC.