摘要
为解决APT(高级持续性威胁)攻防对抗过程中的防御滞后性问题,并在有限资源下作出最优主动防御决策。针对APT攻击过程中攻防双方意图、可行策略集随攻击阶段推进而演变的特点进行了研究,基于非合作博弈理论构建了多阶段APT攻防随机博弈模型AO-ADSG(APT-oriented attack-defense stochastic game)。针对APT攻防对抗中双方效用不对等的现象引入非零和思想,设计符合APT攻击特征的全资产要素效用量化方法;在分析博弈均衡的基础上给出最优防御策略选取算法。最后,通过“夜龙攻击”模拟实验验证了提出方法的可行性及正确性。
To better solve the problem of defense lag in the APT attack-defense confrontation process,and make optimal active defense decisions under the limited resources,this paper analyzed the characteristics that attacker and defender’s objectives and strategies evolve over the APT attack phase,then established an multi-stage APT-oriented attack-defense stochastic game model(AO-ADSG)based on the non-cooperative game theory.Aiming at the fact that the utility of APT attacker and defender were unequal,this paper designed the all-assets-elements utility quantification method conforming to the APT attack features based on non-zero sum game.Analyzing the game equilibrium,it proposed the optimal active defense strategy selection algorithm.Finally,the simulation experiment of Night Dragon verifies the feasibility and correctness of the proposed method.
作者
李静轩
朱俊虎
邱菡
郭伟
Li Jingxuan;Zhu Junhu;Qiu Han;Guo Wei(State Key Laboratory of Mathematical Engineering&Advanced Computing,Strategic Support Force Information Engineering University,Zhengzhou 450001,China;National Digital Switching System Engineering&Technological R&D Center,Zhengzhou 450001,China)
出处
《计算机应用研究》
CSCD
北大核心
2020年第10期3071-3076,3111,共7页
Application Research of Computers
基金
国家自然科学基金资助项目。
关键词
APT攻击
非零和博弈
全资产要素效用量化
攻防意图
攻击预测
主动防御决策
APT attack
non-zero-sum game
all-assets-elements utility quantification
attack-defense intention
attack forecast
active defense decision-making
