面向智能渗透攻击的欺骗防御方法

Deception defense method against intelligent penetration attack

基于强化学习的智能渗透攻击旨在将渗透过程建模为马尔可夫决策过程,以不断试错的方式训练攻击者进行渗透路径寻优,从而使攻击者具有较强的攻击能力。为了防止智能渗透攻击被恶意利用,提出一种面向基于强化学习的智能渗透攻击的欺骗防御方法。首先,获取攻击者在构建渗透攻击模型时的必要信息(状态、动作、奖励);其次,分别通过状态维度置反扰乱动作生成,通过奖励值符号翻转进行混淆欺骗,实现对应于渗透攻击的前期、中期及末期的欺骗防御;最后,在同一网络环境中展开3个阶段的防御对比实验。实验结果表明,所提方法可以有效降低基于强化学习的智能渗透攻击成功率,其中,扰乱攻击者动作生成的欺骗方法在干扰比例为20%时,渗透攻击成功率降低为0。

The intelligent penetration attack based on reinforcement learning aims to model the penetration process as a Markov decision process,and train the attacker to optimize the penetration path in a trial-and-error manner,so as to achieve strong attack performance.In order to prevent intelligent penetration attacks from being maliciously exploited,a deception defense method for intelligent penetration attack based on reinforcement learning was proposed.Firstly,obtaining the necessary information for the attacker to construct the penetration model,which included state,action and reward.Secondly,conducting deception defense against the attacker through inverting the state dimension,disrupting the action generation,and flipping the reward value sign,respectively,which corresponded to the early,middle and final stages of the penetration attack.At last,the three-stage defense comparison experiments were carried out in the same network environment.The results show that the proposed method can effectively reduce the success rate of intelligent penetration attacks based on reinforcement learning.Besides,the deception method that disrupts the action generation of the attacker can reduce the penetration attack success rate to 0 when the interference ratio is 20%.