带有欺骗证据的蜜罐博弈攻防策略优化机制

Optimization mechanism of attack and defense strategy in honeypot game with evidence for deception

利用博弈模型实现蜜罐行为策略的优化是提高蜜罐诱捕能力的重要手段。现有研究存在动作空间简单、割裂博弈全过程的问题。基于此,提出了带有欺骗证据的蜜罐博弈机制(HoneyED)。HoneyED在扩大攻防动作空间的基础上,综合考虑博弈全过程,关注攻击者信念变化及这种变化对攻防策略的影响;然后基于信念求解理论均衡策略;最后基于深度反事实遗憾值最小化(Deep-CFR)设计了攻防混合策略均衡近似求解算法,得到了执行近似混合策略的攻防智能体。理论和实验结果表明,虽然攻击方在信念达到一定阈值后应及时退出博弈以获得最大收益,但所得蜜罐策略在考虑风险的情况下能尽量降低攻击方信念以诱骗其继续攻击,从而获得更大收益,且能针对具有不同欺骗识别能力的攻击方选择最佳响应。

Using game theory to optimize honeypot behavior is an important method in improving defender’s trapping ability.Existing work tends to use over simplified action spaces and consider isolated game stages.A game model named HoneyED with expanded action spaces and covering comprehensively the whole interaction process between a honeypot and its adversary was proposed.The model was focused on the change in the attacker’s beliefs about its opponent’s real identity.A pure-strategy-equilibrium involving belief was established for the model by theoretical analysis.Then,based on the idea of deep counterfactual regret minimization(Deep-CFR),an optimization algorithm was designed to find an approximate hybrid-strategy-equilibrium.Agents for both sides following hybrid strategies from the approximate equili-brium were obtained.Theoretical and experimental results show that the attacker should quit the game when its belief reaches a certain threshold for maximizing its payoff.But the defender’s strategy is able to maximize the honeypot’s profit by reducing the attacker’s belief to extend its stay as long as possible and by selecting the most suitable response to attackers with different deception recognition abilities.