摘要
物联网设备数量迅速增多使得针对物联网的攻击越来越多,网络安全人员急需使用主动防御技术将被动转化为主动。SSH(Secure Shell)蜜罐技术的引入让防御方能够捕获攻击者的交互信息,对物联网安全具有十分重要的意义。然而,传统蜜罐由于特征或行为模式固定,很容易被攻击者识别和利用。文章从博弈论的角度出发,建立蜜罐与攻击者的交互模型,并使用SAC(Soft Actor-Critic)算法进行求解,通过计算得到防御方的最佳响应策略。仿真结果表明,将强化学习与博弈论相结合的自适应蜜罐能够在多种场景下快速找出最优交互策略,并且加入策略网络的强化学习方法与攻击者的交互收益要优于仅基于价值网络的传统强化学习方法。
The proliferation of IoT devices has led to an increasing number of attacks against the Internet of things,it’s urgent for cybersecurity personnel to use proactive defense techniques to turn reactive defense into proactive defense.The introduction of SSH(secure shell)honeypot technology allows defenders to capture learn attackers’interaction informationacting strategy,which is of great significance for IoT security.However,traditional honeypots are easily identified and exploited by attackers because of their fixed characteristics or behavioral patterns.From the perspective of game theory,this paper established an interaction model between honeypots and attackers,and we calculated the best response strategy of the defender by useing SAC(soft actor-critic)algorithm.Simulation results show that adaptive honeypot by combining reinforcement learning and game theory can quickly find the optimal interaction strategy in a variety of scenarios,and the reinforcement learning method added to the policy network is better than the traditional reinforcement learning method based on the value network alone.
作者
宋丽华
张津威
张少勇
SONG Lihua;ZHANG Jinwei;ZHANG Shaoyong(Institute of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第11期38-47,共10页
Netinfo Security
基金
国家自然科学基金[62172432]。
关键词
物联网
欺骗防御
蜜罐
强化学习
博弈论
Internet of things
deception defense
honeypot
reinforcement learning
game theory
