基于攻击图与随机森林算法的网络电子对抗攻击主动防御方法

An Active Defense Method for Network Electronic Countermeasures Attacks Based on Attack Graph and Random Forest Algorithm

在防御网络电子对抗攻击阶段,由于对攻击的判断准确性较低,导致防御阶段的胜率难以得到保证,为此,提出基于攻击图与随机森林算法的网络电子对抗攻击主动防御方法研究。设计的攻击图生成架构主要包含分别为信息获取→知识图谱构建→攻击图生成三个部分,并将将CVE、NVD、CNVD、CNNVD漏洞库以及Packet Strom Security信息安全网站论坛作为主要网络电子对抗攻击信息的获取来源,以网络节点间的连接关系,以及攻击前后网络中各节点的权限关系,不同网络节点在攻击下的收益作为攻击图关联关系的判断基准。在防御网络电子对抗攻击阶段,利用随机森林算法确定具体防御节点状态。在测试结果中,设计防御方法对于同类型攻击的胜率始终稳定在90.0%以上,明显优于对照组。

In the defense phase of network electronic warfare attacks,due to the low accuracy of attack judgment,it is difficult to ensure the success rate of the defense phase.Therefore,a study on active defense methods for network electronic warfare attacks based on attack graphs and random forest algorithms is proposed.The designed attack graph generation architecture mainly includes three parts:information acquisition,knowledge graph construction,and attack graph generation.CVE,NVD,CNVD,CNNVD vulnerability libraries,and Packet Strom Security information security website forum will be used as the main sources for obtaining network electronic countermeasures attack information,as well as the connection relationship between network nodes and the permission relationship of each node in the network before and after the attack,The profits of different network nodes under attack are used as the basis for determining the correlation relationship of attack graphs.In the stage of defending against network electronic countermeasures attacks,the random forest algorithm is used to determine the specific defense node status.In the test results,the victory rate of the designed defense method against the same type of attack remained stable at over 90.0%,significantly better than the control group.