摘要
针对软硬件差异化容易导致拟态裁决结果不一致所造成的假阳现象被误认为网络攻击的问题,提出了一种基于深度学习的拟态裁决方法。通过构建无监督的自编码-解码深度学习模型,挖掘不同执行体输出多样化正常响应数据的深度语义特征,分析归纳其统计规律,并通过设计基于离线学习-在线裁决联动的训练机制和基于反馈优化机制来解决假阳现象,从而准确检测网络攻击,提高目标系统的安全弹性。鉴于软硬件差异导致正常响应数据间的统计规律已被深度学习模型理解掌握,因此不同执行体间拟态裁决结果将保持一致,即目标系统处于安全状态。一旦目标系统受到网络攻击,执行体的响应数据将偏离深度学习模型的统计规律,致使拟态裁决结果不一致,即目标系统存在潜在安全威胁。实验结果表明,所提方法的检测性能显著优于主流的拟态裁决方法,且平均预测准确度提升了14.89%,有利于将该方法集成到真实应用的拟态化改造来增强系统的防护能力。
Due to software and hardware differentiation,the problem of false positives mistakenly identified as network attack behavior caused by inconsistent mimic decision results frequently occurs.Therefore,a mimic decision method based on deep learning was proposed.By constructing an unsupervised autoencoder-decoder deep learning model,the deep semantic features of diverse normal response data were explored from different executions and its statistical rules were analyzed and summarized.Additionally,the offline learning-online decision-making mechanism and the feedback optimization mechanism were designed to solve false positive problem,thereby accurately detecting network attacks and improving target system security resilience.Since statistical rules of normal response data was understood and mastered by deep learning model,the mimic decision results among different executions could remain consistent,indicating that the target system was in a secure state.However,once the target system was subjected to a network attacks,the response data outputted by the different executions was deviated from statistical distribution of deep learning model.Therefore,inconsistent mimic decision results were presented,indicating that the affected execution was under attack and the target system was exposed to potential security threats.The experiments show that the performance of the proposed method is significantly superior to the popular mimic decision methods,and the average prediction accuracy is improved by 14.89%,which is conducive to integrating the method into the mimic transformation of real application to enhance the system’s defensive capability.
作者
杨晓晗
程国振
刘文彦
张帅
郝兵
YANG Xiaohan;CHENG Guozhen;LIU Wenyan;ZHANG Shuai;HAO Bing(Institute of Information Technology,Information Engineering University,Zhengzhou 450002,China;Key Laboratory of Cyberspace Security,Ministry of Education,Zhengzhou 450000,China;Songshan Laboratory,Zhengzhou 450046,China)
出处
《通信学报》
EI
CSCD
北大核心
2024年第2期79-89,共11页
Journal on Communications
基金
河南省重大科技专项基金资助项目(No.221100211200)。
关键词
拟态防御
主动防御
拟态裁决
深度学习
离线训练-在线裁决
mimic defense
active defense
mimic decision
deep learning
offline learning-online decision-making
