CN102111384A - Game tree security automatic response method and device adopting same - Google Patents
Game tree security automatic response method and device adopting same Download PDFInfo
- Publication number
- CN102111384A CN102111384A CN2009102442617A CN200910244261A CN102111384A CN 102111384 A CN102111384 A CN 102111384A CN 2009102442617 A CN2009102442617 A CN 2009102442617A CN 200910244261 A CN200910244261 A CN 200910244261A CN 102111384 A CN102111384 A CN 102111384A
- Authority
- CN
- China
- Prior art keywords
- network
- decision
- node
- computer
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a game tree security automatic response method. The method comprises the following steps: network pattern information is collected and transmitted by nodes of a network; the optimal decision is calculated by a decision node through adopting the artificial intelligent game tree method according to the network pattern information; the decision is sent to the nodes of the network for automatic implementation; and the above steps are carried out simultaneously and repeatedly. The invention solves the problem in the prior art that a computer can not be completely independent from human control to make the network security decision independently and achieve automatic response. The invention also discloses a security automatic decision-making and response device.
Description
Technical field
The present invention relates to computer network security technology, particularly the method and the device of a kind of safe automatic decision of computer network and response.
Background technology
Along with the continuous development of information technology with popularize, information security issue is serious day by day.Malicious attack, illegal invasion, viral wooden horse, leakage of information, catastrophic failure or the like constitute a serious threat to computer network system, the strick precaution that is necessary to adopt an effective measure, monitor, handle various security incidents, the normal operation of safeguards system.
Common security response technology comprises: 1, fire compartment wall at present; 2, IDS (intruding detection system, Intrusion Detection System); 3, IPS (intrusion prevention system, Intrusion Prevention System); Malicious code (virus, wooden horse, worm) killing software.Simply be described below:
Prior art one: fire compartment wall
Principle: fire compartment wall is deployed in the border in network security zone, is similar to the outpost of the tax office of safety inspection, and the packet in turnover network security zone is checked that the legal packet of only letting pass does not allow the invalid data bag to pass through.
Shortcoming: the safety filtering of fire compartment wall is limited in one's ability, and the main direction of defence is externally not internal.Had at the fire compartment wall weakness, broken through the attack technology of firewall restriction, for example packet etc. is transmitted by the agency in the cryptographic protocol tunnel.
Prior art two: intruding detection system IDS
Principle: IDS is deployed in the whole network security zone, can the network security situation of deep layer be detected, in case find safety problem alarm automatically immediately.
Shortcoming: function only limits to automatic detection, sends alarm and also will rely on artificial treatment afterwards, and the control that can't be independent of the people is made safety from dynamic response.
Prior art three: intrusion prevention system IPS
Principle: IPS also is deployed in the whole network security zone, the network security situation of deep layer is detected automatically, and can block the network packet of having found safety problem automatically.
Shortcoming: this automatic response technology is primarily aimed at network data transmission, seldom the computer node in the network is controlled automatically.And also only limit to simple stress reaction level from dynamic response, and do not have higher artificial intelligence, can't make automatic judgement and decision-making to the safe condition and the attack attempt of complexity as the people.
Prior art four: malicious code (virus, wooden horse, worm) killing software
Principle: this is the expansion of antivirus software, detects malicious codes such as virus, wooden horse, worm by checking the condition code in the code, and then removes malicious code.
Shortcoming: this technology can only killing known features malicious code, can not play defense reaction to the new attack of the unknown, can't play a part to mend the fold after the sheep is lost for the Web Grafiti that has caused.
Summary of the invention
The invention discloses a kind of game theory security decision that is used for computer network and response method and its device, be totally independent of people's control, independently make the network security decision-making and from the problem of dynamic response in order to the computer that can not allow that solves that prior art exists.
A kind of safe automatic decision of computer network and the method for response comprise:
Collect and transmit network situation information by each node of network;
According to network situation information, calculate best decision by decision node with the game theory method of artificial intelligence;
Each node of network is issued in decision-making to be gone to automatically perform;
The parallel running of said process is carried out repeatedly.
A kind of safe automatic decision of computer network and the device of response comprise:
Supporting layer is made up of true computer cluster, is used to move a virtual machine network of being made up of a plurality of virtual machine nodes;
Operation layer is made up of virtual computer network, is used to bear various calculation tasks, provides computer network due service; Computer node, the network equipment and circuit in this network all are to be simulated out by system's employing software virtual machine of supporting layer, can dynamically change.
Network situation information is collected and transmitted to the embodiment of the invention by each node of network; According to network situation information, calculate best decision by decision node with the game theory method of artificial intelligence; Each node of network is issued in decision-making to be gone to automatically perform; The parallel running of said process, carry out repeatedly, thereby can allow computer be totally independent of people's control, independently make the network security decision-making and from dynamic response, and network line and node all implemented automatic control, when causing Web Grafiti, unknown attack still can play a part to mend the fold after the sheep is lost.
Description of drawings
Fig. 1 is in the embodiment of the invention, the schematic diagram of a part of network situation;
Fig. 2 is in the embodiment of the invention, and the schematic diagram of virtual matrix network is 2 dimension matrixing networks among the figure;
A kind of game theory security decision and responding device schematic diagram that Fig. 3 provides for the embodiment of the invention;
A kind of game theory security decision and response method flow chart that Fig. 4 provides for the embodiment of the invention.
Embodiment
Can not allow computer be totally independent of people's control at prior art, independently make the network security decision-making and from the problem of dynamic response, network situation information is collected and transmitted to the embodiment of the invention by each node of network; According to network situation information, calculate best decision by decision node with the game theory method of artificial intelligence; Each node of network is issued in decision-making to be gone to automatically perform; The parallel running of said process is carried out repeatedly, thereby has been solved the problems referred to above.
As shown in Figure 1, the network situation that the embodiment of the invention provides comprises: state one, and node normally moves, and represents with white point; State two, node is invaded, represents with stain; State three, node are in closes, reduces or just in opening, do not represent with there being point.In addition, network situation also comprises the break-make situation of every route.
Local network situation can be: (A) node is enclosed, and can't communicate by letter with the external world; (B) a large amount of nodes are enclosed, and lose communication and computing capability.
Whole network situation can be: in the matrixing network, a large amount of white points, stain, no point intermesh, and present the state of the mutual game of attacking and defending both sides.
As shown in Figure 2, the virtual matrix network that provides of the embodiment of the invention comprises:
The 2 dimension matrixes that network line constitutes;
Each node in the matrix, promptly the stain among the figure is made up of a virtual machine and a virtual router;
Virtual machine has complete software and hardware system, can bear the various calculation tasks that comprise Web server, database server, application server, decision node, honey jar node;
Virtual router can be born the task of transmission network packet, control route break-make.
As shown in Figure 3, the safe automatic decision of a kind of computer network of providing of the embodiment of the invention and the device of response comprise:
Supporting layer is made up of true computer cluster, is used to move a virtual machine network of being made up of a plurality of virtual machine nodes;
Operation layer is made up of virtual computer network, is used to bear various calculation tasks, provides computer network due service;
Computer node, the network equipment and circuit in this network all are to be simulated out by system's employing software virtual machine of supporting layer, can dynamically change.
As shown in Figure 4, the safe automatic decision and the response method of a kind of computer network of providing of the embodiment of the invention comprise the following steps:
Step 401,402,403: collect and transmit network situation information by each node of network;
Step 404,405: according to network situation information, calculate best decision with the game theory method of artificial intelligence by decision node;
Step 406,407: each node of network is issued in decision-making gone to automatically perform;
Return step 401 from step 407: the parallel running of said process, carry out repeatedly.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential hardware platform, can certainly all implement, but the former is better execution mode under a lot of situation by hardware.Based on such understanding, all or part of can the embodying that technical scheme of the present invention contributes to background technology with the form of software product, this computer software product can be stored in the storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (2)
1. game theory security decision and response method is characterized in that this method comprises:
Collect and transmit network situation information by each node of network;
According to network situation information, calculate best decision by decision node with the game theory method of artificial intelligence;
Each node of network is issued in decision-making to be gone to automatically perform;
The parallel running of said process is carried out repeatedly;
Method by each node collection of network and transmission network situation information specifically comprises as mentioned above:
The state of each node, every route in the network is represented that with a string state encoding coded format is made by oneself;
By node self check and detection mutually, obtain the currency X of state encoding, X is a vector;
X sends decision node to by network the state encoding currency;
As mentioned above by decision node according to network situation information, the method that calculates best decision with the game theory method of artificial intelligence specifically comprises:
Construct an evaluation function f (X), wherein X is the state encoding currency, and the make of f (X) can be made by oneself, and only need meet the demands: f (X) value is big more, and the expression network situation is favourable more to Prevention-Security;
Various operations changing network situation are defined as a S set;
Decision node adopts maximum, the minimum process of existing game theory algorithm according to evaluation function f (X), calculates operation optimum among the operational set S, as current decision-making s;
As mentioned above the method that each node of network goes to automatically perform being issued in decision-making specifically comprises:
Decision node is current decision-making s, sends relevant node to the form of network packet;
Junction associated is carried out the represented operation of s, changes network situation.
2. game theory security decision and responding device is characterized in that, this device comprises:
Supporting layer is made up of true computer cluster, is used to move a virtual machine network of being made up of a plurality of virtual machine nodes;
Operation layer is made up of virtual computer network, is used to bear various calculation tasks, provides computer network due service;
Computer node, the network equipment and circuit in this network all are to be simulated out by system's employing software virtual machine of supporting layer, can dynamically change;
The device of virtual as mentioned above computer network specifically comprises:
The N dimension matrix that network line constitutes, wherein N is the integer more than or equal to 2;
Each node in the matrix is made up of a virtual machine and a virtual router;
Virtual machine has complete software and hardware system, can bear the various calculation tasks that comprise Web server, database server, application server, decision node, honey jar node;
Virtual router can be born the task of transmission network packet, control route break-make.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102442617A CN102111384A (en) | 2009-12-28 | 2009-12-28 | Game tree security automatic response method and device adopting same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102442617A CN102111384A (en) | 2009-12-28 | 2009-12-28 | Game tree security automatic response method and device adopting same |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102111384A true CN102111384A (en) | 2011-06-29 |
Family
ID=44175414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102442617A Pending CN102111384A (en) | 2009-12-28 | 2009-12-28 | Game tree security automatic response method and device adopting same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102111384A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109617863A (en) * | 2018-11-27 | 2019-04-12 | 杭州电子科技大学 | A method of the mobile target based on game theory defends optimal defence policies to choose |
| CN110574091A (en) * | 2017-03-03 | 2019-12-13 | Mbda法国公司 | Method and apparatus for predicting optimal attack and defense solutions in military conflict scenarios |
-
2009
- 2009-12-28 CN CN2009102442617A patent/CN102111384A/en active Pending
Non-Patent Citations (1)
| Title |
|---|
| 付学等: "《一种基于博弈树的自动入侵响应系统》", 《中国科技论文在线》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110574091A (en) * | 2017-03-03 | 2019-12-13 | Mbda法国公司 | Method and apparatus for predicting optimal attack and defense solutions in military conflict scenarios |
| CN109617863A (en) * | 2018-11-27 | 2019-04-12 | 杭州电子科技大学 | A method of the mobile target based on game theory defends optimal defence policies to choose |
| CN109617863B (en) * | 2018-11-27 | 2020-02-18 | 杭州电子科技大学 | Method for selecting optimal defense strategy for moving target defense based on game theory |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Karie et al. | IoT threat detection advances, challenges and future directions | |
| Dilek et al. | Applications of artificial intelligence techniques to combating cyber crimes: A review | |
| Shamshirband et al. | Co-FAIS: cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks | |
| Patil et al. | DoS attack prevention technique in wireless sensor networks | |
| CN103561004B (en) | Cooperating type Active Defending System Against based on honey net | |
| CN102438026B (en) | Industrial control network security protection method and system | |
| Sherazi et al. | DDoS attack detection: A key enabler for sustainable communication in internet of vehicles | |
| CN112073411A (en) | Network security deduction method, device, equipment and storage medium | |
| CN106790186A (en) | Multi-step attack detection method based on multi-source anomalous event association analysis | |
| CN102111420A (en) | Intelligent NIPS framework based on dynamic cloud/fire wall linkage | |
| KR101951208B1 (en) | A firewall system for monitoring network traffic by using firewall agent | |
| CN109587174A (en) | Composite defense method and system for network protection | |
| Chaudhary et al. | Analysis of fuzzy logic based intrusion detection systems in mobile ad hoc networks | |
| CN101364981A (en) | Hybrid intrusion detection method based on Internet protocol version 6 | |
| Meera et al. | Intrusion detection system for the IoT: A comprehensive review | |
| CN112804204B (en) | Intelligent network safety system based on big data analysis | |
| CN102111384A (en) | Game tree security automatic response method and device adopting same | |
| CN111191230A (en) | Fast network attack backtracking mining method based on convolutional neural network and application | |
| Guan et al. | Notice of Retraction: An New Intrusion Prevention Attack System Model Based on Immune Principle | |
| Luo et al. | DDOS Defense Strategy in Software Definition Networks | |
| KR102295948B1 (en) | System and method for security management based artificial intelligence using federated learning | |
| Aluvalu | Intrusion detection system for the IoT: a comprehensive review | |
| Özarpa et al. | Cyber attacks on scada based traffic light control systems in the smart cities | |
| Gandotra et al. | A step towards secure software system using fuzzy logic | |
| Selvamani et al. | An efficacious intellectual framework for host based intrusion detection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100082, building 1, building 32, 612 North Main Street, Haidian District, Beijing, Xizhimen Applicant after: Beijing Safe-Code Technology Co., Ltd. Address before: 100876 No. 34 South College Road, Beijing, Haidian District Applicant before: Beijing Safe-Code Technology Co., Ltd. |
|
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Qin Jiancheng Inventor after: Xu Qin Inventor after: Luo Shoushan Inventor after: Bao Yibing Inventor before: Qin Jiancheng Inventor before: Xin Yang Inventor before: Luo Shoushan Inventor before: Bao Yibing |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: QIN JIANCHENG XIN YANG LUO SHOUSHAN BAO YIBING TO: QIN JIANCHENG XU QIN LUO SHOUSHAN BAO YIBING |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110629 |