CN110417733A - Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model - Google Patents
Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model Download PDFInfo
- Publication number
- CN110417733A CN110417733A CN201910549015.6A CN201910549015A CN110417733A CN 110417733 A CN110417733 A CN 110417733A CN 201910549015 A CN201910549015 A CN 201910549015A CN 110417733 A CN110417733 A CN 110417733A
- Authority
- CN
- China
- Prior art keywords
- attacking
- defending
- qbd
- random
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention belongs to technical field of network security, in particular to a kind of Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model, this method includes: attacking and defending evolutionary process is abstracted as simulated AC curve QBD, it introduces level of learning and noise factor portrays the dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation, construct QBD attacking and defending random evolution betting model;The equilibrium equation of quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;Equilibrium equation is solved, the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out is obtained;According to tactful equilibrium probability distribution, most threatening attack strategies are obtained.The present invention is closer in practical Attack Defence scene, consider that random perturbation influences in attacking and defending evolutionary process, it is proposed the quasi- raw attacking and defending random evolution betting model that goes out, enhance Forecast attack capacity, Attack Prediction accuracy and model validation are promoted, all there is great importance for network security technology development.
Description
Technical field
It is the invention belongs to technical field of network security, in particular to a kind of based on QBD attacking and defending random evolution betting model
Attack Prediction method, apparatus and system.
Background technique
Attacker obtains system of defense implementation attack using various attacks means more valuable in network safety filed
The information resources of value, and the intention that defender is then directed to attacker takes different mean of defenses to protect system of defense,
Prevent information resources from being stolen by attacker.In order to effectively be defendd information system, defender needs in advance to attack
Accurate Prediction is carried out to take a bath to avoid information resources.Attacking and defending both sides are embodied in network-combination yarn antagonistic process
The essential characteristic perfection of target antagonism, tactful interdependence and relationship Non-synergic and game theory agrees with.Therefore, game theory exists
The research and application of network safety filed have become the emphasis and hot spot of each experts and scholars' research in recent years.
Currently, the hypothesis of rational is based in the research achievement of network safety filed in relation to game theory, it is believed that game
Attacking and defending participant grasp the optional strategy of opponent completely and earnings structure by Solving Nash Equilibrium obtains optimal response plan
Slightly.But above-mentioned achievement is there is no real attacking and defending participant's bounded rationality is considered, i.e. the peace that has of attacking and defending participant
Omniscient is known, the gaming information of level of skill and acquisition is limited, and when decision is not always that reasoning is correct, it is also not possible in any feelings
Peak optimization reaction is made in variation under condition according to policy setting, and Utopian rational is assumed with real network ping-pong situation not
Symbol, practical function deviation.As evolutionary game theory is in the research and application of network safety filed, based on bounded rationality
Evolutionary Game thought analytical attack behavior prediction and defence policies are chosen, and network-combination yarn confrontation scene is more met.Evolutionary Game is examined
The characteristics of considering attacking and defending participant bounded rationality, by the continuous study adjustment of strategy, participant gradually grasps policy setting, right
The information such as the income difference that hand information and Different Strategies game generate, final dynamic evolution to stable equilibrium state.Current research
In, from the attacking and defending cost in information security, information security attack-defense confrontation Evolutionary Game Model is established, according to attacking and defending group
The relationship of body replica locating obtains the Evolutionarily Stable Strategy of information security attack-defense confrontation;In conjunction with evolutionary Game and system dynamics
Attacking and defending Evolutionary Game Model is established, is tested in terms of system boundary, validity and parametric sensitivity to model, it was demonstrated that
Model has objectivity, science and practicability;Defence policies are studied from the angle of attacking and defending participant's bounded rationality to choose
Problem, and attacking and defending Evolutionary Game Model is constructed, the method for solving of Evolutionarily Stable Strategy is proposed using replica locating study mechanism
And it analyzes it;The multistage attacking and defending Evolutionary Game Model for establishing Internet of Things carries out income/cost of pursuit-evasion strategy
Quantization, and optimal defence policies are determined using replica locating study mechanism.However, the studies above is based on replica locating study
Mechanism, this is a kind of deterministic natural selection learning model without variation, always determines that selection expected revenus is received than average
The high strategy of benefit.And practical Attack Defence process in attack and is intended to the random perturbations such as uncertain, policy setting variation
Under the influence of, deterministic replica locating mechanism is difficult to accurately estimate and predict attacking and defending dynamic evolution.
Summary of the invention
For this purpose, the present invention provides a kind of Attack Prediction method, apparatus based on QBD attacking and defending random evolution betting model and is
System, more closing to reality Attack Defence scene enhance Forecast attack capacity, promote the accuracy and effectively of Attack Prediction
Property, there is very strong application prospect.
According to design scheme provided by the present invention, a kind of Attack Prediction based on QBD attacking and defending random evolution betting model
Method includes following content:
Attacking and defending evolutionary process is abstracted as simulated AC curve QBD, level of learning is introduced and noise factor portrays random perturbation
The dynamic evolution track of lower attacking and defending participant's policy learning adjustment, constructs QBD attacking and defending random evolution betting model;
The equilibrium equation of quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;
Equilibrium equation is solved, the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out is obtained;According to strategy
Equilibrium probability distribution, obtains most threatening attack strategies.
Above-mentioned, QBD attacking and defending random evolution betting model passes through seven element group representations: QBD-ADSEGM=(Γ, N, S, χ
(t), α, β, U), wherein Γ indicates attacking and defending game group, and N indicates attacking and defending participant quantity, and S indicates that attacking and defending participant strategy is empty
Between, χ (t) indicates that t moment attacking and defending state space, α indicate attacking and defending participant level of learning set, and β indicates attacking and defending participant noise
The factor, U indicate the benefited function set of attacking and defending both sides.
Above-mentioned, attacking and defending participant's level of learning set includes for describing to attacking and defending information Grasping level of attacker
Practise parameter and for describing defender to the learning parameter of attacking and defending information Grasping level;Attacking and defending participant's noise factor, for retouching
The random perturbation in ping-pong process is stated, and sets attacking and defending participant's noise factor greater than 0.
Above-mentioned, according to QBD attacking and defending random evolution betting model, corresponding simulated AC curve is constructed, it is sterilized to obtain quasi- life
The state space of journey, establishes equilibrium equation.
Above-mentioned, it is as follows to establish equilibrium equation process: firstly, the transfer for defining attacker and defender's policy selection is general
Rate;According to transition probability matrix, quasi- raw attacking and defending evolutionary process of going out is constructed, the equilibrium equation of attacking and defending evolutionary process is obtained.
Above-mentioned, in equilibrium state solution procedure, elementary transformation is carried out to equilibrium equation first and is solved, by normally returning item
Part obtains QBD attacking and defending evolutionary process stationary binomial random process, to obtain the stationary binomial random process of attacking and defending random evolution game.
Preferably, according to equilibrium equation Nonlinear Homogeneous equation group property, using Gaussian elimination method to equilibrium equation into
Elementary row operations.
Preferably, during equilibrium equation solves, by the confrontation analysis between analysis game group and mutually study, game is obtained
Information, calculates the income that Different Strategies game generates, and determines transition probability with expected revenus, level of learning and noise factor.
Further, the present invention also provides a kind of Attack Prediction device based on QBD attacking and defending random evolution betting model, packets
Contain: model construction module, establishing equation module and analysis and solution module;Wherein,
Model building module introduces level of learning and noise for attacking and defending evolutionary process to be abstracted as simulated AC curve QBD
The factor portrays the dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation, and building QBD attacking and defending random evolution is rich
Play chess model;
Establishing equation module, for establishing quasi- raw Attack Defence process of going out according to QBD attacking and defending random evolution betting model
Equilibrium equation;
Analysis and solution module, for solving to equilibrium equation, the strategy for obtaining quasi- raw Attack Defence process of going out is steady
Probability distribution;According to tactful stationary binomial random process, most threatening attack strategies are obtained.
Further, the present invention also provides a kind of network safety systems, comprising above-mentioned rich based on QBD attacking and defending random evolution
Play chess the Attack Prediction device of model.
Beneficial effects of the present invention:
Present invention introduces level of learning parameter and noise factor, the attacking and defending participant policy learning tune under random perturbation is portrayed
Whole dynamic evolution track solves quasi- raw attacking and defending evolutionary process of going out by establishing the equilibrium equation of quasi- raw Attack Defence process of going out
Tactful stationary binomial random process provide most threatening attack strategies;For attacking and defending group by random perturbation in gambling process
Influence attacking and defending random evolution game is built based on simulated AC curve by introducing level of learning parameter and noise factor
Mould solves the equilibrium equation of constructed attacking and defending game simulated AC curve, obtains tactful under attacking and defending group limiting case
Stationary binomial random process achieve the effect that Attack Prediction to know most threatening attack strategies;Closer in actually attacking
Anti- confrontation scene considers the influence of random perturbation in attacking and defending evolutionary process, proposes the quasi- raw attacking and defending random evolution betting model that goes out,
Enhance the ability of Forecast attack behavior, and verifies the accuracy of Attack Prediction and the validity of model by emulation experiment, for
Network security technology development all has important directive significance.
Detailed description of the invention:
Fig. 1 is Attack Prediction method flow schematic diagram in embodiment;
Fig. 2 is Attack Prediction schematic device in embodiment;
Fig. 3 is network information experimental system topological diagram in embodiment;
The stationary binomial random process of group is attacked when Fig. 4 is α=0.1 in embodiment;
The stationary binomial random process of group is defendd when Fig. 5 is α=0.1 in embodiment;
Fig. 6 is to use attack strategies A in embodiment under difference α value1Stationary binomial random process;
Defence policies D is used when Fig. 7 is difference α value in embodiment1Stationary binomial random process;
Fig. 8 is the stationary binomial random process that group is attacked when β takes different value in embodiment;
Fig. 9 is the stationary binomial random process that group is defendd when β takes different value in embodiment.
Specific embodiment:
To make the object, technical solutions and advantages of the present invention clearer, understand, with reference to the accompanying drawing with technical solution pair
The present invention is described in further detail.
In attack and it is intended to the random perturbations such as uncertain, policy setting variation for existing practical Attack Defence process
Under the influence of, deterministic replica locating mechanism is difficult to the situation accurately estimated and predict attacking and defending dynamic evolution etc., and the present invention is real
Example is applied, it is shown in Figure 1, a kind of Attack Prediction method based on QBD attacking and defending random evolution betting model is provided, comprising as follows
Content:
S101, attacking and defending evolutionary process is abstracted as to simulated AC curve QBD, introduces level of learning and noise factor is portrayed at random
The dynamic evolution track for disturbing lower attacking and defending participant policy learning adjustment, constructs QBD attacking and defending random evolution betting model;
S102, the equilibrium equation that quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;
S103, equilibrium equation is solved, obtains the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out;Foundation
Tactful equilibrium probability distribution, obtains most threatening attack strategies.
Simulated AC curve is with two-dimensional random variable χ (t)=(χA(t),χD(t)) definition status describes to participate in attacking and defending group
Person portrays state turn by using the number variation (increase, reduce or constant) of strategy using the number of respective a certain strategy
Move past journey.The t+1 times game, attacking and defending participant according between the t times game group confrontation analysis and intragroup mutual
Practise, directly or indirectly obtain gaming information, calculate the income that Different Strategies game generates, with expected revenus, level of learning and
The transition probability that noise factor determines randomly chooses high yield strategy, then is increased using participant's quantity of high yield strategy,
Wherein level of learning describes the letter such as income difference that attacking and defending participant generates policy setting, opponent's information and Different Strategies game
The Grasping level of breath, noise factor portray the random perturbation in ping-pong process.After multiple game, as participant learns
The promotion of habit degree, under the mechanism of policy learning adjustment, until the tactful probability distribution on state space levels off to stabilization,
That is stationary binomial random process is the realization of Nash Equilibrium in group behavior meaning, and over time, attacking and defending participant passes through
Tactful game, study, improvement, the ratio that each strategy is chosen in final group reach stable state, and probability is bigger, explanation
The degree of recognition of Evolutionarily Stable Strategy is higher in group.
Further, in the embodiment of the present invention, QBD attacking and defending random evolution betting model passes through seven element group representations: QBD-
ADSEGM=(Γ, N, S, χ (t), α, β, U), wherein
1) Γ=(attackers, defenders) indicates to participate in the group of game, and attackers indicates attack group,
Defenders indicates defence group;
2) N=(NA,ND) indicate game participant quantity, NAIndicate the quantity of attacker in attack group, NDIndicate anti-
The quantity of defender in imperial group;
3) S=(SA,SD) indicate the policy space of attacking and defending participant, wherein attack strategies collection SA={ A1,A2,…,Am, prevent
Imperial set of strategies SD={ D1,D2,…,Dn, m and n indicate pursuit-evasion strategy quantity, meet m, n ∈ Z and m, n >=2;
4)It indicates the state space that the attacking and defending of t moment is developed, is a two-dimensional random variable, whereinIndicate selection strategy A in attack groupiAttacker's quantity, meetAndIndicate selection strategy D in defence groupjDefender's quantity, meetAndThe scale of state space χ (t) is (NA+1)(ND+1);
5) α=(α1,α2) indicate attacking and defending participant level of learning set, for describe attacking and defending participant to policy setting,
The Grasping level of the information such as the income difference that opponent's information and Different Strategies game generate, wherein α1It is the level of learning of attacker,
α2It is the level of learning of defender, and meets α1∈[0,2],α2∈[0,2];
6) β indicates that the noise factor of attacking and defending participant meets β > 0 for describing the random perturbation in ping-pong process;
7) U=(UA,UD) be attacking and defending both sides' revenue function set, it by attacking and defending both sides strategy codetermine, it is different
It is also different that pursuit-evasion strategy combines income obtained.
When attacker uses strategy Ai, defender is using strategy DjWhen, the tactful income of attacker and defender are used respectively
aijAnd dijIt indicates.Thus, attacker uses strategy A in gameiExpected revenus beWith defender in game
It is middle to use strategy DjExpected revenus
And in attacking and defending participant in the uncertain situation of opponent's gaming information, with tactful ψA(t),ψD(t) it participates in rich
It plays chess, it may be assumed that
Further, it in the embodiment of the present invention, according to QBD attacking and defending random evolution betting model, constructs corresponding quasi- life and goes out
Process obtains the state space of simulated AC curve, establishes equilibrium equation.
According to QBD attacking and defending random evolution betting model, corresponding simulated AC curve is constructed, is denoted asIt can thus be appreciated that the state space of this simulated AC curve are as follows: Θ=(0,0), (0,
1) ... (0, ND);(1,0),(1,1),...(1,ND);...;(NA,0),(NA,1),...(NA,ND)}。
Further, in the embodiment of the present invention, it is as follows to establish equilibrium equation process: firstly, defining attacker and defender
The transition probability of policy selection;According to transition probability matrix, quasi- raw attacking and defending evolutionary process of going out is constructed, attacking and defending is obtained and developed
The equilibrium equation of journey.
Firstly, defining the transition probability of attacker's policy selection
Wherein, A-i=(A1,…,Ai-1,Ai+1,…,Am) indicate the vector that all attack strategies in addition to i form,Indicate AiExcept other strategies expected revenus in most
Big value,Indicate Selection Strategy A-iAttacker will change strategy, then Selection Strategy AiProbability,Indicate choosing
Take tactful AiAttacker change strategy, then Selection Strategy A-iProbability.
Similarly, the transition probability of defender's policy selection
Wherein,Indicate Selection Strategy DjDefender will change strategy, then Selection Strategy D-jProbability,Indicate Selection Strategy D-jDefender will change strategy, then Selection Strategy DjProbability.
Then intend raw attacking and defending evolutionary process of going outTransition probability matrix are as follows:
In above-mentioned matrix,Representing matrix QβSubmatrix on leading diagonal, is denoted as:
As k=0, note:
As 1≤k≤NAWhen -1, note:
Work as k=NAWhen, note:
In addition,It is matrix QβThe submatrix of upper right minor diagonal, is denoted as:
Representing matrix QβThe submatrix of lower-left minor diagonal, is denoted as:
Further, in the embodiment of the present invention, in equilibrium state solution procedure, elementary transformation is carried out to equilibrium equation first
And solve, QBD attacking and defending evolutionary process stationary binomial random process is obtained by normally returning condition, to obtain attacking and defending random evolution game
Equilibrium probability distribution.Preferably, according to the Nonlinear Homogeneous equation group property of equilibrium equation, using Gaussian elimination method to flat
The equation that weighs carries out elementary transformation.Preferably, during equilibrium equation solves, by analyzing confrontation analysis and group between game group
Interior mutual study obtains gaming information, calculates the income that Different Strategies game generates, with expected revenus, level of learning and makes an uproar
The sound factor determines transition probability.
It enablesIndicate the stationary binomial random process of QBD, whereinIt is assumed that QBD process is normally returned, then equilibrium equation P (β) Qβ=0, P (β) e=1, and knowFor convenience of understanding, enableThen equilibrium equation is equivalent to
Constructed equilibrium equation is really a Nonlinear Homogeneous equation group in the embodiment of the present invention, by using being based on
The Guass elimination of matrix in block form carries out elementary transformation to equilibrium equation, QBD equilibrium equation is solved, by the condition normally returned
Know that P (β) is QBD stationary binomial random process, to obtain the long-term stable equilibrium of attacking and defending random evolution game.
Further, the embodiment of the present invention also provides a kind of Attack Prediction based on QBD attacking and defending random evolution betting model
Device, it is shown in Figure 2, include: model construction module 101, establishing equation module 102 and analysis and solution module 103, wherein
Model building module 101, for attacking and defending evolutionary process to be abstracted as simulated AC curve QBD, introduce level of learning and
Noise factor portrays the dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation, and building QBD attacking and defending is drilled at random
Change betting model;
Establishing equation module 102, for establishing quasi- raw Attack Defence process of going out according to QBD attacking and defending random evolution betting model
Equilibrium equation;
Analysis and solution module 103, for solving to equilibrium equation, the strategy for obtaining quasi- raw Attack Defence process of going out is flat
Weigh probability distribution;According to tactful equilibrium probability distribution, most threatening attack strategies are obtained.
Further, the embodiment of the present invention also provides a kind of network safety system, comprising in above-described embodiment based on QBD
The Attack Prediction device of attacking and defending random evolution betting model, for carrying out forecast analysis to the attack in network system.
For the accurate of the validity of QBD random evolution betting model that is proposed in the verifying embodiment of the present invention and Attack Prediction
Property, tested in specific network information system environment, as shown in figure 3, network system environment mainly by outer net attack group,
The domain DMZ and Intranet composition, wherein network safety prevention equipment has firewall, intrusion prevention equipment and Bastion Host, for protecting
The database server of Intranet, prevents data resource to be stolen.System environments is scanned by Nessus, referring to the U.S.
The attacking and defending behavior database of MIT, according to national information Security Vulnerability Database (CNNVD) information, the attacking and defending plan that is used in contrived experiment
Slightly collect, i.e., attack strategies are A1(database monitoring) and A2(Port Scan Attacks), defence policies D1(database upgrade) and
D2(closing idle miniport service).
QBD random evolution betting model based on foundation, it is contemplated that the characteristics of attacking and defending participant's bounded rationality, believe pursuing
Between the risk and investment of breath safety under the premise of equilibrium, make respective maximum revenue, refer to income quantization method as a result,
In conjunction with the characteristics of simulated AC curve, the income that different pursuit-evasion strategy games generate is calculated, the pursuit-evasion strategy income square of table 1 can be obtained
Battle array.
1 pursuit-evasion strategy gain matrix of table
And the quantity for assuming attacker is NA=8, the quantity of defender is ND=10.
Consider to be influenced during Attack Defence by certain random perturbation, it is assumed that noise factor β=0.5.Such
Under simulating scenes, by changing level of learning parameter alphai(i=1,2), the promotion for observing attacking and defending both sides level of learning are pre- to attacking
The influence of survey, that is, work as α1=α2=α=0.1 when 0.5,1.0,2.0, studies the Evolution of attacking and defending both sides game.
Solve the stationary binomial random process of this group of QBD attacking and defending random evolution betting model.It is flat by can be calculated when α=0.1
The P matrix of steady probability distribution are as follows:
If:
Wherein,It indicates to use strategy A in attack group1Attacker's quantity be i, while defending Selection Strategy in group
D1Defender's quantity be j equilibrium probability.It attacks in group after indicating multiple game using strategy A1's
Attacker's quantity is the equilibrium probability of i;It defends in group after indicating multiple game using strategy D1Defence
Person's quantity is the equilibrium probability of j.It can thus be concluded that the tactful stationary binomial random process of attacking and defending group evolutionary Game is as shown in Figures 4 and 5,
Wherein, the stationary binomial random process that group is attacked when Fig. 4 is α=0.1, defends the stationary binomial random process of group when Fig. 5 is α=0.1
The stationary binomial random process of group is attacked in Fig. 4, abscissa indicates the quantity of attacker, i.e. selection strategy A1Or A2
Attacker's quantity, ordinate indicate strategy A1Equilibrium probability.When α=0.1, attacks all attackers in group and select plan
Slightly A1Probability be only 58.79%, that is to say, that 7 attacker's Selection Strategy A1But there is 1 attacker's Selection Strategy A2It is general
Rate is 24.44%, there is 6 attacker's Selection Strategy A1But there are 2 attacker's Selection Strategy A2Probability be 10.07%.Therefore,
Numerical result shows that attack strategies selection produces significant disagreement.Similarly, as shown in Figure 5, all defender's selection strategy D1
Probability be only 65.39%, and wherein have 1 defender's Selection Strategy D2Probability be 22.61%, strategy choose it is obvious not
Unanimously.
It can similarly obtain, as α=α1=α2When=0.1,0.5,1.0,2.0, i.e., attacking and defending group evolutionary Game is in different study journeys
The stationary binomial random process under parameter is spent as a result, being shown in Table 2 and table 3.WhereinIt indicates to select in attack group
Take tactful A1Attacker's quantity be i;Indicate Selection Strategy D in defence group1Defender's number
Amount is j.
Table 2 attacks the stationary binomial random process result of group's evolutionary Game under different level of learning parameters
Table 3 defends the stationary binomial random process result of group's evolutionary Game under different level of learning parameters
It emulates to obtain the attacking and defending group under different level of learning parameters as shown in Figures 6 and 7 by Matlab2016b to develop
Stationary binomial random process figure, can intuitively analyze and two groups of numerical results shown in comparison sheet 2, table 3.
Value according to level of learning α in section [0,2] changes, and chooses and attacks in attacking and defending group it can be seen from Fig. 6 and 7
Hit tactful A1With selection defence policies D1Corresponding stationary binomial random process variation tendency.When α is intended to 2, attack strategies
Selection converges on optimal policy A1, defence policies selection converge on optimal policy D1, i.e., all attackers choose in attack group
Tactful A1Probability be 96.94% (error is less than 5%), and defend all defender's Selection Strategy D in group1Probability be
96.61% (error is less than 5%).
By above-mentioned numerical result it can be concluded that by mutual in the confrontation analysis and the same group between group
Study, collects and analyzes gaming information, has gradually increased attacking and defending participant to opponent's behavior and intention and policy setting
Solution.With the promotion of level of learning α, optimal attack strategies A is chosen1Stabilization is reached, to know attack strategies A1For prediction
The most threatening attack strategies arrived.When α value is smaller, show that attacking and defending participant lacks to payoff and policy setting
Understand, if there is apparent randomness in attacking and defending decision process, the stationary binomial random process of evolutionary Game not necessarily restrains Mr. Yu
One specific strategy.
It is assumed that level of learning is fixed constant α1=α2=0.7, β=0.2,1.2,2.2,5.0, in such simulating scenes
Under, observe the influence that different noise factor β develop to attacking and defending both sides' game.Solve simulated AC curve corresponding to the group model
Stationary binomial random process, can be obtained under different noise factors, the internal nature payoff of attacking and defending group such as table 4,5 institute of table
Show.
Table 4 attacks the stationary binomial random process result of group's evolutionary Game under different noise factors
Table 5 defends the stationary binomial random process result of group's evolutionary Game under different noise factors
Fig. 8 and Fig. 9 can intuitively obtain the internal nature rule of attacking and defending group.As β=0.2, attacker (defender)
Behavior influenced by random perturbation smaller, strategy, which is chosen, has high consistency, i.e. all attackers selection in attack group
Tactful A1Probability be 96.53%, defend all defenders in group to choose D1Probability be 96.15%.However, with β by
It is cumulative big, as β=5.0, influenced by random perturbation obvious, the attacker in group leads to divergence on strategy is chosen.It attacks
It hits all attackers in group and selects A1Probability only have 49.39%, have 1 attacker's selection strategy A2Probability be
25.41%, there are 2 attackers to select A2Probability be 12.96%;Similarly, the data result of group is defendd to also indicate that, β=
When 5.0, all defenders use strategy D1Probability only have 59.51%, and have 1 defender's selection strategy D in group2It is general
Rate is 24.01%, and strategy chooses different cause.
The present invention is influenced in gambling process by random perturbation for attacking and defending group, by introduce level of learning parameter and
Noise factor models attacking and defending random evolution game based on simulated AC curve, using the Gauss elimination to constructed
The equilibrium equation of attacking and defending game simulated AC curve is solved, and equilibrium probability tactful under attacking and defending group limiting case point is obtained
Cloth achievees the effect that Attack Prediction to know most threatening attack strategies.Result of study shows with attacking and defending evolution
It promotes, attacking and defending group gradually deepens the understanding to policy setting and opponent, learn journey by collecting other side's Game Characteristics information
Degree constantly enhances, and without there is apparent disagreement in terms of participant's selection strategy, all participants tend to selection and develop surely
Fixed strategy.But with the enhancing of random perturbation, game playing system being made to tend to be unstable, payoff is mainly disturbed at random
There is obvious disagreement in policy selection in dynamic influence, attacking and defending group.In practical attacking and defending scene, enchancement factor is inevitable,
But the influence for reducing enchancement factor as much as possible, enhances level of learning, for instructing real network Attack Prediction to have directiveness
Meaning.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table
It is not limit the scope of the invention up to formula and numerical value.
Based on above-mentioned method, the embodiment of the present invention also provides a kind of server, comprising: one or more processors;It deposits
Storage device, for storing one or more programs, when one or more of programs are held by one or more of processors
Row, so that one or more of processors realize above-mentioned method.
Based on above-mentioned method, the embodiment of the present invention also provides a kind of computer-readable medium, is stored thereon with computer
Program, wherein the program realizes above-mentioned method when being executed by processor.
The technical effect and preceding method embodiment phase of device provided by the embodiment of the present invention, realization principle and generation
Together, to briefly describe, Installation practice part does not refer to place, can refer to corresponding contents in preceding method embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention
State all or part of the steps of method.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is each
Kind can store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this
Invention is described in detail, those skilled in the art should understand that: any technology people for being familiar with the art
Member in the technical scope disclosed by the present invention, can still modify to technical solution documented by previous embodiment or
Variation or equivalent replacement of some of the technical features can be readily occurred in;And these modifications, variation or replacement, and
So that the essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in the present invention
Protection scope within.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of Attack Prediction method based on QBD attacking and defending random evolution betting model, which is characterized in that include following content:
Attacking and defending evolutionary process is abstracted as simulated AC curve QBD, level of learning is introduced and noise factor is portrayed and attacked under random perturbation
The dynamic evolution track of anti-participant's policy learning adjustment, constructs QBD attacking and defending random evolution betting model;
The equilibrium equation of quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;
Equilibrium equation is solved, the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out is obtained;According to strategy balance
Probability distribution obtains most threatening attack strategies.
2. the Attack Prediction method according to claim 1 based on QBD attacking and defending random evolution betting model, feature exist
In, QBD attacking and defending random evolution betting model passes through seven element group representations: QBD-ADSEGM=(Γ, N, S, χ (t), α, β, U),
In, Γ indicates attacking and defending game group, and N indicates attacking and defending participant quantity, and S indicates attacking and defending participant policy space, when χ (t) indicates t
Attacking and defending state space is carved, α indicates attacking and defending participant level of learning set, and β indicates that attacking and defending participant noise factor, U indicate attacking and defending
Both sides are benefited function set.
3. the Attack Prediction method according to claim 1 or 2 based on QBD attacking and defending random evolution betting model, feature
It is, attacking and defending participant's level of learning set includes for describing attacker to the learning parameter and use of attacking and defending information Grasping level
In description defender to the learning parameter of attacking and defending information Grasping level;Attacking and defending participant's noise factor, for describing ping-pong process
In random perturbation, and set attacking and defending participant's noise factor greater than 0.
4. the Attack Prediction method according to claim 1 based on QBD attacking and defending random evolution betting model, feature exist
In, according to QBD attacking and defending random evolution betting model, corresponding simulated AC curve is constructed, the state space of simulated AC curve is obtained,
Establish equilibrium equation.
5. the Attack Prediction method according to claim 1 or 4 based on QBD attacking and defending random evolution betting model, feature
It is, it is as follows establishes equilibrium equation process: firstly, defines the transition probability of attacker and defender's policy selection;According to transfer
Probability matrix constructs quasi- raw attacking and defending evolutionary process of going out, obtains the equilibrium equation of attacking and defending evolutionary process.
6. the Attack Prediction method according to claim 1 based on QBD attacking and defending random evolution betting model, feature exist
In in equilibrium state solution procedure, elementary transformation and solve to equilibrium equation first, obtaining QBD by normally returning condition attacks
Anti- evolutionary process stationary binomial random process, to obtain the stationary binomial random process of attacking and defending random evolution game.
7. the Attack Prediction method according to claim 6 based on QBD attacking and defending random evolution betting model, feature exist
According to the Nonlinear Homogeneous equation group property of equilibrium equation, using Gaussian elimination method to equilibrium equation progress elementary transformation.
8. the Attack Prediction method according to claim 6 based on QBD attacking and defending random evolution betting model, feature exist
In in equilibrium equation solution, by the confrontation analysis between analysis game group and mutually study, acquisition gaming information is calculated not
With the income that strategy game generates, transition probability is determined with expected revenus, level of learning and noise factor.
9. a kind of Attack Prediction device based on QBD attacking and defending random evolution betting model is, characterized by comprising: model construction
Module, establishing equation module and analysis and solution module, wherein
Model building module introduces level of learning and noise factor for attacking and defending evolutionary process to be abstracted as simulated AC curve QBD
The dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation is portrayed, QBD attacking and defending random evolution game mould is constructed
Type;
Establishing equation module, for establishing the balance of quasi- raw Attack Defence process of going out according to QBD attacking and defending random evolution betting model
Equation;
Analysis and solution module obtains the tactful equilibrium probability of quasi- raw Attack Defence process of going out for solving to equilibrium equation
Distribution;According to tactful stationary binomial random process, most threatening attack strategies are obtained.
10. a kind of network safety system, which is characterized in that be based on QBD attacking and defending random evolution game comprising as claimed in claim 9
The Attack Prediction device of model.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910549015.6A CN110417733B (en) | 2019-06-24 | 2019-06-24 | Attack prediction method, device and system based on QBD attack and defense random evolution game model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910549015.6A CN110417733B (en) | 2019-06-24 | 2019-06-24 | Attack prediction method, device and system based on QBD attack and defense random evolution game model |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110417733A true CN110417733A (en) | 2019-11-05 |
CN110417733B CN110417733B (en) | 2021-09-10 |
Family
ID=68359709
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910549015.6A Active CN110417733B (en) | 2019-06-24 | 2019-06-24 | Attack prediction method, device and system based on QBD attack and defense random evolution game model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110417733B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112261016A (en) * | 2020-10-12 | 2021-01-22 | 国网甘肃省电力公司电力科学研究院 | Power grid protection method in attack scene |
CN112417751A (en) * | 2020-10-28 | 2021-02-26 | 清华大学 | Anti-interference fusion method and device based on graph evolution game theory |
CN112434922A (en) * | 2020-11-13 | 2021-03-02 | 北方工业大学 | Urban power grid system security control method and device based on zero sum game |
CN114024738A (en) * | 2021-11-03 | 2022-02-08 | 哈尔滨理工大学 | Network defense method based on multi-stage attack and defense signals |
CN115277250A (en) * | 2022-09-23 | 2022-11-01 | 中国汽车技术研究中心有限公司 | Vehicle-end attack path identification method, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130318616A1 (en) * | 2012-05-23 | 2013-11-28 | International Business Machines Corporation | Predicting attacks based on probabilistic game-theory |
US9471777B1 (en) * | 2012-02-24 | 2016-10-18 | Emc Corporation | Scheduling of defensive security actions in information processing systems |
CN106446674A (en) * | 2016-07-27 | 2017-02-22 | 长春理工大学 | Attack prediction-based virtual machine monitoring resource allocation method in cloud computing environment |
CN107070956A (en) * | 2017-06-16 | 2017-08-18 | 福建中信网安信息科技有限公司 | APT Attack Prediction methods based on dynamic bayesian game |
-
2019
- 2019-06-24 CN CN201910549015.6A patent/CN110417733B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9471777B1 (en) * | 2012-02-24 | 2016-10-18 | Emc Corporation | Scheduling of defensive security actions in information processing systems |
US20130318616A1 (en) * | 2012-05-23 | 2013-11-28 | International Business Machines Corporation | Predicting attacks based on probabilistic game-theory |
CN106446674A (en) * | 2016-07-27 | 2017-02-22 | 长春理工大学 | Attack prediction-based virtual machine monitoring resource allocation method in cloud computing environment |
CN107070956A (en) * | 2017-06-16 | 2017-08-18 | 福建中信网安信息科技有限公司 | APT Attack Prediction methods based on dynamic bayesian game |
Non-Patent Citations (1)
Title |
---|
刘伟等: "一种入侵防御系统性能分析方法", 《信息网络安全》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112261016A (en) * | 2020-10-12 | 2021-01-22 | 国网甘肃省电力公司电力科学研究院 | Power grid protection method in attack scene |
CN112417751A (en) * | 2020-10-28 | 2021-02-26 | 清华大学 | Anti-interference fusion method and device based on graph evolution game theory |
CN112417751B (en) * | 2020-10-28 | 2024-03-29 | 清华大学 | Anti-interference fusion method and device based on graph evolution game theory |
CN112434922A (en) * | 2020-11-13 | 2021-03-02 | 北方工业大学 | Urban power grid system security control method and device based on zero sum game |
CN112434922B (en) * | 2020-11-13 | 2021-08-24 | 北方工业大学 | Urban power grid system security control method and device based on zero sum game |
CN114024738A (en) * | 2021-11-03 | 2022-02-08 | 哈尔滨理工大学 | Network defense method based on multi-stage attack and defense signals |
CN115277250A (en) * | 2022-09-23 | 2022-11-01 | 中国汽车技术研究中心有限公司 | Vehicle-end attack path identification method, equipment and storage medium |
CN115277250B (en) * | 2022-09-23 | 2023-02-21 | 中国汽车技术研究中心有限公司 | Vehicle-end attack path identification method, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110417733B (en) | 2021-09-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110417733A (en) | Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model | |
CN111966698B (en) | Block chain-based trusted federation learning method, system, device and medium | |
CN108833402B (en) | Network optimal defense strategy selection method and device based on limited theory game theory | |
CN107566387B (en) | Network defense action decision method based on attack and defense evolution game analysis | |
Gianvecchio et al. | Battle of botcraft: fighting bots in online games with human observational proofs | |
CN108512837A (en) | A kind of method and system of the networks security situation assessment based on attacking and defending evolutionary Game | |
CN110191083A (en) | Safety defense method, device and the electronic equipment threatened towards advanced duration | |
CN109525384A (en) | The DPA attack method and system, terminal being fitted using neural network | |
CN109714364A (en) | A kind of network security defence method based on Bayes's improved model | |
CN110460572A (en) | Mobile target defence policies choosing method and equipment based on Markov signaling games | |
Basak et al. | An initial study of targeted personality models in the flipit game | |
CN111064702A (en) | Active defense strategy selection method and device based on bidirectional signal game | |
CN111917765A (en) | Network attack flow generation system based on generation type countermeasure network | |
CN113132398B (en) | Array honeypot system defense strategy prediction method based on Q learning | |
Ehtamo et al. | Modeling evacuees’ exit selection with best response dynamics | |
Zolotarev et al. | Strategies of social engineering attacks on information resources of gamified online education projects | |
Shashkov et al. | Adversarial agent-learning for cybersecurity: a comparison of algorithms | |
Zheng et al. | One4All: Manipulate one agent to poison the cooperative multi-agent reinforcement learning | |
He et al. | Group password strength meter based on attention mechanism | |
Harris et al. | Competitive coevolution for defense and security: Elo-based similar-strength opponent sampling | |
CN114666107A (en) | Advanced persistent threat defense method in mobile fog computing | |
Zhao et al. | Cloud of assets and threats: a playful method to raise awareness for cloud security in industry | |
Ou et al. | Mixed strategy game model against data poisoning attacks | |
Turner et al. | Analyzing multi-agent reinforcement learning and coevolution in cybersecurity | |
Wellman et al. | Empirical game-theoretic methods for adaptive cyber-defense |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |