CN110417733A - Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model - Google Patents

Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model Download PDF

Info

Publication number
CN110417733A
CN110417733A CN201910549015.6A CN201910549015A CN110417733A CN 110417733 A CN110417733 A CN 110417733A CN 201910549015 A CN201910549015 A CN 201910549015A CN 110417733 A CN110417733 A CN 110417733A
Authority
CN
China
Prior art keywords
attacking
defending
qbd
random
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910549015.6A
Other languages
Chinese (zh)
Other versions
CN110417733B (en
Inventor
谭晶磊
金辉
张红旗
杨英杰
刘小虎
雷程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN201910549015.6A priority Critical patent/CN110417733B/en
Publication of CN110417733A publication Critical patent/CN110417733A/en
Application granted granted Critical
Publication of CN110417733B publication Critical patent/CN110417733B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention belongs to technical field of network security, in particular to a kind of Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model, this method includes: attacking and defending evolutionary process is abstracted as simulated AC curve QBD, it introduces level of learning and noise factor portrays the dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation, construct QBD attacking and defending random evolution betting model;The equilibrium equation of quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;Equilibrium equation is solved, the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out is obtained;According to tactful equilibrium probability distribution, most threatening attack strategies are obtained.The present invention is closer in practical Attack Defence scene, consider that random perturbation influences in attacking and defending evolutionary process, it is proposed the quasi- raw attacking and defending random evolution betting model that goes out, enhance Forecast attack capacity, Attack Prediction accuracy and model validation are promoted, all there is great importance for network security technology development.

Description

Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model
Technical field
It is the invention belongs to technical field of network security, in particular to a kind of based on QBD attacking and defending random evolution betting model Attack Prediction method, apparatus and system.
Background technique
Attacker obtains system of defense implementation attack using various attacks means more valuable in network safety filed The information resources of value, and the intention that defender is then directed to attacker takes different mean of defenses to protect system of defense, Prevent information resources from being stolen by attacker.In order to effectively be defendd information system, defender needs in advance to attack Accurate Prediction is carried out to take a bath to avoid information resources.Attacking and defending both sides are embodied in network-combination yarn antagonistic process The essential characteristic perfection of target antagonism, tactful interdependence and relationship Non-synergic and game theory agrees with.Therefore, game theory exists The research and application of network safety filed have become the emphasis and hot spot of each experts and scholars' research in recent years.
Currently, the hypothesis of rational is based in the research achievement of network safety filed in relation to game theory, it is believed that game Attacking and defending participant grasp the optional strategy of opponent completely and earnings structure by Solving Nash Equilibrium obtains optimal response plan Slightly.But above-mentioned achievement is there is no real attacking and defending participant's bounded rationality is considered, i.e. the peace that has of attacking and defending participant Omniscient is known, the gaming information of level of skill and acquisition is limited, and when decision is not always that reasoning is correct, it is also not possible in any feelings Peak optimization reaction is made in variation under condition according to policy setting, and Utopian rational is assumed with real network ping-pong situation not Symbol, practical function deviation.As evolutionary game theory is in the research and application of network safety filed, based on bounded rationality Evolutionary Game thought analytical attack behavior prediction and defence policies are chosen, and network-combination yarn confrontation scene is more met.Evolutionary Game is examined The characteristics of considering attacking and defending participant bounded rationality, by the continuous study adjustment of strategy, participant gradually grasps policy setting, right The information such as the income difference that hand information and Different Strategies game generate, final dynamic evolution to stable equilibrium state.Current research In, from the attacking and defending cost in information security, information security attack-defense confrontation Evolutionary Game Model is established, according to attacking and defending group The relationship of body replica locating obtains the Evolutionarily Stable Strategy of information security attack-defense confrontation;In conjunction with evolutionary Game and system dynamics Attacking and defending Evolutionary Game Model is established, is tested in terms of system boundary, validity and parametric sensitivity to model, it was demonstrated that Model has objectivity, science and practicability;Defence policies are studied from the angle of attacking and defending participant's bounded rationality to choose Problem, and attacking and defending Evolutionary Game Model is constructed, the method for solving of Evolutionarily Stable Strategy is proposed using replica locating study mechanism And it analyzes it;The multistage attacking and defending Evolutionary Game Model for establishing Internet of Things carries out income/cost of pursuit-evasion strategy Quantization, and optimal defence policies are determined using replica locating study mechanism.However, the studies above is based on replica locating study Mechanism, this is a kind of deterministic natural selection learning model without variation, always determines that selection expected revenus is received than average The high strategy of benefit.And practical Attack Defence process in attack and is intended to the random perturbations such as uncertain, policy setting variation Under the influence of, deterministic replica locating mechanism is difficult to accurately estimate and predict attacking and defending dynamic evolution.
Summary of the invention
For this purpose, the present invention provides a kind of Attack Prediction method, apparatus based on QBD attacking and defending random evolution betting model and is System, more closing to reality Attack Defence scene enhance Forecast attack capacity, promote the accuracy and effectively of Attack Prediction Property, there is very strong application prospect.
According to design scheme provided by the present invention, a kind of Attack Prediction based on QBD attacking and defending random evolution betting model Method includes following content:
Attacking and defending evolutionary process is abstracted as simulated AC curve QBD, level of learning is introduced and noise factor portrays random perturbation The dynamic evolution track of lower attacking and defending participant's policy learning adjustment, constructs QBD attacking and defending random evolution betting model;
The equilibrium equation of quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;
Equilibrium equation is solved, the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out is obtained;According to strategy Equilibrium probability distribution, obtains most threatening attack strategies.
Above-mentioned, QBD attacking and defending random evolution betting model passes through seven element group representations: QBD-ADSEGM=(Γ, N, S, χ (t), α, β, U), wherein Γ indicates attacking and defending game group, and N indicates attacking and defending participant quantity, and S indicates that attacking and defending participant strategy is empty Between, χ (t) indicates that t moment attacking and defending state space, α indicate attacking and defending participant level of learning set, and β indicates attacking and defending participant noise The factor, U indicate the benefited function set of attacking and defending both sides.
Above-mentioned, attacking and defending participant's level of learning set includes for describing to attacking and defending information Grasping level of attacker Practise parameter and for describing defender to the learning parameter of attacking and defending information Grasping level;Attacking and defending participant's noise factor, for retouching The random perturbation in ping-pong process is stated, and sets attacking and defending participant's noise factor greater than 0.
Above-mentioned, according to QBD attacking and defending random evolution betting model, corresponding simulated AC curve is constructed, it is sterilized to obtain quasi- life The state space of journey, establishes equilibrium equation.
Above-mentioned, it is as follows to establish equilibrium equation process: firstly, the transfer for defining attacker and defender's policy selection is general Rate;According to transition probability matrix, quasi- raw attacking and defending evolutionary process of going out is constructed, the equilibrium equation of attacking and defending evolutionary process is obtained.
Above-mentioned, in equilibrium state solution procedure, elementary transformation is carried out to equilibrium equation first and is solved, by normally returning item Part obtains QBD attacking and defending evolutionary process stationary binomial random process, to obtain the stationary binomial random process of attacking and defending random evolution game.
Preferably, according to equilibrium equation Nonlinear Homogeneous equation group property, using Gaussian elimination method to equilibrium equation into Elementary row operations.
Preferably, during equilibrium equation solves, by the confrontation analysis between analysis game group and mutually study, game is obtained Information, calculates the income that Different Strategies game generates, and determines transition probability with expected revenus, level of learning and noise factor.
Further, the present invention also provides a kind of Attack Prediction device based on QBD attacking and defending random evolution betting model, packets Contain: model construction module, establishing equation module and analysis and solution module;Wherein,
Model building module introduces level of learning and noise for attacking and defending evolutionary process to be abstracted as simulated AC curve QBD The factor portrays the dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation, and building QBD attacking and defending random evolution is rich Play chess model;
Establishing equation module, for establishing quasi- raw Attack Defence process of going out according to QBD attacking and defending random evolution betting model Equilibrium equation;
Analysis and solution module, for solving to equilibrium equation, the strategy for obtaining quasi- raw Attack Defence process of going out is steady Probability distribution;According to tactful stationary binomial random process, most threatening attack strategies are obtained.
Further, the present invention also provides a kind of network safety systems, comprising above-mentioned rich based on QBD attacking and defending random evolution Play chess the Attack Prediction device of model.
Beneficial effects of the present invention:
Present invention introduces level of learning parameter and noise factor, the attacking and defending participant policy learning tune under random perturbation is portrayed Whole dynamic evolution track solves quasi- raw attacking and defending evolutionary process of going out by establishing the equilibrium equation of quasi- raw Attack Defence process of going out Tactful stationary binomial random process provide most threatening attack strategies;For attacking and defending group by random perturbation in gambling process Influence attacking and defending random evolution game is built based on simulated AC curve by introducing level of learning parameter and noise factor Mould solves the equilibrium equation of constructed attacking and defending game simulated AC curve, obtains tactful under attacking and defending group limiting case Stationary binomial random process achieve the effect that Attack Prediction to know most threatening attack strategies;Closer in actually attacking Anti- confrontation scene considers the influence of random perturbation in attacking and defending evolutionary process, proposes the quasi- raw attacking and defending random evolution betting model that goes out, Enhance the ability of Forecast attack behavior, and verifies the accuracy of Attack Prediction and the validity of model by emulation experiment, for Network security technology development all has important directive significance.
Detailed description of the invention:
Fig. 1 is Attack Prediction method flow schematic diagram in embodiment;
Fig. 2 is Attack Prediction schematic device in embodiment;
Fig. 3 is network information experimental system topological diagram in embodiment;
The stationary binomial random process of group is attacked when Fig. 4 is α=0.1 in embodiment;
The stationary binomial random process of group is defendd when Fig. 5 is α=0.1 in embodiment;
Fig. 6 is to use attack strategies A in embodiment under difference α value1Stationary binomial random process;
Defence policies D is used when Fig. 7 is difference α value in embodiment1Stationary binomial random process;
Fig. 8 is the stationary binomial random process that group is attacked when β takes different value in embodiment;
Fig. 9 is the stationary binomial random process that group is defendd when β takes different value in embodiment.
Specific embodiment:
To make the object, technical solutions and advantages of the present invention clearer, understand, with reference to the accompanying drawing with technical solution pair The present invention is described in further detail.
In attack and it is intended to the random perturbations such as uncertain, policy setting variation for existing practical Attack Defence process Under the influence of, deterministic replica locating mechanism is difficult to the situation accurately estimated and predict attacking and defending dynamic evolution etc., and the present invention is real Example is applied, it is shown in Figure 1, a kind of Attack Prediction method based on QBD attacking and defending random evolution betting model is provided, comprising as follows Content:
S101, attacking and defending evolutionary process is abstracted as to simulated AC curve QBD, introduces level of learning and noise factor is portrayed at random The dynamic evolution track for disturbing lower attacking and defending participant policy learning adjustment, constructs QBD attacking and defending random evolution betting model;
S102, the equilibrium equation that quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;
S103, equilibrium equation is solved, obtains the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out;Foundation Tactful equilibrium probability distribution, obtains most threatening attack strategies.
Simulated AC curve is with two-dimensional random variable χ (t)=(χA(t),χD(t)) definition status describes to participate in attacking and defending group Person portrays state turn by using the number variation (increase, reduce or constant) of strategy using the number of respective a certain strategy Move past journey.The t+1 times game, attacking and defending participant according between the t times game group confrontation analysis and intragroup mutual Practise, directly or indirectly obtain gaming information, calculate the income that Different Strategies game generates, with expected revenus, level of learning and The transition probability that noise factor determines randomly chooses high yield strategy, then is increased using participant's quantity of high yield strategy, Wherein level of learning describes the letter such as income difference that attacking and defending participant generates policy setting, opponent's information and Different Strategies game The Grasping level of breath, noise factor portray the random perturbation in ping-pong process.After multiple game, as participant learns The promotion of habit degree, under the mechanism of policy learning adjustment, until the tactful probability distribution on state space levels off to stabilization, That is stationary binomial random process is the realization of Nash Equilibrium in group behavior meaning, and over time, attacking and defending participant passes through Tactful game, study, improvement, the ratio that each strategy is chosen in final group reach stable state, and probability is bigger, explanation The degree of recognition of Evolutionarily Stable Strategy is higher in group.
Further, in the embodiment of the present invention, QBD attacking and defending random evolution betting model passes through seven element group representations: QBD- ADSEGM=(Γ, N, S, χ (t), α, β, U), wherein
1) Γ=(attackers, defenders) indicates to participate in the group of game, and attackers indicates attack group, Defenders indicates defence group;
2) N=(NA,ND) indicate game participant quantity, NAIndicate the quantity of attacker in attack group, NDIndicate anti- The quantity of defender in imperial group;
3) S=(SA,SD) indicate the policy space of attacking and defending participant, wherein attack strategies collection SA={ A1,A2,…,Am, prevent Imperial set of strategies SD={ D1,D2,…,Dn, m and n indicate pursuit-evasion strategy quantity, meet m, n ∈ Z and m, n >=2;
4)It indicates the state space that the attacking and defending of t moment is developed, is a two-dimensional random variable, whereinIndicate selection strategy A in attack groupiAttacker's quantity, meetAndIndicate selection strategy D in defence groupjDefender's quantity, meetAndThe scale of state space χ (t) is (NA+1)(ND+1);
5) α=(α12) indicate attacking and defending participant level of learning set, for describe attacking and defending participant to policy setting, The Grasping level of the information such as the income difference that opponent's information and Different Strategies game generate, wherein α1It is the level of learning of attacker, α2It is the level of learning of defender, and meets α1∈[0,2],α2∈[0,2];
6) β indicates that the noise factor of attacking and defending participant meets β > 0 for describing the random perturbation in ping-pong process;
7) U=(UA,UD) be attacking and defending both sides' revenue function set, it by attacking and defending both sides strategy codetermine, it is different It is also different that pursuit-evasion strategy combines income obtained.
When attacker uses strategy Ai, defender is using strategy DjWhen, the tactful income of attacker and defender are used respectively aijAnd dijIt indicates.Thus, attacker uses strategy A in gameiExpected revenus beWith defender in game It is middle to use strategy DjExpected revenus
And in attacking and defending participant in the uncertain situation of opponent's gaming information, with tactful ψA(t),ψD(t) it participates in rich It plays chess, it may be assumed that
Further, it in the embodiment of the present invention, according to QBD attacking and defending random evolution betting model, constructs corresponding quasi- life and goes out Process obtains the state space of simulated AC curve, establishes equilibrium equation.
According to QBD attacking and defending random evolution betting model, corresponding simulated AC curve is constructed, is denoted asIt can thus be appreciated that the state space of this simulated AC curve are as follows: Θ=(0,0), (0, 1) ... (0, ND);(1,0),(1,1),...(1,ND);...;(NA,0),(NA,1),...(NA,ND)}。
Further, in the embodiment of the present invention, it is as follows to establish equilibrium equation process: firstly, defining attacker and defender The transition probability of policy selection;According to transition probability matrix, quasi- raw attacking and defending evolutionary process of going out is constructed, attacking and defending is obtained and developed The equilibrium equation of journey.
Firstly, defining the transition probability of attacker's policy selection
Wherein, A-i=(A1,…,Ai-1,Ai+1,…,Am) indicate the vector that all attack strategies in addition to i form,Indicate AiExcept other strategies expected revenus in most Big value,Indicate Selection Strategy A-iAttacker will change strategy, then Selection Strategy AiProbability,Indicate choosing Take tactful AiAttacker change strategy, then Selection Strategy A-iProbability.
Similarly, the transition probability of defender's policy selection
Wherein,Indicate Selection Strategy DjDefender will change strategy, then Selection Strategy D-jProbability,Indicate Selection Strategy D-jDefender will change strategy, then Selection Strategy DjProbability.
Then intend raw attacking and defending evolutionary process of going outTransition probability matrix are as follows:
In above-mentioned matrix,Representing matrix QβSubmatrix on leading diagonal, is denoted as:
As k=0, note:
As 1≤k≤NAWhen -1, note:
Work as k=NAWhen, note:
In addition,It is matrix QβThe submatrix of upper right minor diagonal, is denoted as:
Representing matrix QβThe submatrix of lower-left minor diagonal, is denoted as:
Further, in the embodiment of the present invention, in equilibrium state solution procedure, elementary transformation is carried out to equilibrium equation first And solve, QBD attacking and defending evolutionary process stationary binomial random process is obtained by normally returning condition, to obtain attacking and defending random evolution game Equilibrium probability distribution.Preferably, according to the Nonlinear Homogeneous equation group property of equilibrium equation, using Gaussian elimination method to flat The equation that weighs carries out elementary transformation.Preferably, during equilibrium equation solves, by analyzing confrontation analysis and group between game group Interior mutual study obtains gaming information, calculates the income that Different Strategies game generates, with expected revenus, level of learning and makes an uproar The sound factor determines transition probability.
It enablesIndicate the stationary binomial random process of QBD, whereinIt is assumed that QBD process is normally returned, then equilibrium equation P (β) Qβ=0, P (β) e=1, and knowFor convenience of understanding, enableThen equilibrium equation is equivalent to
Constructed equilibrium equation is really a Nonlinear Homogeneous equation group in the embodiment of the present invention, by using being based on The Guass elimination of matrix in block form carries out elementary transformation to equilibrium equation, QBD equilibrium equation is solved, by the condition normally returned Know that P (β) is QBD stationary binomial random process, to obtain the long-term stable equilibrium of attacking and defending random evolution game.
Further, the embodiment of the present invention also provides a kind of Attack Prediction based on QBD attacking and defending random evolution betting model Device, it is shown in Figure 2, include: model construction module 101, establishing equation module 102 and analysis and solution module 103, wherein
Model building module 101, for attacking and defending evolutionary process to be abstracted as simulated AC curve QBD, introduce level of learning and Noise factor portrays the dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation, and building QBD attacking and defending is drilled at random Change betting model;
Establishing equation module 102, for establishing quasi- raw Attack Defence process of going out according to QBD attacking and defending random evolution betting model Equilibrium equation;
Analysis and solution module 103, for solving to equilibrium equation, the strategy for obtaining quasi- raw Attack Defence process of going out is flat Weigh probability distribution;According to tactful equilibrium probability distribution, most threatening attack strategies are obtained.
Further, the embodiment of the present invention also provides a kind of network safety system, comprising in above-described embodiment based on QBD The Attack Prediction device of attacking and defending random evolution betting model, for carrying out forecast analysis to the attack in network system.
For the accurate of the validity of QBD random evolution betting model that is proposed in the verifying embodiment of the present invention and Attack Prediction Property, tested in specific network information system environment, as shown in figure 3, network system environment mainly by outer net attack group, The domain DMZ and Intranet composition, wherein network safety prevention equipment has firewall, intrusion prevention equipment and Bastion Host, for protecting The database server of Intranet, prevents data resource to be stolen.System environments is scanned by Nessus, referring to the U.S. The attacking and defending behavior database of MIT, according to national information Security Vulnerability Database (CNNVD) information, the attacking and defending plan that is used in contrived experiment Slightly collect, i.e., attack strategies are A1(database monitoring) and A2(Port Scan Attacks), defence policies D1(database upgrade) and D2(closing idle miniport service).
QBD random evolution betting model based on foundation, it is contemplated that the characteristics of attacking and defending participant's bounded rationality, believe pursuing Between the risk and investment of breath safety under the premise of equilibrium, make respective maximum revenue, refer to income quantization method as a result, In conjunction with the characteristics of simulated AC curve, the income that different pursuit-evasion strategy games generate is calculated, the pursuit-evasion strategy income square of table 1 can be obtained Battle array.
1 pursuit-evasion strategy gain matrix of table
And the quantity for assuming attacker is NA=8, the quantity of defender is ND=10.
Consider to be influenced during Attack Defence by certain random perturbation, it is assumed that noise factor β=0.5.Such Under simulating scenes, by changing level of learning parameter alphai(i=1,2), the promotion for observing attacking and defending both sides level of learning are pre- to attacking The influence of survey, that is, work as α12=α=0.1 when 0.5,1.0,2.0, studies the Evolution of attacking and defending both sides game.
Solve the stationary binomial random process of this group of QBD attacking and defending random evolution betting model.It is flat by can be calculated when α=0.1 The P matrix of steady probability distribution are as follows:
If:
Wherein,It indicates to use strategy A in attack group1Attacker's quantity be i, while defending Selection Strategy in group D1Defender's quantity be j equilibrium probability.It attacks in group after indicating multiple game using strategy A1's Attacker's quantity is the equilibrium probability of i;It defends in group after indicating multiple game using strategy D1Defence Person's quantity is the equilibrium probability of j.It can thus be concluded that the tactful stationary binomial random process of attacking and defending group evolutionary Game is as shown in Figures 4 and 5, Wherein, the stationary binomial random process that group is attacked when Fig. 4 is α=0.1, defends the stationary binomial random process of group when Fig. 5 is α=0.1
The stationary binomial random process of group is attacked in Fig. 4, abscissa indicates the quantity of attacker, i.e. selection strategy A1Or A2 Attacker's quantity, ordinate indicate strategy A1Equilibrium probability.When α=0.1, attacks all attackers in group and select plan Slightly A1Probability be only 58.79%, that is to say, that 7 attacker's Selection Strategy A1But there is 1 attacker's Selection Strategy A2It is general Rate is 24.44%, there is 6 attacker's Selection Strategy A1But there are 2 attacker's Selection Strategy A2Probability be 10.07%.Therefore, Numerical result shows that attack strategies selection produces significant disagreement.Similarly, as shown in Figure 5, all defender's selection strategy D1 Probability be only 65.39%, and wherein have 1 defender's Selection Strategy D2Probability be 22.61%, strategy choose it is obvious not Unanimously.
It can similarly obtain, as α=α12When=0.1,0.5,1.0,2.0, i.e., attacking and defending group evolutionary Game is in different study journeys The stationary binomial random process under parameter is spent as a result, being shown in Table 2 and table 3.WhereinIt indicates to select in attack group Take tactful A1Attacker's quantity be i;Indicate Selection Strategy D in defence group1Defender's number Amount is j.
Table 2 attacks the stationary binomial random process result of group's evolutionary Game under different level of learning parameters
Table 3 defends the stationary binomial random process result of group's evolutionary Game under different level of learning parameters
It emulates to obtain the attacking and defending group under different level of learning parameters as shown in Figures 6 and 7 by Matlab2016b to develop Stationary binomial random process figure, can intuitively analyze and two groups of numerical results shown in comparison sheet 2, table 3.
Value according to level of learning α in section [0,2] changes, and chooses and attacks in attacking and defending group it can be seen from Fig. 6 and 7 Hit tactful A1With selection defence policies D1Corresponding stationary binomial random process variation tendency.When α is intended to 2, attack strategies Selection converges on optimal policy A1, defence policies selection converge on optimal policy D1, i.e., all attackers choose in attack group Tactful A1Probability be 96.94% (error is less than 5%), and defend all defender's Selection Strategy D in group1Probability be 96.61% (error is less than 5%).
By above-mentioned numerical result it can be concluded that by mutual in the confrontation analysis and the same group between group Study, collects and analyzes gaming information, has gradually increased attacking and defending participant to opponent's behavior and intention and policy setting Solution.With the promotion of level of learning α, optimal attack strategies A is chosen1Stabilization is reached, to know attack strategies A1For prediction The most threatening attack strategies arrived.When α value is smaller, show that attacking and defending participant lacks to payoff and policy setting Understand, if there is apparent randomness in attacking and defending decision process, the stationary binomial random process of evolutionary Game not necessarily restrains Mr. Yu One specific strategy.
It is assumed that level of learning is fixed constant α12=0.7, β=0.2,1.2,2.2,5.0, in such simulating scenes Under, observe the influence that different noise factor β develop to attacking and defending both sides' game.Solve simulated AC curve corresponding to the group model Stationary binomial random process, can be obtained under different noise factors, the internal nature payoff of attacking and defending group such as table 4,5 institute of table Show.
Table 4 attacks the stationary binomial random process result of group's evolutionary Game under different noise factors
Table 5 defends the stationary binomial random process result of group's evolutionary Game under different noise factors
Fig. 8 and Fig. 9 can intuitively obtain the internal nature rule of attacking and defending group.As β=0.2, attacker (defender) Behavior influenced by random perturbation smaller, strategy, which is chosen, has high consistency, i.e. all attackers selection in attack group Tactful A1Probability be 96.53%, defend all defenders in group to choose D1Probability be 96.15%.However, with β by It is cumulative big, as β=5.0, influenced by random perturbation obvious, the attacker in group leads to divergence on strategy is chosen.It attacks It hits all attackers in group and selects A1Probability only have 49.39%, have 1 attacker's selection strategy A2Probability be 25.41%, there are 2 attackers to select A2Probability be 12.96%;Similarly, the data result of group is defendd to also indicate that, β= When 5.0, all defenders use strategy D1Probability only have 59.51%, and have 1 defender's selection strategy D in group2It is general Rate is 24.01%, and strategy chooses different cause.
The present invention is influenced in gambling process by random perturbation for attacking and defending group, by introduce level of learning parameter and Noise factor models attacking and defending random evolution game based on simulated AC curve, using the Gauss elimination to constructed The equilibrium equation of attacking and defending game simulated AC curve is solved, and equilibrium probability tactful under attacking and defending group limiting case point is obtained Cloth achievees the effect that Attack Prediction to know most threatening attack strategies.Result of study shows with attacking and defending evolution It promotes, attacking and defending group gradually deepens the understanding to policy setting and opponent, learn journey by collecting other side's Game Characteristics information Degree constantly enhances, and without there is apparent disagreement in terms of participant's selection strategy, all participants tend to selection and develop surely Fixed strategy.But with the enhancing of random perturbation, game playing system being made to tend to be unstable, payoff is mainly disturbed at random There is obvious disagreement in policy selection in dynamic influence, attacking and defending group.In practical attacking and defending scene, enchancement factor is inevitable, But the influence for reducing enchancement factor as much as possible, enhances level of learning, for instructing real network Attack Prediction to have directiveness Meaning.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table It is not limit the scope of the invention up to formula and numerical value.
Based on above-mentioned method, the embodiment of the present invention also provides a kind of server, comprising: one or more processors;It deposits Storage device, for storing one or more programs, when one or more of programs are held by one or more of processors Row, so that one or more of processors realize above-mentioned method.
Based on above-mentioned method, the embodiment of the present invention also provides a kind of computer-readable medium, is stored thereon with computer Program, wherein the program realizes above-mentioned method when being executed by processor.
The technical effect and preceding method embodiment phase of device provided by the embodiment of the present invention, realization principle and generation Together, to briefly describe, Installation practice part does not refer to place, can refer to corresponding contents in preceding method embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention State all or part of the steps of method.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is each Kind can store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this Invention is described in detail, those skilled in the art should understand that: any technology people for being familiar with the art Member in the technical scope disclosed by the present invention, can still modify to technical solution documented by previous embodiment or Variation or equivalent replacement of some of the technical features can be readily occurred in;And these modifications, variation or replacement, and So that the essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in the present invention Protection scope within.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of Attack Prediction method based on QBD attacking and defending random evolution betting model, which is characterized in that include following content:
Attacking and defending evolutionary process is abstracted as simulated AC curve QBD, level of learning is introduced and noise factor is portrayed and attacked under random perturbation The dynamic evolution track of anti-participant's policy learning adjustment, constructs QBD attacking and defending random evolution betting model;
The equilibrium equation of quasi- raw Attack Defence process of going out is established according to QBD attacking and defending random evolution betting model;
Equilibrium equation is solved, the tactful equilibrium probability distribution of quasi- raw Attack Defence process of going out is obtained;According to strategy balance Probability distribution obtains most threatening attack strategies.
2. the Attack Prediction method according to claim 1 based on QBD attacking and defending random evolution betting model, feature exist In, QBD attacking and defending random evolution betting model passes through seven element group representations: QBD-ADSEGM=(Γ, N, S, χ (t), α, β, U), In, Γ indicates attacking and defending game group, and N indicates attacking and defending participant quantity, and S indicates attacking and defending participant policy space, when χ (t) indicates t Attacking and defending state space is carved, α indicates attacking and defending participant level of learning set, and β indicates that attacking and defending participant noise factor, U indicate attacking and defending Both sides are benefited function set.
3. the Attack Prediction method according to claim 1 or 2 based on QBD attacking and defending random evolution betting model, feature It is, attacking and defending participant's level of learning set includes for describing attacker to the learning parameter and use of attacking and defending information Grasping level In description defender to the learning parameter of attacking and defending information Grasping level;Attacking and defending participant's noise factor, for describing ping-pong process In random perturbation, and set attacking and defending participant's noise factor greater than 0.
4. the Attack Prediction method according to claim 1 based on QBD attacking and defending random evolution betting model, feature exist In, according to QBD attacking and defending random evolution betting model, corresponding simulated AC curve is constructed, the state space of simulated AC curve is obtained, Establish equilibrium equation.
5. the Attack Prediction method according to claim 1 or 4 based on QBD attacking and defending random evolution betting model, feature It is, it is as follows establishes equilibrium equation process: firstly, defines the transition probability of attacker and defender's policy selection;According to transfer Probability matrix constructs quasi- raw attacking and defending evolutionary process of going out, obtains the equilibrium equation of attacking and defending evolutionary process.
6. the Attack Prediction method according to claim 1 based on QBD attacking and defending random evolution betting model, feature exist In in equilibrium state solution procedure, elementary transformation and solve to equilibrium equation first, obtaining QBD by normally returning condition attacks Anti- evolutionary process stationary binomial random process, to obtain the stationary binomial random process of attacking and defending random evolution game.
7. the Attack Prediction method according to claim 6 based on QBD attacking and defending random evolution betting model, feature exist According to the Nonlinear Homogeneous equation group property of equilibrium equation, using Gaussian elimination method to equilibrium equation progress elementary transformation.
8. the Attack Prediction method according to claim 6 based on QBD attacking and defending random evolution betting model, feature exist In in equilibrium equation solution, by the confrontation analysis between analysis game group and mutually study, acquisition gaming information is calculated not With the income that strategy game generates, transition probability is determined with expected revenus, level of learning and noise factor.
9. a kind of Attack Prediction device based on QBD attacking and defending random evolution betting model is, characterized by comprising: model construction Module, establishing equation module and analysis and solution module, wherein
Model building module introduces level of learning and noise factor for attacking and defending evolutionary process to be abstracted as simulated AC curve QBD The dynamic evolution track that attacking and defending participant policy learning adjusts under random perturbation is portrayed, QBD attacking and defending random evolution game mould is constructed Type;
Establishing equation module, for establishing the balance of quasi- raw Attack Defence process of going out according to QBD attacking and defending random evolution betting model Equation;
Analysis and solution module obtains the tactful equilibrium probability of quasi- raw Attack Defence process of going out for solving to equilibrium equation Distribution;According to tactful stationary binomial random process, most threatening attack strategies are obtained.
10. a kind of network safety system, which is characterized in that be based on QBD attacking and defending random evolution game comprising as claimed in claim 9 The Attack Prediction device of model.
CN201910549015.6A 2019-06-24 2019-06-24 Attack prediction method, device and system based on QBD attack and defense random evolution game model Active CN110417733B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910549015.6A CN110417733B (en) 2019-06-24 2019-06-24 Attack prediction method, device and system based on QBD attack and defense random evolution game model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910549015.6A CN110417733B (en) 2019-06-24 2019-06-24 Attack prediction method, device and system based on QBD attack and defense random evolution game model

Publications (2)

Publication Number Publication Date
CN110417733A true CN110417733A (en) 2019-11-05
CN110417733B CN110417733B (en) 2021-09-10

Family

ID=68359709

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910549015.6A Active CN110417733B (en) 2019-06-24 2019-06-24 Attack prediction method, device and system based on QBD attack and defense random evolution game model

Country Status (1)

Country Link
CN (1) CN110417733B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261016A (en) * 2020-10-12 2021-01-22 国网甘肃省电力公司电力科学研究院 Power grid protection method in attack scene
CN112417751A (en) * 2020-10-28 2021-02-26 清华大学 Anti-interference fusion method and device based on graph evolution game theory
CN112434922A (en) * 2020-11-13 2021-03-02 北方工业大学 Urban power grid system security control method and device based on zero sum game
CN114024738A (en) * 2021-11-03 2022-02-08 哈尔滨理工大学 Network defense method based on multi-stage attack and defense signals
CN115277250A (en) * 2022-09-23 2022-11-01 中国汽车技术研究中心有限公司 Vehicle-end attack path identification method, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130318616A1 (en) * 2012-05-23 2013-11-28 International Business Machines Corporation Predicting attacks based on probabilistic game-theory
US9471777B1 (en) * 2012-02-24 2016-10-18 Emc Corporation Scheduling of defensive security actions in information processing systems
CN106446674A (en) * 2016-07-27 2017-02-22 长春理工大学 Attack prediction-based virtual machine monitoring resource allocation method in cloud computing environment
CN107070956A (en) * 2017-06-16 2017-08-18 福建中信网安信息科技有限公司 APT Attack Prediction methods based on dynamic bayesian game

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9471777B1 (en) * 2012-02-24 2016-10-18 Emc Corporation Scheduling of defensive security actions in information processing systems
US20130318616A1 (en) * 2012-05-23 2013-11-28 International Business Machines Corporation Predicting attacks based on probabilistic game-theory
CN106446674A (en) * 2016-07-27 2017-02-22 长春理工大学 Attack prediction-based virtual machine monitoring resource allocation method in cloud computing environment
CN107070956A (en) * 2017-06-16 2017-08-18 福建中信网安信息科技有限公司 APT Attack Prediction methods based on dynamic bayesian game

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘伟等: "一种入侵防御系统性能分析方法", 《信息网络安全》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261016A (en) * 2020-10-12 2021-01-22 国网甘肃省电力公司电力科学研究院 Power grid protection method in attack scene
CN112417751A (en) * 2020-10-28 2021-02-26 清华大学 Anti-interference fusion method and device based on graph evolution game theory
CN112417751B (en) * 2020-10-28 2024-03-29 清华大学 Anti-interference fusion method and device based on graph evolution game theory
CN112434922A (en) * 2020-11-13 2021-03-02 北方工业大学 Urban power grid system security control method and device based on zero sum game
CN112434922B (en) * 2020-11-13 2021-08-24 北方工业大学 Urban power grid system security control method and device based on zero sum game
CN114024738A (en) * 2021-11-03 2022-02-08 哈尔滨理工大学 Network defense method based on multi-stage attack and defense signals
CN115277250A (en) * 2022-09-23 2022-11-01 中国汽车技术研究中心有限公司 Vehicle-end attack path identification method, equipment and storage medium
CN115277250B (en) * 2022-09-23 2023-02-21 中国汽车技术研究中心有限公司 Vehicle-end attack path identification method, equipment and storage medium

Also Published As

Publication number Publication date
CN110417733B (en) 2021-09-10

Similar Documents

Publication Publication Date Title
CN110417733A (en) Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model
CN111966698B (en) Block chain-based trusted federation learning method, system, device and medium
CN108833402B (en) Network optimal defense strategy selection method and device based on limited theory game theory
CN107566387B (en) Network defense action decision method based on attack and defense evolution game analysis
Gianvecchio et al. Battle of botcraft: fighting bots in online games with human observational proofs
CN108512837A (en) A kind of method and system of the networks security situation assessment based on attacking and defending evolutionary Game
CN110191083A (en) Safety defense method, device and the electronic equipment threatened towards advanced duration
CN109525384A (en) The DPA attack method and system, terminal being fitted using neural network
CN109714364A (en) A kind of network security defence method based on Bayes's improved model
CN110460572A (en) Mobile target defence policies choosing method and equipment based on Markov signaling games
Basak et al. An initial study of targeted personality models in the flipit game
CN111064702A (en) Active defense strategy selection method and device based on bidirectional signal game
CN111917765A (en) Network attack flow generation system based on generation type countermeasure network
CN113132398B (en) Array honeypot system defense strategy prediction method based on Q learning
Ehtamo et al. Modeling evacuees’ exit selection with best response dynamics
Zolotarev et al. Strategies of social engineering attacks on information resources of gamified online education projects
Shashkov et al. Adversarial agent-learning for cybersecurity: a comparison of algorithms
Zheng et al. One4All: Manipulate one agent to poison the cooperative multi-agent reinforcement learning
He et al. Group password strength meter based on attention mechanism
Harris et al. Competitive coevolution for defense and security: Elo-based similar-strength opponent sampling
CN114666107A (en) Advanced persistent threat defense method in mobile fog computing
Zhao et al. Cloud of assets and threats: a playful method to raise awareness for cloud security in industry
Ou et al. Mixed strategy game model against data poisoning attacks
Turner et al. Analyzing multi-agent reinforcement learning and coevolution in cybersecurity
Wellman et al. Empirical game-theoretic methods for adaptive cyber-defense

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant