CN116346455A - Intelligent active defense technology based on credibility feedback - Google Patents
Intelligent active defense technology based on credibility feedback Download PDFInfo
- Publication number
- CN116346455A CN116346455A CN202310292088.8A CN202310292088A CN116346455A CN 116346455 A CN116346455 A CN 116346455A CN 202310292088 A CN202310292088 A CN 202310292088A CN 116346455 A CN116346455 A CN 116346455A
- Authority
- CN
- China
- Prior art keywords
- credibility
- execution
- active defense
- technology based
- defense technology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 30
- 238000005516 engineering process Methods 0.000 title claims abstract description 29
- 230000007246 mechanism Effects 0.000 claims abstract description 11
- 238000004140 cleaning Methods 0.000 claims description 21
- 238000000034 method Methods 0.000 claims description 21
- 238000011156 evaluation Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000010187 selection method Methods 0.000 claims description 2
- 230000000694 effects Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 241001494479 Pecora Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 208000010125 myocardial infarction Diseases 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the field of network active defense, in particular to an intelligent active defense technology based on credibility feedback. With the development of new generation information technologies such as cloud computing and the Internet of things, uncertainty threats such as unknown vulnerabilities and backdoors exist in network space at any time, so that malicious attackers can violate privacy rights of individuals and even the public by using a small amount of resources or cost, and the asymmetric situation that the network space is easy to attack and difficult to defend is caused. Aiming at the asymmetric situation that the network space is easy to attack and difficult to defend, the invention provides an intelligent active defense technology based on credibility feedback, which does not pursue a precisely known vulnerability backdoor all the time, adopts a novel dynamic fault-tolerant network space active defense technology, changes an attack surface by creating and deploying diversified mechanisms and strategies, increases the complexity and the isomerism of the system, and improves the attack cost and the attack difficulty of an attacker.
Description
Technical Field
The invention relates to the field of network active defense, in particular to an intelligent active defense technology based on credibility feedback.
Background
With the development of new generation information technologies such as cloud computing and the Internet of things, the digital information society has entered the ages of Internet plus and Internet of everything. On the other hand, the network space is always provided with unknown loopholes, backdoors and other uncertainty threats, so that malicious attackers can infringe private rights of individuals and even the public by using a small amount of resources or cost, and the asymmetric situation that the network space is easy to attack and difficult to defend is caused. The existing network security technology mainly prevents various network threats frequently occurring in a network through a strategy of post-event sheep complement, and the reliability of the network security technology depends on the accurate acquisition of priori knowledge such as attack means, behavior characteristics and the like. However, unknown attacks cannot be accurately perceived, and the backdoor cannot be exhausted for all software and hardware vulnerabilities, so that the existing defense technology has been developed for years, but the current network security forms an unequal situation of easy and difficult attack due to the static characteristics of the network system and the unknowns and the persistence of security threats. For example, various security events such as "prism gate" event, heart attack, wanna cry lux virus, etc. exploded in recent years also indirectly expose serious shortages of the existing network defense system, and the stationarity and isomorphism of the network system composition enable an attacker to attack a certain vulnerability, and after a certain system attack is successful, other system attacks can be performed by similar means.
Therefore, aiming at the asymmetric situation that the network space is easy to attack and difficult to defend, the invention provides an intelligent active defense technology based on credibility feedback, which does not pursue a precisely known vulnerability backdoor all the time, adopts a novel dynamic fault-tolerant network space active defense technology, changes an attack surface by creating and deploying diversified mechanisms and strategies, increases the complexity and the isomerism of the system, and improves the attack cost and the attack difficulty of an attacker.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides an intelligent active defense technology based on credibility feedback.
The intelligent active defense technology comprises the following steps:
s1, extracting an input request of a tuner, and formulating a distribution executive body set;
s2, performing a request in parallel by the online isomer, and sending a result to a user and credibility feedback module by a voting module;
s3, formulating a credibility evaluation mechanism of the executive body according to the voting result and the time sequence information of the voter;
s4, formulating an update mechanism of the credibility of the executive body;
s5, calculating the differential weight of the heterogeneous execution bodies in a layered manner by utilizing the structure of the server storage server;
s6, performing off-body line cleaning;
s7, selecting the optimal execution body online operation according to the reputation and the difference of the washed execution bodies;
further, the method for making and distributing the execution body set in S1 includes:
the user sends an input request to the tuner, the tuner executes on-line, and the input request is copied into k parts by using a copy strategy and distributed to k execution body sets with different functional equivalent structures.
Further, the method for parallel execution and feedback of credibility of the request in S2 includes:
and each online heterogeneous executable performs parallel execution, and returns the processing result to the voting module. The voting module of the tuner processes according to the response of each server and sends the result to the user and the credibility feedback module.
Further, the method for making the credibility evaluation mechanism of the executive in S3 includes:
the heterogeneous executable set is represented by set E, denoted as e= { E 1 ,E 2 ,…,E n A represents the set of executors selected by the selector through a dynamic selection algorithm, a= { a 1 ,A 2 ,…,A m Computing executive a j J=1, …, m. Updating the reputation index is only possible if an isomer is selected as the executable, where r is used j (t) to represent the execution volume A at time t j The specific calculation mode is as follows:
wherein γ (t) represents time tVoting results of the voter. T (T) j (t) shows isomer E until time t j A set of moments selected as an executable. y is j (t) represents the execution body A at time t j Output result of eta y The maximum difference between the processing result of the executing body allowed by the selector and the voting result of the voter is designated in advance by the system depending on the type and complexity of the data processed by the system when the executing body is not attacked.
Further, the updating execution body credibility method in S4 includes:
and updating the credibility of the execution bodies according to the following rule, wherein when the execution bodies are not selected at the time t, the credibility is still consistent with the time t-1. And the selected execution body set s (t), the following operation is required.
Wherein t=1, 2. r is (r) i (0) Representing the initial reputation of the executive i. The delta (x) function is defined as
With r (t) = [ r 1 (t),r 2 (t),...,r n (t)]And (3) representing the credibility of all isomers in the heterogeneous component set at the time t, and R (t) epsilon R.
When the difference between the processing result of the executing body at the moment t and the voting result of the voter exceeds eta y When, i.e., |gamma (t) -y j (t)|>η y And considering that the execution body j is attacked at the moment t, according to the formula, the credibility of the execution body j is reduced, and the tuner can drop the execution body j into a line and clean the execution body j and then reselect the execution body set. Conversely, |γ (t) -y j (t)|≤η y The reputation of the executive j may be increased or unchanged when executing. Normally, |γ (t) -y j (t) | derives from channel noise or errors in the data itself.
Further, the method for calculating the differential weight of the heterogeneous executable in S5 includes:
hierarchical computation of heterogeneous executable E using a server storage server architecture j Is used to determine the differential weight of the model. The threat degree of the loopholes is quantized, so that the difference between different software is measured. And then the loopholes of the software stack layer are processed by the same method, and finally the difference among isomers is quantified in a weight mode. In omega ij The difference between isomer i and isomer j is shown below.
Matrix C represents the executable software stack C i To c j Differences of layers, c 0 A weighting coefficient representing the variability of the layers of the software stack.
Further, the performing the offline cleaning method in S6 includes:
the method comprises the following four steps of selecting an execution body which is judged to be offline, and selecting the execution body with highest credibility and diversity weight as a system output, so that offline cleaning of the execution body is realized: 1) Traversing the current credibility and the differential weight of all online executors, selecting the executors with the credibility and the differential weight and less than or equal to beta as alternative cleaning objects, and setting the beta according to historical experience; 2) If the confidence coefficient of a plurality of executors is less than or equal to beta, selecting the executor with the smallest credibility, the smallest difference weight and the smallest executor as a cleaning object; 3) If the sum of the credibility and the difference weight of a plurality of execution bodies is equal and less than or equal to beta, selecting the execution bodies with smaller credibility as cleaning objects; 4) If the sum of the credibility and the difference weight of a plurality of execution bodies is equal and less than or equal to beta, the credibility is the same, and one of the execution bodies is randomly selected as the cleaning object.
Further, the on-body execution on-line operation selection method in S7 includes:
after the timer is updated, selecting the credit degree and the difference weight in the heterogeneous execution body set and the largest execution body to run on line, and simultaneously setting the credit degree of the execution body to be cleaned off line to be a random number between 0 and 1 for initialization.
Aiming at the asymmetric situation that the network space is easy to attack and difficult to defend, the patent provides an intelligent active defense technology based on credibility feedback, does not pursue a precisely known vulnerability backdoor all the time, adopts a novel dynamic fault-tolerant network space active defense technology, changes an attack surface by creating and deploying diversified mechanisms and strategies, increases the complexity and the isomerism of a system to improve the attack cost and the attack difficulty of an attacker
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions and advantages of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a workflow diagram of intelligent active defense in an embodiment of the present invention;
Detailed Description
In order to further describe the technical means and effects adopted by the present invention to achieve the preset purpose, the following detailed description refers to specific embodiments, structures, features and effects of an attack scene detection method based on a graph convolution neural network according to the present invention with reference to the accompanying drawings and preferred embodiments. In the following description, different "one embodiment" or "another embodiment" means that the embodiments are not necessarily the same. Furthermore, the particular features, structures, or characteristics of one or more embodiments may be combined in any suitable manner.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The following specifically describes a specific scheme of the intelligent active defense technology based on credibility feedback provided by the invention with reference to the accompanying drawings.
Aiming at the asymmetric situation that the network space is easy to attack and difficult to defend, the intelligent active defense technology based on the reputation feedback is provided, the precisely known vulnerability backdoor is not pursued all the time, the novel network space active defense technology of dynamic fault tolerance is adopted, the attack surface is changed by creating and deploying diversified mechanisms and strategies, and the complexity and the isomerism of the system are increased to improve the attack cost and the attack difficulty of an attacker.
Referring to fig. 1, a flowchart illustrating a step of an intelligent active defense technique based on credibility feedback according to an embodiment of the present invention is shown, and the method includes the following steps:
s1, a user sends an input request to a tuner, the tuner executes on-line, the input request is copied into k parts by using a copying strategy and distributed to k execution body sets with different functional equivalent structures;
s2, executing all online heterogeneous executors in parallel, and returning the processing result to the voting module. The voting module of the tuner processes according to the response of each server and sends the result to the user and the credibility feedback module;
s3, using a set E to represent a heterogeneous execution body set, wherein the heterogeneous execution body set is expressed as E= { E 1 ,E 2 ,…,E n A represents the set of executors selected by the selector through a dynamic selection algorithm, a= { a 1 ,A 2 ,…,A m Computing executive a j J=1, …, m. Updating the reputation index is only possible if an isomer is selected as the executable, where r is used j (t) to represent the execution volume A at time t j The specific calculation mode is as follows:
wherein, gamma (t) represents the voting result of the voter at the time t. T (T) j (t) shows isomer E until time t j A set of moments selected as an executable. y is j (t) represents the execution body A at time t j Output result of eta y Indicating that the executable is not attacked, the processing result and the processing result of the executable allowed by the tunerThe maximum difference between the voter voting results is specified by the system in advance, depending on the type and complexity of the data processed by the system.
And S4, updating the creditworthiness of the execution body according to the following rule, and when the execution body is not selected at the time t, the creditworthiness is still consistent with the time t-1. And the selected execution body set s (t), the following operation is required.
Wherein t=1, 2. r is (r) i (0) Representing the initial reputation of the executive i. The delta (x) function is defined as
With r (t) = [ r 1 (t),r 2 (t),...,r n (t)]And (3) representing the credibility of all isomers in the heterogeneous component set at the time t, and R (t) epsilon R.
When the difference between the processing result of the executing body at the moment t and the voting result of the voter exceeds eta y When, i.e., |gamma (t) -y j (t)|>η y The executing body j is considered to be attacked at the moment y, the credibility of the executing body j is reduced according to the formula, the tuner can drop the executing body j into line and clean, and then the executing body set is reselected. Conversely, |γ (t) -y j (t)|≤η y The reputation of the executive j may be increased or unchanged when executing. Normally, |γ (t) -y j (t) | derives from channel noise or errors in the data itself.
S5, calculating heterogeneous execution body E by utilizing structure layering of server storage server j Is used to determine the differential weight of the model. The threat degree of the loopholes is quantized, so that the difference between different software is measured. And then the loopholes of the software stack layer are processed by the same method, and finally the difference among isomers is quantified in a weight mode. In omega ij The difference between isomer i and isomer j is shown below.
Matrix C represents the executable software stack C i To c j Differences of layers, c 0 A weighting coefficient representing the variability of the layers of the software stack.
S6, selecting an execution body which is judged to be offline and is highest in credibility and diversity weight as a system output, and implementing the offline cleaning of the execution body by the following four steps: 1) Traversing the current credibility and the differential weight of all online executors, selecting the executors with the credibility and the differential weight and less than or equal to beta as alternative cleaning objects, and setting the beta according to historical experience; 2) If the confidence coefficient of a plurality of executors is less than or equal to beta, selecting the executor with the smallest credibility, the smallest difference weight and the smallest executor as a cleaning object; 3) If the sum of the credibility and the difference weight of a plurality of execution bodies is equal and less than or equal to beta, selecting the execution bodies with smaller credibility as cleaning objects; 4) If the sum of the credibility and the difference weight of a plurality of execution bodies is equal and less than or equal to beta, the credibility is the same, and one of the execution bodies is randomly selected as the cleaning object.
And S7, after the timer is updated, selecting the credibility and the differential weight in the heterogeneous execution body set and the largest execution body online operation, and simultaneously setting the credibility of the execution body for offline cleaning to be a random number between 0 and 1 for initialization.
And (3) verifying application effects: based on vulnerability analysis of 11 operating systems by the national vulnerability database, the number of common mode vulnerabilities from among operating systems of the same family is large, while the number of common mode vulnerabilities from among operating systems of different families is small. The experimental platform is based on MATLAB2020b, an executable selection module selects 5 execution bodies from 10 isomers to form an executable set, the execution bodies are set to execute the same task, the transmission level and the module level safety among the heterogeneous execution bodies are the same as the performance, and the initial credibility of all the execution bodies is set to be 0.5. The average cleaning probability and average availability probability of the system under different attack intensities are shown in the table below.
TABLE 1 average cleaning probability and availability probability for System Security at different attack intensities
| Intensity of attack | Average cleaning probability | Average probability of availability |
| High attack strength | 1.95% | 98.75% |
| Intensity of attack in | 0.89% | 98.96% |
| Low attack strength | 0.65% | 99.2% |
The average cleaning probability is obtained by dividing the number of times of cleaning offline of an executive body by the total iteration number, and the average available probability is the specific gravity of all states of the system in a normal state and a differential mode attack state of a positionable fault executive body. It can be seen that under a high-intensity attack, the average availability probability of the system can still reach 98.75% even though the system has only limited 5 available executors; whereas under low intensity attacks, the probability of system availability is as high as 99.2%. The result shows that the intelligent active defense technology based on credibility feedback can provide an efficient solution for the mimicry system construction under the condition of limited heterogeneous resources.
Claims (8)
1. The intelligent active defense technology based on credibility feedback is characterized by comprising the following steps:
s1, extracting an input request of a tuner, and formulating a distribution executive body set;
s2, performing a request in parallel by the online isomer, and sending a result to a user and credibility feedback module by a voting module;
s3, formulating a credibility evaluation mechanism of the executive body according to the voting result and the time sequence information of the voter;
s4, formulating an update mechanism of the credibility of the executive body;
s5, calculating the differential weight of the heterogeneous execution bodies in a layered manner by utilizing the structure of the server storage server;
s6, performing off-body line cleaning;
and S7, selecting the optimal execution body online operation according to the credibility and the difference of the washed execution bodies.
2. The intelligent active defense technology based on reputation feedback of claim 1, wherein the method for formulating and distributing the execution volume set as described in S1 comprises:
the user sends an input request to the tuner, the tuner executes on-line, and the input request is copied into k parts by using a copy strategy and distributed to k execution body sets with different functional equivalent structures.
3. The intelligent active defense technology based on reputation feedback according to claim 1, wherein the request parallel execution and reputation feedback method in S2 comprises:
and each online heterogeneous executable performs parallel execution, and returns the processing result to the voting module. The voting module of the tuner processes according to the response of each server and sends the result to the user and the credibility feedback module.
4. The intelligent active defense technology based on reputation feedback according to claim 1, wherein the method for formulating the reputation evaluation mechanism of the executive in S3 comprises:
and formulating a credibility evaluation mechanism of the execution body according to the voting result and the time sequence information of the voter.
5. The intelligent active defense technology based on reputation feedback of claim 1, wherein the updating executive reputation method of S4 comprises:
and setting an updating rule for the credibility of the executive body according to the customized threshold value.
6. The intelligent active defense technology based on reputation feedback according to claim 1, wherein the method for calculating the differential weight of the heterogeneous execution body in S5 comprises:
the server is used for storing the differential weight of the heterogeneous executable by the structural hierarchy of the server. The threat degree of the loopholes is quantized, so that the difference between different software is measured. And then the loopholes of the software stack layer are processed by the same method, and finally the difference among isomers is quantified in a weight mode.
7. The intelligent active defense technology based on reputation feedback according to claim 1, wherein the performing offline cleaning method of S6 comprises:
and selecting an executive body which is judged to be offline and has the highest credibility and differential weight as system output, and realizing offline cleaning of the executive body.
8. The intelligent active defense technology based on reputation feedback according to claim 1, wherein the execution on-line operation selection method of S7 comprises:
after the timer is updated, selecting the credit degree and the difference weight in the heterogeneous execution body set and the largest execution body to run on line, and simultaneously setting the credit degree of the execution body to be cleaned off line to be a random number between 0 and 1 for initialization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310292088.8A CN116346455A (en) | 2023-03-23 | 2023-03-23 | Intelligent active defense technology based on credibility feedback |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310292088.8A CN116346455A (en) | 2023-03-23 | 2023-03-23 | Intelligent active defense technology based on credibility feedback |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116346455A true CN116346455A (en) | 2023-06-27 |
Family
ID=86883481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310292088.8A Pending CN116346455A (en) | 2023-03-23 | 2023-03-23 | Intelligent active defense technology based on credibility feedback |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116346455A (en) |
-
2023
- 2023-03-23 CN CN202310292088.8A patent/CN116346455A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020093201A1 (en) | Security modeling quantisation method for cyberspace mimic defence based on gspn and martingale theory | |
| US7996353B2 (en) | Policy-based management system with automatic policy selection and creation capabilities by using singular value decomposition technique | |
| CN110673951B (en) | Mimicry scheduling method, system and medium for general operation environment | |
| CN112434758A (en) | Cluster-based federal learning casual vehicle attack defense method | |
| CN107277065B (en) | Resource scheduling method for detecting advanced persistent threat based on reinforcement learning | |
| CN112822206A (en) | Network cooperative attack behavior prediction method and device and electronic equipment | |
| CN111881439B (en) | Recognition model design method based on antagonism regularization | |
| Leau et al. | A novel adaptive grey verhulst model for network security situation prediction | |
| CN111314337B (en) | Mimicry scheduling method based on credibility and credibility coefficient | |
| CN114863226A (en) | Network physical system intrusion detection method | |
| CN114491541A (en) | Safe operation script automatic arrangement method based on knowledge graph path analysis | |
| CN112073412A (en) | Anti-crawler method, device, processor and computer readable medium | |
| Zhao et al. | An ANN based sequential detection method for balancing performance indicators of IDS | |
| Anderson et al. | Parameterizing moving target defenses | |
| CN114936083A (en) | Method and device for efficient scheduling of mimicry web executive based on micro-service | |
| Naseri et al. | Cerberus: exploring federated prediction of security events | |
| CN113132398B (en) | Array honeypot system defense strategy prediction method based on Q learning | |
| US20240143436A1 (en) | Techniques to provide self-healing data pipelines in a cloud computing environment | |
| Tian et al. | Defending against data poisoning attacks: from distributed learning to federated learning | |
| CN116346455A (en) | Intelligent active defense technology based on credibility feedback | |
| CN117580046A (en) | Deep learning-based 5G network dynamic security capability scheduling method | |
| Alomari et al. | An autonomic framework for integrating security and quality of service support in databases | |
| CN115801460A (en) | Power distribution information physical system security risk assessment method considering network attack vulnerability | |
| CN113783853A (en) | Dynamic heterogeneous redundancy system security analysis method and device for black box condition | |
| CN114239049A (en) | Parameter compression-based defense method facing federal learning privacy reasoning attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |