期刊文献+

基于博弈理论的动态入侵响应 被引量:13

Dynamic Intrusion Response Based on Game Theory
下载PDF
导出
摘要 随着计算机网络的飞速发展,人们对互联网技术的依赖程度越来越高,因此确保网络系统的安全性也变得越来越重要.近年来,由于网络攻击事件的增多,入侵检测和响应技术越来越成为目前的研究热点之一.不过与其他安全技术得到广泛应用并取得良好的效果相比,入侵检测与响应的发展是滞后的.这一方面是由于入侵检测自身检测技术的限制,另一方面是由于目前的报警响应研究未能处理好系统的收益及攻击者策略变化等问题.针对上述第2个问题,提出了一种基于博弈理论的动态入侵响应DIRBGT模型.该模型一方面对攻击者和系统双方收益计算得比较全面,因此系统在报警响应后的收益得到了保证;另一方面还将攻击者可能的策略变化纳入模型当中,与单从系统一方推理最优响应的不稳定性相比,其最优解是稳定、可靠的.实验结果表明,DIRBGT模型有效提高了报警响应的准确性和效果. With recent advances in network based technology and increased dependability of every day life on this technology, assuring reliable operation of network based systems is very important. During recent years, number of attacks on networks has dramatically increased and consequently interest in network intrusion detection and response has increased among the researchers. But as other network security technologies are being widely applied and achieving good results, intrusion detection and response technology is lagging. One reason is that current intrusion detection technology is limited in the detecting algorithm itself, the other is that system~ s incentive and alternation of attacker^s strategies isn't taken into consideration sufficiently in current alerts response research. A dynamic intrusion response model based on game theory (DIRBGT) is proposed to solve the second problem. On the one hand, DIRBGT takes account of incentives of system and attacker across the board, therefore the incentive of system can be assured. And on the other hand, it deals well with attack's intent and alternation of strategies and therefore the optimal answer is stable and reliable while the optimal responses inferred from systems alone are unstable. The experimental results show that the DIRBGT model can effectively improve the accuracy and effectiveness of alert response.
出处 《计算机研究与发展》 EI CSCD 北大核心 2008年第5期747-757,共11页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60373064) 国家"八六三"高技术研究发展计划基金项目(2003AA144010)~~
关键词 网络安全 入侵响应 攻击场景 博弈理论 动态响应 network security intrusion response attack scenario game theory dynamic response
  • 相关文献

参考文献15

  • 1C Carver,U Pooch.An intrusion response taxonomy and its role in automatic intrusion response[C].In:Proc of the 2000 IEEE Workshop on Information Assurance and Security.West Point,NY:United States Military Academy,2000.129-135
  • 2F Cuppens,A Miege.Alert correlation in a cooperative intrusion detection framework[C].The IEEE Symp on Research in Security and Privacy,Oakland,USA,2002
  • 3P Ning,D Xu.Learning attack strategies from intrusion alerts[C].The 10th ACM Conf on Computer and Communication Security,Washington,DC,USA,2003
  • 4S Musman,P Flesher.System or security managers'adaptive response tool[C].DARPA Information Survivability Conference and Exposition 2000,Hilton Head,USA,2000
  • 5丁勇,虞平,龚俭.自动入侵响应系统的研究[J].计算机科学,2003,30(10):160-162. 被引量:11
  • 6C Carver,J M Hill,J R Surdu.A methodology for using intelligent agents to provide automated intrusion response[C].The IEEE Systems,Man,and Cybernetics Information Assurance and Security Workshop,West Point,NY,2000
  • 7D Ragsdale,C Carver,J Humphries,et al.Adaptation techniques for intrusion detection and intrusion response system[C].The IEEE Int'l Conf on Systems,Man,and Cybernetics at Nashville,Tennessee,2000
  • 8W Lee,W Fan,M Miller,et al.Toward cost-sensitive modeling for intrusion detection and response[J].Journal of Computer Security,2002,10(1/2):5-22
  • 9B Foo,Y Wu,Y Mao,et al.ADEPTS:Adaptive intrusion response using attack graphs in an E-commerce environment[C].Int'l Conf on Dependable Systems and Networks(DSN'05),Washington,2005
  • 10P F Syveron.A different look at secure distributed computation[C].The 1997 IEEE Computer Security Foundations Workshop,Washington,1997

二级参考文献11

  • 1Carver C A. Limiting Uncertainty in Intrusion Response. IEEE,2000.
  • 2Carver C A. A Methodology for Using Intelligent Agents to provide Automated Intrusion Response. In: Proe. of the IEEE Systems, 2000.
  • 3Schnackenberg D, Djahandari K, Sterne D. Infrastructure for Intrusion Detection and Response. In: Proc. of the DARPA Information Survivability Conference and Exposition, 2000.
  • 4Center C C. CERT/CC Statistics for 1988. http ://www. cert. org/stats/cert-stats, html, 2000.
  • 5Center C C. CERT Coordination Center 1998. hrtp://www. cert.org/annual-rpts/cert_rpt_ 98. html, 2000.
  • 6Cohen F B. Simulating Cyber Attacks, Defenses, and Consequences. http://all. net/journal/ntb/simulate/simulate.html, 1999.
  • 7Carver C A. Intrusion Response Systems: A Survey. http://facuhy. cs. tamu.edu/pooch/course/CPSC665/Spring2001/Lessons/Intrusion-Detection-and-Response , 2000.
  • 8Lee W. Toward Cost-Sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security, 2002,10(1-2).
  • 9Lindqvist U,Jonsson E. How to Systematically Classify Computer Security Intrusions. IEEE Symposium on Security and Privacy,1997.
  • 10Geib C W,Goldman R P. Plan Recognition in Intrusion Detection Systems. IEEE, 2001.

共引文献10

同被引文献69

引证文献13

二级引证文献117

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部