Research On Strategy Selection Technology Of Moving Traget Defense

In recent years,network application has penetrated into every aspect of people's life with the rapid development and popularization of information technology and network technology.At the same time,the security situation in cyberspace is becoming increasingly severe,especially the constantly updated network attack technology and zero-day vulnerabilities have brought great threats to the network environment.Traditional defense technologies such as firewall,intrusion detection and anti-virus often fall into a "easy-to-attack" passive situation when dealing with new types of attacks and unknown vulnerabilities,resulting in the unequal time,energy and efficiency of both sides.In order to balance the existing network attack and Defense environment,Moving Target Defense(MTD)emerged as the time requires.Through the mechanism of irregular dynamic transformation over time,MTD can reduce the certainty,static and isomorphism of the network system.MTD effectively limits the opportunity of vulnerability exposure and increases the complexity and cost of network attacks,thus reducing the possibility of successful network attacks and making it difficult for attackers to complete the task.Faced with a complex network environment,how to select and invoke limited security resources to improve the diversity,rationality and unpredictability of defense strategies has become the key and core of MTD research.In view of this,this thesis focuses on the selection and application of mobile target defense strategies.The main research work includes the following three aspects:(1)Aiming at the problem in game theory that defenders cannot obtain attack return accurately,this thesis proposes a strategy selection technology of Moving Target Defense based on incomplete information game.Firstly,by observing and counting the types and frequencies of attackers' historical actions,this technique establishes the distribution probability matrix of attack actions,and then corrects the distribution probability matrix of attack actions with the observation error.Then,combining the defense efficiency of different defense behaviors and the harm of attack behaviors,this thesis constructs the return function of the attacker and the defender in each confrontation stage,and the Nash Q-learning algorithm is used to update the reward matrix of attackers and defenders,and selects the action conforming to Nash equilibrium condition as the defense strategy adopted by the defender.Finally,this thesis establishes strategic decision models based on Nash Q-learning algorithm,Minimax Q-learning algorithm and Naive Q-learning algorithm models respectively in the laboratory environment,and compares the defensive effects of different decision models adopted by both sides.The experimental results show that the Nash Q-learning algorithm based on the attack return construction method proposed in this thesis can achieve higher defensive returns in different confrontation scenarios and inhibit the benefits of attacker.(2)Aiming at the problem that the existing single target defense technology cannot prevent multiple attacks simultaneously,this thesis proposes a joint defense strategy selection technology in a multi-attack environment.First,the technology analyzes the implementation costs of different types of attacks and different moving target defense technologies,and establishes evaluation indicators for attack costs and defense costs.Then,defense efficiency of different mobile target defense technologies against different attacks is quantified and analyzed.Based on this,evaluation methods of defense return and attack return under multiple attacks are constructed.Secondly,the fitness function is constructed based on the defensive return,and the genetic algorithm is used to select the joint defense strategy in the multi-attack environment.Finally,the joint defense strategy selection technology proposed in this paper is verified under the condition of limited system resources.The experimental results show that the method proposed in this thesis can select the combination of mutation elements with the best defense effect with less defense cost when facing multiple different attacks at the same time.(3)Aiming at the existing passive defense strategy selection mechanism based on random and event trigger,this thesis proposes a moving target defense strategy selection technology based on long-term traffic prediction.Firstly,the lifting wavelet transforms is used to decompose the original flow.The approximate sequences correspond to the overall transformation trend of the flow,and the detail sequences correspond to the random mutation of the flow.Then,LSTM network models with different structures are constructed for the decomposed sub-sequences,so as to realize the prediction of different sequences at different time granularity.Secondly,the inverse transform of the lifting wavelet transform is carried out for the prediction results of different lengths,and the mutation points in the prediction results are located.In addition,the similarity between the predicted flow and the predicted approximate sequence is measured by the Dynamic Time Warping algorithm,and the defense strategy in different prediction length scenarios is selected by using the genetic algorithm combining the defense capability and defense cost of different mutation elements.Finally,the GeANT dataset is used to compare and verify different prediction models.Experimental results show that the long-term prediction of the traffic prediction algorithm proposed in this thesis can not only improve the accuracy of prediction,but also improve the efficiency of model training,and can more accurately locate the sudden change of traffic;In addition,the defense strategy selection method proposed in this paper can select effective defense strategies with limited defense costs.To summarize,this thesis focuses on the research of strategy selection and application technology of MTD technology,and proposes specific defense strategy selection schemes for different attack scenarios.Experimental results show that the security defense scheme proposed in this thesis can meet the strategy selection requirements of MTD in different environments,which has certain research and practical application significance.