Research On OODA-based Netwrok Attack-defense Tentative Methodology

With the development of the Internet,it has gradually profoundly changed our lives,penetrate into every corner of human society,especially the mobile Internet era so that the Internet has experienced a leap in the development.The Internet is not only related to personal life,but also become a strategic resource at the national level.So network security is of great significance.This paper has done some exploration on the network attack and defense,and proposed OODA-Net AD model based on OODA from the attacker's point of view.OODA-Net AD model has four sub-modules are: communication data acquisition module,protocol feature analysis module,attack strategy selection module and attack execution module,the four modules in the second and third modules is the focus of research.And finally the OODA-Net AD model was simulated and tested.The second module,the protocol feature analysis module,implements the function of analyzing the captured packets and extracting some features of the protocol.In this model,a protocol feature recognition technique based on data flow analysis is used.First,the n-gram Generating technology to convert each communication message in the original network packet into an n-gram sequence;and then using the keyword recognition technology based on the LDA model to extract the set of keywords of the protocol,using the Gibbs when solving the LDA model Sampling method;due to the capture of the packet there may be two packets belonging to different protocols,but they have similar keywords,in which case the need for hierarchical clustering algorithm for clustering data packets,Using the Information Bottleneck method as a measure of clustering effect;in order to excavate frequent byte sequences In this paper,the use of sequence alignment technology,the method used here is a heuristic multiple sequence comparison algorithm.The third module,the attack strategy selection module,selects a strategy that gives the attacker the greatest benefit from a number of attack techniques,using a game-based optimal attack strategy option.In this scheme,we first need to quantify the cost and benefit of both sides of the attack and defense.After the quantification work is completed,the attack strategy selection model is established.The model is a complete information non-cooperative non-zero and game model,and then the Nash equilibrium state The advantage of the attack strategy selection model is that the simple and intuitive simultaneous algorithm is also very mature.