Research On Network Security Defense Mechanism Based On Partial Observable MDP

While network technology brings convenience to our lives,the security problems in the network system cannot be ignored.At present,the cyber attacks are frequent and cyber attack methods are emerging one after another.Attackers use vulnerabilities in the network to carry out attacks.A single vulnerability does not cause too much threat to the system,but the attacker controls a victim host through the combination of vulnerabilities.The host can become the basis of the next attack step,leading to stop the services and leakage sensitive information,which ultimately leads to unpredictable consequences.Thus,we need to focus on vulnerability threat assessment,defense technology and defense decision under limited conditionsThe thesis studies the correlations and dependencies between the system vulnerabilities,analyzes the risk of vulnerabilities in network systems based on attack graph.We introduce a ‘Parallel' correlation based on the classic ‘AND' and ‘OR' correlations with regard to the exploitability of vulnerabilities,and then proposes two methods,based on Common Vulnerability Scoring System(CVSS)and based on fuzzy logic,to assess the threats of vulnerability.The experiment results show that both the proposed methods enable more accurate assessments compared with the original CVSS score,and the results of based on fuzzy logic are more accurate than based on CVSS.Then,we propose a network security defense mechanism based on partially observable Markov Decision Process(POMDP),achieving decision-making for defense.According to the limited defense capabilities and defense resources,we discuss the state space,action space,transition probability function,observation space,observation probability function and instant reward,and propose a defense decision model based on POMDP and solve the model.This thesis defines the corresponding system reword indicators,which can be used to balance the defense costs of the system and the maintenance benefits of the system security.,and the experiment results of defense mechanism based on POMDP model are compared with random strategy.The experiment results show that the decision based on POMDP is superior to the results of the random strategy.The method only can obtain a partial observable state by comparing with the defense decision based on MDP,and the system reward is constantly approaching the reward on MDP(Markov Decision Process).Experiment results show that the defense decision based on POMDP is closer to the real state of the network system,but it can still make a great defense decision.