Denial Of Service And Advanced Persistent Threat Detection Based On Reinforcement Learning

With the wide application of communication network,people pay more and more attention to the security of network.Among them,Advanced Persistent Threats(APTs)have become a major security threat to the defense manufacturing industry,financial industry and other industries due to their long duration,strong pertinence and stealth.In advanced persistent threats,an attacker can enter a system illegally and remain undetected for a long time.Denial-of-service attacks deplete system resources.Denial-of-service attacks constantly send data packets,resulting in data conflicts and retransmission,resulting in data loss between sensors and processing centers.On the other hand,in recent years,with the improvement of computer technology and the development of deep learning,especially the successful application of deep neural network in the field of reinforcement learning,a new stage of the development of reinforcement learning has been created.This is because deep learning provides a new solution to the inherent problems of dimensional curse in early reinforcement learning,namely,value function and strategy expression in high-dimensional state and action space.Since then,deep reinforcement learning has become a standard method in the field of artificial intelligence,attracting great attention from the academic world,which provides a new way to detect advanced persistent threats and denial of service attacks.This paper studies the detection of advanced persistent threat and denial of service attack based on deep reinforcement learning.The main work is as follows:In response to denial of service attacks on remote estimation systems,a denial of service attack detection method based on deep reinforcement learning was proposed by modeling the relationship between attacker and defender as a game between attack and defense.Firstly,the communication confrontation between defender and denial of service attack is modeled as two-person zero-sum random game process by considering defense and attack energy and estimation error,and the action space of defender and denial of service attack is given.Then,the performance index and the revenue function of both sides of the game are designed,and the composition of the revenue function of defender and denial of service attack is analyzed.Finally,combined with the concept of game equilibrium considered in this paper,the neural virtual self-playing algorithm of deep reinforcement learning method and its implementation method are proposed to calculate the game equilibrium strategy,and the detection method of denial of service attack based on deep reinforcement learning is verified by simulation.For advanced persistent threats to system-oriented networks,an attack detection method based on deep reinforcement learning is proposed.Firstly,the information flow graph is introduced to characterize persistent threat,and the attacker and defender are modeled in advanced persistent threat detection,and their purposes and processes are analyzed.Secondly,a novel advanced persistent threat detection model is proposed.The antagonistic interaction between the defender(dynamic information pursuit)and the attacker is constructed as a zero-sum random game model,and the type information structure of the game is given.Then the state space and the action space of the game are analyzed,and the action space and transition probability of advanced persistent threat and dynamic information flow tracking are given.The game information and strategies of advanced persistent threat and dynamic information flow tracking are given.Finally,the structure of payoff function of advanced persistent threat and dynamic information flow tracking is analyzed,and a method of deep reinforcement learning is proposed to solve the game problem.Simulation results show that the advanced persistent threat detection method based on deep reinforcement learning is effective.