期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Q-Learning的自动入侵响应决策方法 被引量:4

Automatic Intrusion Response Decision-making Method Based on Q-Learning
在线阅读 下载PDF
导出
摘要 针对现有自动入侵响应决策自适应性差的问题,文章提出一种基于Q-Learning的自动入侵响应决策方法——Q-AIRD。Q-AIRD基于攻击图对网络攻防中的状态和动作进行形式化描述,通过引入攻击模式层识别不同能力的攻击者,从而做出有针对性的响应动作;针对入侵响应的特点,采用Softmax算法并通过引入安全阈值θ、稳定奖励因子μ和惩罚因子ν进行响应策略的选取;基于投票机制实现对策略的多响应目的评估,满足多响应目的的需求,在此基础上设计了基于Q-Learning的自动入侵响应决策算法。仿真实验表明,Q-AIRD具有很好的自适应性,能够实现及时、有效的入侵响应决策。 Aiming at the problem of poor adaptability of existing automatic intrusion response decision-making,this paper proposes an automatic intrusion response decision-making method based on Q-Learning(Q-AIRD).Q-AIRD formalizes the states and actions of network attack and defense based on the attack graph,and introduces the attack mode layer to identify attackers with different abilities,so as to make more targeted response actions.According to the characteristics of intrusion response,the Softmax algorithm is adopted and the security thresholdθ,stable reward factorμand penalty factorνare introduced to select the response strategy.Based on the voting mechanism,the multi-response purpose evaluation of the strategy is realized to meet the needs of the multi-response purpose.On this basis,an automatic intrusion response decision algorithm based on Q-Learning is designed.The simulation results show that Q-AIRD has good adaptability and can realize timely and effective intrusion response decision-making.
作者 刘璟 张玉臣 张红旗 LIU Jing;ZHANG Yuchen;ZHANG Hongqi(Department of Cryptogram Engineering,Information Engineering University of PLA,Zhengzhou 450001,China)
机构地区 中国人民解放军战略支援部队信息工程大学密码工程学院
出处 《信息网络安全》 CSCD 北大核心 2021年第6期26-35,共10页 Netinfo Security
基金 国家重点研发计划[2016YFF0204002,2016YFF0204003] 国家自然科学基金[61902427,61471344]。
关键词 强化学习 自动入侵响应 Softmax算法 多目标决策 reinforcement learning automatic intrusion response Softmax algorithm multi-objective decision-making
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献5

二级参考文献44

  • 1C Carver,U Pooch.An intrusion response taxonomy and its role in automatic intrusion response[C].In:Proc of the 2000 IEEE Workshop on Information Assurance and Security.West Point,NY:United States Military Academy,2000.129-135
  • 2F Cuppens,A Miege.Alert correlation in a cooperative intrusion detection framework[C].The IEEE Symp on Research in Security and Privacy,Oakland,USA,2002
  • 3P Ning,D Xu.Learning attack strategies from intrusion alerts[C].The 10th ACM Conf on Computer and Communication Security,Washington,DC,USA,2003
  • 4S Musman,P Flesher.System or security managers'adaptive response tool[C].DARPA Information Survivability Conference and Exposition 2000,Hilton Head,USA,2000
  • 5C Carver,J M Hill,J R Surdu.A methodology for using intelligent agents to provide automated intrusion response[C].The IEEE Systems,Man,and Cybernetics Information Assurance and Security Workshop,West Point,NY,2000
  • 6D Ragsdale,C Carver,J Humphries,et al.Adaptation techniques for intrusion detection and intrusion response system[C].The IEEE Int'l Conf on Systems,Man,and Cybernetics at Nashville,Tennessee,2000
  • 7W Lee,W Fan,M Miller,et al.Toward cost-sensitive modeling for intrusion detection and response[J].Journal of Computer Security,2002,10(1/2):5-22
  • 8B Foo,Y Wu,Y Mao,et al.ADEPTS:Adaptive intrusion response using attack graphs in an E-commerce environment[C].Int'l Conf on Dependable Systems and Networks(DSN'05),Washington,2005
  • 9P F Syveron.A different look at secure distributed computation[C].The 1997 IEEE Computer Security Foundations Workshop,Washington,1997
  • 10K Lye,J M Wing.Game strategies in network security[C].The 2002 IEEE Computer Security Foundations Workshop,Copenhagan,Denmark,2002

共引文献109

同被引文献26

引证文献4

二级引证文献4

信息网络安全
2021年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部