引用本文
  • 张杭生,刘吉强,梁杰,刘海涛,李婷,耿立茹,刘银龙.基于博弈论的入侵检测与响应优化综述[J].信息安全学报,已采用    [点击复制]
  • zhanghangsheng,liujiqiang,liangjie,liuhaitao,liting,genliru,liuyinlong.A Survey on Optimizing Intrusion Detection and Response Based on Game Theory[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 13440次   下载 11700  
基于博弈论的入侵检测与响应优化综述
张杭生1, 刘吉强2, 梁杰1, 刘海涛1, 李婷1, 耿立茹1, 刘银龙1
0
(1.中国科学院信息工程研究所;2.北京交通大学)
摘要:
当前网络规模急剧增加,各类入侵过程也逐渐向复杂化、多样化的趋势发展。网络攻击带来的损失越来越严重,针对各类安全事件的检测发现以及查处响应也变得日益困难。为了快速识别各类网络安全事件并做出相应的响应,入侵检测与响应技术变得越来越重要。入侵检测系统(IDS)能否识别复杂的攻击模式以及分析大量的网络流量主要取决于其精度和配置,这使得入侵检测与响应的优化问题成为网络与系统安全的重要需求,并且成为一个活跃的研究主题。现有的研究成果已经提出了很多可以优化入侵检测和响应效率的方法,其中,将博弈论应用在入侵检测与响应的研究日益增多。博弈论提供了一种框架去捕获攻击者和防御者的交互,采用了一种定量的方法评估系统的安全性。在本文中,我们首先回顾了入侵检测与博弈论的背景知识,接着按照基于博弈论的入侵检测与响应优化问题的类型进行了分类介绍,然后从整体上讨论了这些解决方案的局限性,最后我们还给出了未来的研究方向。
关键词:  博弈论  入侵检测  入侵响应  多智能体强化学习  网络安全
DOI:10.19363/J.cnki.cn10-1380/tn.2022.12.06
投稿时间:2020-06-17修订日期:2020-11-02
基金项目:中国科学院战略性先导科技专项(C 类)
A Survey on Optimizing Intrusion Detection and Response Based on Game Theory
zhanghangsheng1, liujiqiang2, liangjie1, liuhaitao1, liting1, genliru1, liuyinlong1
(1.Institute of Information Engineering, Chinese Academy of Sciences;2.Beijing Jiaotong University)
Abstract:
The scale of the current network has increased dramatically, and various types of intrusion processes have gradually evolved to become more complex and diverse. The losses caused by cyber-attacks have become more and more increasingly serious. To quickly identify various security incidents and make a certain response, intrusion detection and response technology become more and more important. Whether an intrusion detection system (IDS) can identify complex attack patterns and analyze large amounts of network traffic mainly depends on its accuracy and configuration, which makes intrusion detection and response optimization issues an important requirement for network and system security, and has become an active Research Topics. Existing researches have proposed many methods that can improve the efficiency of intrusion detection and response. Among them, the application of game theory in intrusion detection and response is increasing. Game theory provides a framework to capture the interaction between attackers and defenders, and uses a quantitative method to evaluate the security of the system. In this article, at first, we review the background of intrusion detection and game theory. Secondly, we classify and introduce them based on the types of game theory-based intrusion detection and response control optimization problems, and then discuss the limitations of these solutions in general. Finally, we also proposed future research directions.
Key words:  Game theory  intrusion detection  intrusion response  multi-agent reinforcement learning  cyber security