2023年5月JournalonCommunicationsMay2023第44卷第5期通信学报Vol.44No.5基于有限理性的网络防御策略智能规划方法刘盈泽,郭渊博,方晨,李勇飞,陈庆礼(信息工程大学密码工程学院,河南郑州450001)摘要:考虑到网络防御主体通常具有资源受限等特点,基于智能化攻防对抗的理念研究了有限理性条件下的网络防御策略智能规划与自主实施。首先,融合攻击图、通用与领域专有知识构建网络防御安全本体;在此基础上,利用知识推理推荐安全防御策略,以更好地适应受保护网络信息资产的安全需求及当前所面临的攻击威胁;最后,结合有限理性的智能规划方法,实现网络安全防御资源受限、网络信息资产动态变化等约束条件下的防御策略自主规划与实施。实例表明,动态攻击下所提方法具有稳健性。将所提方法与现有基于博弈论及攻击图方法进行对比,实验结果表明在对抗一次典型的APT攻击时所提方法的防御有效性提高了5.6%~26.12%。关键词:网络防御;防御策略推荐;智能规划;有限理性;安全本体中图分类号:TN92文献标志码:ADOI:10.11959/j.issn.1000−436x.2023091IntelligentplanningmethodforcyberdefensestrategiesbasedonboundedrationalityLIUYingze,GUOYuanbo,FANGChen,LIYongfei,CHENQingliDepartmentofCryptogramEngineering,InformationEngineeringUniversity,Zhengzhou450001,ChinaAbstract:Consideringthatnetworkdefensesubjectswereusuallyresource-constrained,anintelligentplanningandau-tonomousimplementationofnetworkdefensestrategiesunderboundedrationalitywasstudiedconsideringtheconceptofintelligentconfrontation.First,attackgraph,generalknowledgeanddomain-specificknowledgewerefusedtoconstructanetworkdefensesecurityontology.Onthatbasis,knowledgereasoningwasutilizedtorecommendsecuritydefensestrategiestobetteradapttothesecurityneedsofprotectednetworkinformationassetsandcurrentattackthreats.Finally,anautonomousplanningandimplementationofdefensestrategieswasachievedundertheconstraintsoflimitednetworksecuritydefenseresourcesanddynamicchangesofnetworkinformationassetswiththehelpofboundedrationality.Theexampleshowsthattheproposedmethodisrobustunderdynamicattacks.Theexperimentsshowthatthedefenseeffec-tivenessisimprovedby5.6%~26.12%comparedwithexistinggametheoryandattackgra...
