基于攻击图和改进粒子群算法的网络防御策略

计算机工程与应用 ›› 2016, Vol. 52 ›› Issue (8): 120-124.

基于攻击图和改进粒子群算法的网络防御策略

刘渊1，李群1，王晓锋2

1.江南大学数字媒体学院，江苏无锡 214122
2.江南大学物联网工程学院，江苏无锡 214122

出版日期:2016-04-15 发布日期:2016-04-19

Improved PSO for network defense measures of weighted attack graph

LIU Yuan1, LI Qun1, WANG Xiaofeng2

1.School of Digital Media, Jiangnan University, Wuxi, Jiangsu 214122, China
2.College of Internet of Things Engineering, Jiangnan University, Wuxi, Jiangsu 214122, China

Online:2016-04-15 Published:2016-04-19

摘要/Abstract

摘要： 攻击图是网络安全定性分析的常用工具，能为安全管理员阻止恶意入侵提供重要依据。为了进行网络安全测评和主动防御，提出防御策略模型和基于该模型的改进二进制粒子群算法。基于攻击图中的每个入侵动作，构建带权防御策略集，意在突出防御代价。为以最小代价阻止网络恶意入侵，引入并改进了二进制粒子群算法BPSO，获取了攻击图的最小关键策略集。仿真实验证明，能有效获取最小关键策略集的优化解，并通过与蚁群算法及贪心算法进行对比实验，证明其更高效。

关键词: 最小关键策略集, 二进制粒子群算法, 攻击图, 防御代价

Abstract: Attack graph is a common tool for qualitative analysis of network security, which provides important basis for network security administrators to prevent malicious?intrusions. To evaluate the security of network and perform active defense, the paper presents a defense graph model and an improved binary particle swarm optimization algorithm. It builds defense measure set with weights based on each intrusion action in the attack graph, intends to highlight the defense costs. In order to minimize the cost to prevent malicious attacks, it introduces and improves binary particle swarm optimization algorithm BPSO, and obtains the minimum critical measure set of the attack graph. Simulation results show that it can effectively obtain the optimization solution of the minimum critical measure set, and through the comparison with traditional greedy algorithm experiments, it proves that it is a more efficient optimization algorithm.

Key words: minimum critical measure set, Binary Particle Swarm Optimization（BPSO）, attack graph, defence cost

刘渊1，李群1，王晓锋2. 基于攻击图和改进粒子群算法的网络防御策略[J]. 计算机工程与应用, 2016, 52(8): 120-124.

LIU Yuan1, LI Qun1, WANG Xiaofeng2. Improved PSO for network defense measures of weighted attack graph[J]. Computer Engineering and Applications, 2016, 52(8): 120-124.

[1]	高岭1，2，王帆1，高妮1，3，毛勇1. 基于改进蚁群算法的防护策略选择模型[J]. 计算机工程与应用, 2019, 55(7): 100-107.
[2]	王洋，吴建英，黄金垒，胡浩，刘玉岭. 基于贝叶斯攻击图的网络入侵意图识别方法[J]. 计算机工程与应用, 2019, 55(22): 73-79.
[3]	司健，陈鹏，顾宁平，孙凌枫，王蔚旻. 网络攻击图逆向深度优先生成算法[J]. 计算机工程与应用, 2017, 53(3): 131-137.
[4]	高妮1，2，高岭1，贺毅岳1，3，王帆1. 基于贝叶斯攻击图的最优安全防护策略选择模型[J]. 计算机工程与应用, 2016, 52(11): 125-130.
[5]	朱随江1，2，刘宇1，2，刘宝旭1，姜政伟1，2. 基于二叉决策图的网络可达性计算[J]. 计算机工程与应用, 2012, 48(4): 74-76.
[6]	陆秋琴，和涛，黄光球，王纯子. 面向对象粗糙信任攻击威胁感知模型[J]. 计算机工程与应用, 2012, 48(30): 103-111.
[7]	毛捍东,陈锋,张维明. 网络脆弱性建模方法研究[J]. 计算机工程与应用, 2007, 43(15): 1-5.