考量誘捕系統下攻擊者成功機率最小化之近似最佳化防禦策略

Abstract

由於攻擊者的手法與策略日新月異，對於防禦者而言，網路系統時常被不同類型的攻擊者同時攻擊，因此，如何衡量系統在此種情境下的存活度是防禦者的首要任務。除此之外，從攻擊者的角度而言，其對於欲攻擊的目標通常僅具部分資訊，即「不完美知識」。有鑒於此，發展出了一種欺騙攻擊者與消耗其資源的防禦機制，稱為誘捕系統。該系統除了具備上述的重要功能之外，還可用於學習攻擊者技巧並記錄其所使用之系統漏洞，以降低核心節點被攻克的機率，增進整體系統的存活度。 在本論文中，我們將一個攻防情境轉化成數學規劃問題，用以描述系統被攻擊者攻克的機率，並且透過「評估流程」找出能讓該機率最小化之防禦資源配置模式。該法是利用一連串的評估以及策略強化逐步地提升解的品質，並在每一次的循環中，藉由現有的資訊推導出最適當的修正方向，持續的強化現有的配置方法，以期求得最佳解；此外，該法能夠用於解決具備不完美資訊特質的問題，透過適當的情境描述，加入隨機的變異性情況，使問題更貼近於真實情況，有效地提升對防禦者的正面效益。

Since the attack level and tactics of network systems grow with each passing day. Network systems are usually simultaneously attacked by different types of attackers. Therefore, the most important issue for defenders is to evaluate the system survivability under this scenario. Besides, from the view point of attackers, they usually only have partial information of the targeted system. In other words, they only have “imperfect knowledge”. As a result, a mechanism which is capable to distract attackers and waste their budget is emerged. This defense technique, called honeypot, can not only assist defender to learn attack strategy and record system vulnerabilities attackers used but also allows defender to understand system vulnerabilities. Therefore, whole system compromised probability is reduced. In other words, survivability is raised. In this thesis, we model the attack defense scenario as a mathematical programming problem that describes attackers’ success probability. The optimal defense resource allocation is discovered by evaluation process. This approach applies a serious of evaluations and policy enhancements gradually improve the quality of solution. For each round, we derive the most appropriate direction to amend and continually enhance the allocation scheme to achieve optimal solution. Besides, this approach can be applied to solve problems with imperfect knowledge property. Through appropriate scenario description and randomness involved, the problem can be closer to realistic, thus enhance the positive benefits effectively for the defenders.