• Complex
  • Title
  • Keyword
  • Abstract
  • Scholars
  • Journal
  • ISSN
  • Conference
搜索

Author:

Zhang, Huan (Zhang, Huan.) | Zheng, Kangfeng (Zheng, Kangfeng.) | Wang, Xiujuan (Wang, Xiujuan.) | Luo, Shoushan (Luo, Shoushan.) | Wu, Bin (Wu, Bin.)

Indexed by:

EI Scopus SCIE

Abstract:

As a core component of the network, web applications have become one of the preferred targets for attackers because the static configuration of web applications simplifies the exploitation of vulnerabilities by attackers. Although the moving target defense (MTD) has been proposed to increase the attack difficulty for the attackers, there is no solo approach can cope with different attacks; in addition, it is impossible to implement all these approaches simultaneously due to the resource limitation. Thus, the selection of an optimal defense strategy based on MTD has become the focus of research. In general, the confrontation of two players in the security domain is viewed as a stochastic game, and the reward matrices are known to both players. However, in a real security confrontation, this scenario represents an incomplete information game. Each player can only observe the actions performed by the opponent, and the observed actions are not completely accurate. To accurately describe the attacker's reward function to reach the Nash equilibrium, this work simulated and updated the strategy selection distribution of the attacker by observing and investigating the strategy selection history of the attacker. Next, the possible rewards of the attacker in each confrontation via the observation matrix were corrected. On this basis, the Nash-Q learning algorithm with reward quantification was proposed to select the optimal strategy. Moreover, the performances of the Minimax-Q learning algorithm and Naive-Q learning algorithm were compared and analyzed in the MTD environment. Finally, the experimental results showed that the strategy selection algorithm can enable defenders to select a more reasonable defensive strategy and achieve the maximum possible reward.

Keyword:

incomplete information game Moving target defense Nash-Q learning algorithm optimal strategy selection web service

Author Community:

  • [ 1 ] [Zhang, Huan]Beijing Univ Posts & Telecommun, Sch CyberSpace Secur, Beijing 100088, Peoples R China
  • [ 2 ] [Zheng, Kangfeng]Beijing Univ Posts & Telecommun, Sch CyberSpace Secur, Beijing 100088, Peoples R China
  • [ 3 ] [Luo, Shoushan]Beijing Univ Posts & Telecommun, Sch CyberSpace Secur, Beijing 100088, Peoples R China
  • [ 4 ] [Wu, Bin]Beijing Univ Posts & Telecommun, Sch CyberSpace Secur, Beijing 100088, Peoples R China
  • [ 5 ] [Wang, Xiujuan]Beijing Univ Technol, Coll Comp Sci, Beijing 100124, Peoples R China

Reprint Author's Address:

  • [Zheng, Kangfeng]Beijing Univ Posts & Telecommun, Sch CyberSpace Secur, Beijing 100088, Peoples R China

Show more details

Related Keywords:

Related Article:

Source :

CMC-COMPUTERS MATERIALS & CONTINUA

ISSN: 1546-2218

Year: 2020

Issue: 2

Volume: 62

Page: 763-786

3 . 1 0 0

JCR@2022

ESI Discipline: COMPUTER SCIENCE;

ESI HC Threshold:132

Cited Count:

WoS CC Cited Count: 12

SCOPUS Cited Count: 13

ESI Highly Cited Papers on the List: 0 Unfold All

WanFang Cited Count:

Chinese Cited Count:

30 Days PV: 2

Affiliated Colleges:

Online/Total:541/5315989
Address:BJUT Library(100 Pingleyuan,Chaoyang District,Beijing 100124, China Post Code:100124) Contact Us:010-67392185
Copyright:BJUT Library Technical Support:Beijing Aegean Software Co., Ltd.