Research On Threat Assessment And Dynamic Defense Methods For Network False Flag Attacks

Cyberspace security has become a national strategy,and network security has received unprecedented attention and in-depth study;the invasion of process programming,attack mode sampling,and operation tools of traditional network attack technology have been highly effective in accurately identifying and defense,cyber-attacks towards specialization,organized,and to conceal the direction of development.Network false flag attack interferes with defense judgment decisions by means of elaborate camouflage and induced deception.False flag attack is often applied to specific attacks such as Advanced Persistent Threat(APT)to expand the threat degree and damage ability of attacks.It is one of the most severer and urgent challenges for network security defense at present.A lot of work has been done in academia and industry around the assessment and defense of various network attack threats,including APT.Existing solutions usually form a combined defense decision based on normal or abnormal network behavior judgments,but neither fully considered false The impact of flag attack behavior on the threat assessment results has not been formed,and a practical continuous dynamic decision-making algorithm has not been formed,which makes it difficult to guarantee and break through the threat assessment and dynamic defense accuracy of false flag behaviors.Therefore,in this thesis,we studies the threat assessment model and method of false flag attack based on dynamic bayesian network and the dynamic defense decision mechanism of false flag attack based on partially observable markov.Aiming at the problem that false flag attack actively misleads the traditional threat assessment mechanism,the evaluation effect is distorted,the conclusion is invalid,and the direction fails.This thesis proposes a false flag attack threat assessment model and method based on a dynamic bayesian network.Based on the attack behavior model of income,the attackers’ intrusion willingness and vulnerability utilization transfer prediction method is designed,combined with static threat assessment and dynamic threat assessment to identify false flag behaviors and correct the threat assessment results.Theoretical analysis and experimental results show that,compared with the existing schemes,the proposed scheme achieves effective identification and interference elimination of false flag attacks under the condition of only the time complexity of the algorithm and improves the accuracy and efficiency of network false flag attack threat assessment.Aiming at the problem that the traditional defense strategy mechanism has poor pertinence,strong hysteresis,and weak feedback due to the continuous evasion of false flag attacks,this thesis proposes a dynamic defense decision-making mechanism for false flag attacks based on partially observable markov,and introduces partially observable markov model,designed a state transition probability calculation method based on thompson sampling,combined with belief state set and Q-Learning algorithm,continuously optimized and selected the current estimated state,and dynamically adjusted the defense strategy with maximum utility.Theoretical analysis and experimental results show that the average time of single-step defense decision-making of the proposed scheme is reduced to 0.9% of the traditional value iteration scheme,and the average error of state estimation is 1.5 Manhattan distance,which has good practical usability.Based on the above researches,we design and implement a set of threat assessment and dynamic defense prototype verification systems for false flag attacks in APT scenarios.The relevant algorithms have been applied to the security defense system of smes’ private cloud platforms.