Affiliation:
1. Command and Control Engineering College, Army Engineering University of PLA, Nanjing, China
2. Defense Innovation Institute, Beijing, China
3. Academy of Military Science, Beijing, China
Abstract
Attacker identification from network traffic is a common practice of cyberspace security management. However, network administrators cannot cover all security equipment due to the cyberspace management cost constraints, giving attackers the chance to escape from the surveillance of network security administrators by legitimate actions and to perform the attack in both physical domain and digital domain. Therefore, we proposed a hidden attack sequence detection method based on reinforcement learning to deal with the challenge through modeling the network administrators as an intelligent agent that learns their action policy from the interaction with the cyberspace environment. Following Deep Deterministic Policy Gradient (DDPG), the intelligent agent can not only discover the hidden attackers hiding in the legitimate action sequences but also reduce the cyberspace management cost. Furthermore, a dynamic reward DDPG method was proposed to improve defense performance, which set dynamic reward depending on the hidden attack sequences steps and agent’s check steps, compared to the fixed reward in common methods. Meanwhile, the method was verified in a simulated experimental cyberspace environment. Finally, the experimental results demonstrate that there are hidden attack sequences in cyberspace, and the proposed method can discover the hidden attack sequences. The dynamic reward DDPG shows superior performance in detecting hidden attackers, with a detection rate of 97.46%, which can improve the ability to discover hidden attackers and reduce the 6% cyberspace management cost compared to DDPG.
Funder
National Natural Science Foundation of China
Subject
Computer Networks and Communications,Information Systems
Reference32 articles.
1. Comparative analysis on TCP and UDP network traffic;Y. B. Zhang;Application Research of Computers,2010
2. Intrusion detection system: A comprehensive review
3. Research progress and prospect of network intrusion detection technology;Y. P. Jiang;Journal of Light Industry,2017
4. Intrusion prevention system design
5. An intrusion detection and prevention system in cloud computing: A systematic review
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献