Abstract
Currently, many methods are available to improve the target network’s security. The vast majority of them cannot obtain an optimal attack path and interdict it dynamically and conveniently. Almost all defense strategies aim to repair known vulnerabilities or limit services in target network to improve security of network. These methods cannot response to the attacks in real-time because sometimes they need to wait for manufacturers releasing corresponding countermeasures to repair vulnerabilities. In this paper, we propose an improved Q-learning algorithm to plan an optimal attack path directly and automatically. Based on this path, we use software-defined network (SDN) to adjust routing paths and create hidden forwarding paths dynamically to filter vicious attack requests. Compared to other machine learning algorithms, Q-learning only needs to input the target state to its agents, which can avoid early complex training process. We improve Q-learning algorithm in two aspects. First, a reward function based on the weights of hosts and attack success rates of vulnerabilities is proposed, which can adapt to different network topologies precisely. Second, we remove the actions and merge them into every state that reduces complexity from O(N3) to O(N2). In experiments, after deploying hidden forwarding paths, the security of target network is boosted significantly without having to repair network vulnerabilities immediately.
Highlights
A defense strategy represents a series of defense methods in the target information system network that can reduce the attack success rate of attackers
We test the performance of the hidden forwarding path (Figure 10) and the traditional forwarding path (Figure 5) in a real information system network
On the other hand, adding some virtual forwarding nodes in the target network will add memory utilization and CPU utilization in the target network, the total cost of this defense strategy is much lower than stopping some servers until the system vulnerabilities are repaired
Summary
A defense strategy represents a series of defense methods in the target information system network that can reduce the attack success rate of attackers. The defense strategy may own excellent performance, but defenders scan and recapture the information system in most instances, which is very uneconomic Speaking, whether it is SDN or traditional network, we can plan defense strategy through locate optimal attack path. Reference [6] proposes a HMMbased attack graph generation method, and authors use ACO-based algorithm to compute the optimal attack path. Based on this path, evaluating the security of target network can be evaluated and corresponding countermeasures can be planned. Reference [7] proposes a malicious nodes-based security model enacting method, but its performance on handling zero-day vulnerability is not strong enough
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
