基于生成式对抗网络的拟态蜜罐特征生成方法

摘要/Abstract

摘要： 拟态蜜罐借鉴生物拟态博弈思想，是一种综合运用“蜜罐模拟服务特征”的保护色机制和“服务模拟蜜罐特征”的警戒色机制进行诱骗博弈的动态蜜罐技术，其核心策略是特征生成与演化。生成式对抗网络(GAN)则是一种特征生成方法，它通过生成器与判别器之间的对抗博弈，使生成器生成的数据达到“以假乱真”的效果，其对抗博弈的思想与拟态蜜罐思想极为相近。本文提出一种基于生成式对抗网络的拟态蜜罐特征生成方法MMHP-GAN(Mimicry honeypot-GAN)，通过对MMHP-GAN的结构及参数优化训练，产生真假难辨的蜜罐或服务新特征。实验表明，通过该方法生成的特征数据进行演化，服务可以有效抵抗攻击，并且通过对比，本文的方案要优于当前已有的特征生成方案。

关键词: 蜜罐, 拟态蜜罐, 生成式对抗网络, 主动网络防御, 对抗博弈, 特征生成

Abstract: Mimicry honeypot is a kind of dynamic honeypot technology, which refers to the idea of biological mimicry game, Comprehensively uses the protective color mechanism of "honeypot simulate service features" and the warning color mechanism of "service simulate honeypot features" to carry on the decoy game. Its core strategy is feature generation and evolution. Generative Adversarial Networks(GAN) is a feature generation method, which can make the data generated by generator reach the effect of "mix the spurious with the genuine" through the antagonistic game between generator and discriminator. The idea of antagonistic game is very similar to the idea of mimicry honeypot. In this paper, based on generative adversarial networks, a method for feature generation of mimicry honeypot(MMHP-GAN) is proposed. By optimizing the structure and parameters of MMHP-GAN, new features of honeypot or service can be generated, which are difficult to distinguish between true and false. The experiment shows that through the evolution of feature data generated by this method, the service can effectively resist attacks, and by comparison, the scheme proposed in this paper is better than the existing scheme for feature generation.

Key words: honeypot, mimicry honeypot, generative adversarial networks, active network defense, antagonistic game, feature generation

刘祎豪. 基于生成式对抗网络的拟态蜜罐特征生成方法[J]. 计算机与现代化, 2021, 0(07): 120-126.

LIU Yi-hao. A Method to Generate Features of Mimicry Honeypot Based on Generative Adversarial Networks[J]. Computer and Modernization, 2021, 0(07): 120-126.

参考文献［26］

［1］	IRVENE C, FORMBY D, LITCHFIELD S, et al. HoneyBot: A honeypot for robotic systems［J］. Proceedings of the IEEE, 2018,106(1):61-70.
［2］	SHI L Y, CUI Y W, HAN X, et al. Mimicry honeypot: An evolutionary decoy system［J］. International Journal of High Performance Computing and Networking, 2019,14(2):157-164.
［3］	GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets［C］// Proceedings of the 27th International Conference on Neural Information Processing Systems. 2014:2672-2680.
［4］	SPITZNER L. Dynamic honeypots［EB/OL］. (2003-09-15)［2020-10-22］. http://www.securityfocus.com/infocus/1731.
［5］	NAIK N, SHANG C J, SHEN Q, et al. Intelligent dynamic honeypot enabled by dynamic fuzzy rule interpolation［C］// 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). 2018:1520-1527.
［6］	PARK B, DANG S P, NOH S,et al. Dynamic virtual network honeypot［C］// Proceedings of the 2019 International Conference on Information and Communication Technology Convergence (ICTC). 2019:375-377.
［7］	SHI L Y, LI Y, LIU T X, et al. Dynamic distributed honeypot based on blockchain［J］. IEEE Access, 2019,7:72234-72246.
［8］	LI Y, SHI L Y, FENG H J. A game-theoretic analysis for distributed honeypots［J］. Future Internet, 2019,11(3):65.
［9］	PAUNA A, IACOB A C, BICA I. QRASSH: A self-adaptive SSH honeypot driven by Q-learning［C］// Proceedings of the 2018 International Conference on Communications (COMM). 2018:441-446.
［10］	石乐义,姜蓝蓝,刘昕,等. 拟态式蜜罐诱骗特性的博弈理论分析［J］. 电子与信息学报, 2013(5):1063-1068.
［11］	石乐义,李阳,马猛飞. 蜜罐技术研究新进展［J］. 电子与信息学报, 2019,41(2):498-508.
［12］	贾召鹏,方滨兴,崔翔,等. ArkHoney:基于协同机制的Web蜜罐［J］. 计算机学报, 2018 (2):413-425.
［13］	杨天识,刁培金,梁露露,等. 基于OpenFlow的蜜罐主动取证技术［J］. 北京理工大学学报(自然科学版), 2019,39(5):545-550.
［14］	KUMAR S, JAIN S, SHARMA H. Genetic algorithms［C］// Advances in Swarm Intelligence for Optimizing Problems in Computer Science. 2018:27-52.
［15］	宫婧,孙知信,徐虹霞. 基于遗传算法的蜜罐系统［J］. 南京邮电大学学报（自然科学版）, 2008,28(6):50-55.
［16］	YANG Y, MI J. Design and implementation of distributed intrusion detection system based on honeypot［C］// Proceedings of the 2010 2nd International Conference on Computer Engineering and Technology. 2010:260-263.
［17］	刘德莉. 基于遗传算法的拟态蜜罐系统研究［D］. 青岛：中国石油大学(华东), 2014..
［18］	ISLAM J, ZHANG Y Q. GAN-based synthetic brain PET image generation［J］. Brain Informatics, 2020. DOI:10.1186/s40708-020-00104-2.
［19］	ASAKURA T, AKAMA S, SHIMOKAWARA E, et al. Emotional speech generator by using generative adversarial networks［C］// Proceedings of the 10th International Symposium on Information and Communication Technology. 2019:9-14.
［20］	HU W W, TAN Y. Generating adversarial malware examples for black-box attacks based on GAN［J］. arXiv preprint arXiv:1702.05983, 2017.
［21］	HITAJ B, GASTI P, ATENIESE G, et al. PassGAN: A deep learning approach for password guessing［C］// Proceedings of the International Conference on Applied Cryptography and Network Security. 2019:217-237.
［22］	袁辰,钱丽萍,张慧,等. 基于生成对抗网络的恶意域名训练数据生成［J］. 计算机应用研究, 2019,36(5). DOI: 10.19734/j.issn.1001-3695.2017.12.0762.
［23］	潘一鸣,林家骏. 基于生成对抗网络的恶意网络流生成及验证［J］. 华东理工大学学报 (自然科学版), 2019,45(2):344-350.
［24］	HE K M, ZHANG X Y, REN S Q, et al. Deep residual learning for image recognition［C］// Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2016:770-778.
［25］	KINGMA D P, BA J. Adam: A method for stochasticoptimization［J］. arXiv preprint arXiv:1412.6980, 2014.
［26］	GULRAJANI I, AHMED F, ARJOVSKY M,et al. Improved training of Wasserstein GANS［C］// Proceedings of the 31st International Conference on Neural Information Processing Systems. 2017:5769-5779.

[1]	江竞捷, 徐络, 李宁. 基于GAN的图像识别系统蜕变测试方法[J]. 计算机与现代化, 2021, 0(02): 24-29.
[2]	周丽1,2，申国伟1,2，赵文波1,2，周雪梅1,2. 一种基于GAN的异构信息网络表示学习方法[J]. 计算机与现代化, 2020, 0(05): 89-.
[3]	李彦广. 网络攻防仿真系统终端子系统的设计与实现[J]. 计算机与现代化, 2014, 0(3): 169-172,185.
[4]	汪北阳. 蜜罐技术在防御DDoS中的应用[J]. 计算机与现代化, 2010, 1(4): 0-72.