Automatic intrusion response decision making method based on Q-learning

A decision-making method and automatic technology, applied in the field of information security, can solve problems such as inaccurate intrusion detection, poor real-time performance, and large resource consumption, and achieve the effect of improving accuracy and real-time performance

Inactive Publication Date: 2018-11-13
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the deficiencies in the prior art, the present invention provides a Q-learning-based automatic intrusion response decision-making method, adopts a revenue-based mapping method, introduces Q-learning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic intrusion response decision making method based on Q-learning
  • Automatic intrusion response decision making method based on Q-learning
  • Automatic intrusion response decision making method based on Q-learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions. The technical term involved in the embodiment is as follows:

[0028] Due to the complexity of the network, the existing automatic response decision-making is mostly accurate, and the real-time performance has not achieved good results. Q-learning is a typical model-free reinforcement learning algorithm, through repeated "execution, accumulation, learning, decision-making" The process of continuously accumulating experience and optimizing decision-making results is widely used in the field of adaptive decision-making. In view of this, an embodiment of the present invention provides a Q-learning-based automatic intrusion response decision-making method, see figure 1 shown, including the following steps:

[0029] Step 1...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of information security, and particularly relates to an automatic intrusion response decision making method based on Q-learning. The method comprises the following steps: scanning system vulnerability, constructing an attack graph, and establishing a network state layer, an attack pattern matching layer and a response measure layer according to the attack graph; establishing a mapping relationship among the network state layer, the attack pattern matching layer and the response measure layer; receiving an intrusion alarm from a network defense device, and mapping the intrusion alarm to a corresponding network state; selecting a defense action according to the mapping relationship, and notifying the system of the result; performing online learning by using the execution result of the defense action, and updating the mapping relationship between the attack pattern matching layer and the response measure layer; and returning to the step of mapping the intrusion alarm to the corresponding network state, and performing automatic response decision marking and online learning, until a defender terminates the defense. By adoption of the automatic intrusion response decision making method based on Q-learning provided by the invention, evaluation of multiple response purposes of the strategy can be achieved, the demand of multiple response purposes can be met, the instantaneity and accuracy of the intrusion detection are improved, the network resource consumption is reduced, and the overall performance of the system is improved.

Description

technical field [0001] The invention belongs to the technical field of information security, in particular to a Q-learning-based automatic intrusion response decision-making method. Background technique [0002] With the continuous strengthening of social informatization, network attacks are becoming more and more frequent, causing huge losses to defenders. Network security issues are getting more and more attention, and intrusion detection and response technology has become one of the research hotspots. Compared with intrusion detection technology which has been widely used and achieved good results, although intrusion response is not a new technology, its development is lagging behind. The purpose of detection is to respond, and detection can only discover attacks, and only correct response can effectively protect the security of the system. In recent years, attacks have become more and more automated and complex. Manual responses can no longer meet the security requirem...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N99/00
CPCH04L63/1408
Inventor 杨峻楠张红旗张传富刘艺胡浩常德显黄睿
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap