基于时机博弈的网络安全防御决策方法

doi:10.19678/j.issn.1000-3428.0063866

摘要/Abstract

摘要： 现有的网络防御决策模型大多基于攻防行为进行建模分析，忽视了攻防时机对网络安全产生的影响，且对网络攻防时机的选取大多依赖经验和主观判断，导致网络安全管理者在进行防御决策时难以提供可信的理论支撑。然而网络攻防的时机因素对网络防御决策的意义重大，在面对外部攻击时能否进行实时决策，决定了网络在攻防对抗中能否掌握主动，以最小的代价将攻击危害降到最低。针对网络安全中的时机策略选取问题，提出一种网络安全防御决策方法，基于SIR传染病模型并加以改进，构造描述网络安全状态的微分方程，实现对系统安全状态的实时度量。借鉴FlipIt博弈方法构建攻防时机博弈模型，提出攻防收益量化与计算方法，通过求解不同攻防周期策略下的纳什均衡，获得最优防御时间策略。实验结果表明，当攻击策略一定时，使用该方法动态选择最优防御策略的平均收益为0.26，相比固定周期的防御方法，平均防御收益提高了23.81%。

关键词: 网络安全, 网络攻防, 传染病模型, 时机博弈, 最优防御策略

Abstract: Currently major network assessment models focus on the intensity of attack and defense, often ignoring the impact of timing on network security.While selecting attack and defense timing, mostly relying on subjective experience and judgement, network managers lack quantitative analysis and credible theoretical support on making defense decisions.A key factor in network defense is timing decision against various attacks to seize the initiative with lower cost and damage, which is significant in protecting network resource.To effectively solve the problem of time strategy selection in network security, this study proposes a network security defense decision-making method, an improved Susceptible-Infectious-Removed (SIR) epidemic model that is used to characterize differential equations of network real-time security states.We present a method to quantify and calculate utilities of attack and defense with a FlipIt game method.An optimal defense time strategy is proposed via calculating the Nash equilibrium under different periodic strategies of attack and defense.The experimental results show that, when the attack strategy is constant, the dynamic optimal defense strategy in this study is 0.26.Compared with periodic defense strategy, the average utility is improved by 23.81%.

Key words: network security, network attack and defense, epidemic model, time game, optimal defense strategy

中图分类号:

TP309

孙鹏宇, 张恒巍, 谭晶磊, 李晨蔚, 马军强, 王晋东. 基于时机博弈的网络安全防御决策方法[J]. 计算机工程, 2022, 48(11): 145-151.

SUN Pengyu, ZHANG Hengwei, TAN Jinglei, LI Chenwei, MA Junqiang, WANG Jindong. Network Security Defense Decision Method Based on Time Game[J]. Computer Engineering, 2022, 48(11): 145-151.

http://www.ecice06.com/CN/Y2022/V48/I11/145

图/表 10

20230211175858

20230211175901

20230211175905

20230211175908

20230211175912

20230211175915

20230211175918

20230211175922

20230211175925

20230211175929

参考文献

[1] WU Z N, TIAN L Q, WANG Y, et al.Network security defense decision-making method based on stochastic game and deep reinforcement learning[J].Security and Communication Networks, 2021, 23(7):1-13.
[2] 方滨兴.定义网络空间安全[J].网络与信息安全学报, 2018, 4(1):1-5. FANG B X.Define cyberspace security[J].Chinese Journal of Network and Information Security, 2018, 4(1):1-5.(in Chinese)
[3] 胡瑞钦, 谭晶磊, 彭心荷, 等.面向SDN数据层的双虚假IP地址动态跳变技术[J].信息网络安全, 2022, 22(2):76-85. HU R Q, TAN J L, PENG X H, et al.Dynamic hopping technology of double virtual IP address for SDN data layer[J].Netinfo Security, 2022, 22(2):76-85.(in Chinese)
[4] 习近平.在网络安全和信息化工作座谈会上的讲话[M].北京:人民出版社, 2016. XI J P.Speech at the symposium on network security and informatization[M].Beijing:People's Publishing House, 2016.(in Chinese)
[5] LI X T.Decision making of optimal investment in information security for complementary enterprises based on game theory[J].Technology Analysis & Strategic Management, 2021, 33(7):755-769.
[6] ETESAMI S R, BAŞAR T.Dynamic games in cyber-physical security:an overview[J].Dynamic Games and Applications, 2019, 9(4):884-913.
[7] LIU X H, ZHANG H W, ZHANG Y C, et al.Optimal network defense strategy selection method based on evolutionary network game[J].Security and Communication Networks, 2020, 38(7):1-11.
[8] CHEN X Y, LIU X T, ZHANG L, et al.Optimal defense strategy selection for spear-phishing attack based on a multistage signaling game[J].IEEE Access, 2019, 7:19907-19921.
[9] LIU X H, ZHANG H W, ZHANG Y C, et al.Active defense strategy selection method based on two-way signaling game[J].Security and Communication Networks, 2019, 41(2):1-14.
[10] AYDEGER A, MANSHAEI M H, RAHMAN M A, et al.Strategic defense against stealthy link flooding attacks:a signaling game approach[J].IEEE Transactions on Network Science and Engineering, 2021, 8(1):751-764.
[11] XU X T, WANG G C, HU J T, et al.Study on stochastic differential game model in network attack and defense[J].Security and Communication Networks, 2020, 34(5):1-15.
[12] 孙岩, 姬伟峰, 翁江, 等.基于微分博弈的移动目标防御最优策略[J].计算机研究与发展, 2021, 58(8):1789-1800. SUN Y, JI W F, WENG J, et al.Optimal strategy of moving target defense based on differential game[J].Journal of Computer Research and Development, 2021, 58(8):1789-1800.(in Chinese)
[13] 杨峻楠, 张红旗, 张传富.基于随机博弈与改进WoLF-PHC的网络防御决策方法[J].计算机研究与发展, 2019, 56(5):942-954. YANG J N, ZHANG H Q, ZHANG C F.Network defense decision-making method based on stochastic game and improved WoLF-PHC[J].Journal of Computer Research and Development, 2019, 56(5):942-954.(in Chinese)
[14] SAMIR M, AZAB M, SAMIR E.SD-CPC:SDN controller placement camouflage based on stochastic game for moving-target defense[J].Computer Communications, 2021, 168:75-92.
[15] 金志刚, 王新建, 李根, 等.融合攻击图和博弈模型的网络防御策略生成方法[J].信息网络安全, 2021, 21(1):1-9. JIN Z G, WANG X J, LI G, et al.The generation method of network defense strategy combining with attack graph and game model[J].Netinfo Security, 2021, 21(1):1-9.(in Chinese)
[16] 张恒巍, 黄健明.基于Markov演化博弈的网络防御策略选取方法[J].电子学报, 2018, 46(6):1503-1509. ZHANG H W, HUANG J M.Network defense strategy selection method based on Markov evolutionary game[J].Acta Electronica Sinica, 2018, 46(6):1503-1509.(in Chinese)
[17] LIU Y H, CHEN H, ZHANG H, et al.Defense strategy selection model based on multistage evolutionary game theory[J].Security and Communication Networks, 2021, 49(4):1-15.
[18] DIJK M, JUELS A, OPREA A, et al.FlipIt:the game of "stealthy takeover"[J].Journal of Cryptology, 2013, 26(4):655-713.
[19] 谭晶磊, 张恒巍, 张红旗, 等.基于Markov时间博弈的移动目标防御最优策略选取方法[J].通信学报, 2020, 41(1):42-52. TAN J L, ZHANG H W, ZHANG H Q, et al.Optimal strategy selection approach of moving target defense based on Markov time game[J].Journal on Communications, 2020, 41(1):42-52.(in Chinese)
[20] NOCHENSON A, GROSSKLAGS J.A behavioral investigation of the FlipIt game[EB/OL].[2021-12-05].https://www.researchgate.net/publication/263606042_A_Behavioral_Investigation_of_the_FlipIt_Game.
[21] LASZKA A, HORVATH G, FELEGYHAZI M, et al.Modeling targeted attacks with for multiple resources[C]//Proccedings of International Conference on Decision and Game Theory for Security.Berlin, Germany:Springer, 2014:175-194.
[22] JONES S, OUTKIN A, GEARHART J, et al.Evaluating moving target defense with PLADD[EB/OL].[2021-12-05].https://www.osti.gov/servlets/purl/1222986/.
[23] 丁绍虎, 齐宁, 郭义伟.基于M-FlipIt博弈模型的拟态防御策略评估[J].通信学报, 2020, 41(7):186-194. DING S H, QI N, GUO Y W.Evaluation of mimic defense strategy based on M-FlipIt game model[J].Journal on Communications, 2020, 41(7):186-194.(in Chinese)
[24] KERMACK W O, MCKENDRICK À.A contribution to the mathematical theory of epidemics[EB/OL].[2021-12-05].https://www.researchgate.net/publication/237076919_A_Contribution_to_the_Mathematical_Theory_of_Epidemics.
[25] MYERSON R B.Game theory:analysis of conflict[EB/OL].[2021-12-05].https://www.researchgate.net/publication/220689692_Game_Theory_Analysis_of_Conflict.
[26] 谢识予.经济博弈论(第4版)[M].上海:复旦大学出版社, 2017. XIE S Y.Economic game theory(the 4th Edition)[M].Shanghai:Fudan University Press, 2017.(in Chinese)
[27] GORDON L, LOEB M, LUCYSHYN W, et al.CSI/FBI computer crime and security survey[EB/OL].[2021-12-05].https://www.researchgate.net/publication/243784811_CSIFBI_Computer_Crime_and_Security_Survey.

选择文件类型/文献管理软件名称

选择包含的内容