Computer Science ›› 2018, Vol. 45 ›› Issue (6): 117-123.doi: 10.11896/j.issn.1002-137X.2018.06.020

• Information Security • Previous Articles     Next Articles

Optimal Defense Strategy Selection Method Based on Network Attack-Defense Game Model

LIU Jing-wei1,2, LIU Jing-ju1, LU Yu-liang1, YANG Bin1, ZHU Kai-long1   

  1. College of Electromagnetic Countermeasure,National University of Defense Technology,Hefei 230037,China1;
    Troops 31007,Beijing 100039,China2
  • Received:2017-04-14 Online:2018-06-15 Published:2018-07-24

Abstract: In order to reduce the loss of security risk and make the optimal network defense decision under the limited resources,the optimal defense strategy selection method based on attack-defense game model was proposed.First,network attack-defense game model was established and the existence of equilibrium model of the mixed strategy Nash was proved.Then,the network attack-defense strategy selection algorithm based on the model was given,including the attack-defense strategy searching algorithm based on network attack-defense strategy graph,the calculation method of utility function under varied attack-defense strategies based on the common vulnerability scoring system and the method for solving mixed strategy Nash equilibrium.Finally,the validity of the model was analyzed and verified in a typical attack-defense experiment.The experimental results show that the model can effectively generate the optimal defense strategy.

Key words: Attack-defense game, Game theory, Network security, Optimal strategy

CLC Number: 

  • TP393
[1]HAMILTON S N,MILLER W L,OTT A,et al.The Role of Game Theory in Information Warfare[C]//14th Information Surlivability Workshop(ISW-2001/2002).Vancouver,Canada,2002:46-56.
[2]WU Y,FENG G,WANG N,et al.Game of information security investment:Impact of attack types and network vulnerability[J].Expert Systems with Applications,2015,42(15/16):6132-6146.
[3]ROY S,ELLIS C,SHIVA S,et al.A Survey of Game Theory as Applied to Network Security[C]//Hawaii International Confe-rence on System Sciences.IEEE,2010:1-10.
[4]KUHN H W,MORGENSTERN O,RUBINSTEIN A.Theory of Games and Economic Behavior (60th AnniversaryCommemo-rative Edition)[M]//Theory of Games and Economic Behavior.Princeton:Princeton University Press,1944:2-14.
[5]LYE K W,WING J M.Game strategies in network security[J].International Journal of Information Security,2005,4(1):71-86.
[6]MEDIA.Game Theory for Network Security[J].Game Theory Applications in Network Design,2013,15(1):472-486.
[7]XI R R,YUN X C,ZHANG Y Z,et al.An Improved Quantitative Evaluation Method for Network Security [J].Chinese Journal of Computer,2015,38(4):749-758.(in Chinese)
席荣荣,云晓春,张永铮,等.一种改进的网络安全态势量化评估方法[J].计算机学报,2015,38(4):749-758.
[8]GAO N,GAO L,HE Y Y,et al.Dynamic security risk assessment model based on Bayesian attack graph[J].Journal of Sichuan University(Engineering Science Edition),2016,48(1):111-118.(in Chinese)
高妮,高岭,贺毅岳,等.基于贝叶斯攻击图的动态安全风险评估模型[J].四川大学学报(工程科学版),2016,48(1):111-118.
[9]JIANG W,FANG B X,TIAN Z H,et al.Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model [J].Chinese Journal of Computer,2009,32(4):817-827.(in Chinese)
姜伟,方滨兴,田志宏,等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,2009,32(4):817-827.
[10]JIANG W,TIAN Z H,ZHANG H L,et al.A Stochastic Game Theoretic Approach to Attack Prediction and Optimal Active Defense Strategy Decision[C]//IEEE International Conference on Networking,Sensing and Control.IEEE,2008:648-653.
[11]LIN W Q,WANG H,LIU J H,et al.Research on Active Defense Technology in Network Security Based on Non-Cooperative Dynamic Game Theory [J].Journal of Computer Research and Development,2011,48(2):306-316.(in Chinese)
林旺群,王慧,刘家红,等.基于非合作动态博弈的网络安全主动防御技术研究[J].计算机研究与发展,2011,48(2):306-316.
[12]LIU G,ZHANG H,LI Q M.Network security optimal attack and defense decision-making method based on game model [J].Journal of Nanjing University of Science and Technology,2014,38(1):12-21.(in Chinese)
刘刚,张宏,李千目.基于博弈模型的网络安全最优攻防决策方法[J].南京理工大学学报(自然科学版),2014,38(1):12-21.
[13]FIRST.Common Vulnerability Scoring System[EB/OL].[2017-01-28].https://www.first.org/CVSS.
[14]CHENG P,WANG L,JAJODIA S,et al.Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics[C]//IEEE Symposium on Reliable Distributed Systems.IEEE Computer Society,2012:31-40.
[15]NASH J F.Equilibrium points in n-person games[J].Proceedings of the National Academy of Sciences of the United States of America,1950,36(1):48-49.
[16]FUDENBERG D,TIROLE J.Game Theory[J].Mit Press Books,2009,1(7):29-30.
[17]NASH J.Non-Cooperative Games[J].Annals of Mathematics,1951,54(2):286-295.
[18]CHATTERJEE B.An optimization formulation to compute Nash equilibrium in finite games[C]//International Conference on Methods and MODELS in Computer Science.IEEE,2009:1-5.
[19]黄象鼎,曾钟钢,马亚南.非线性数值分析的理论与方法[M].武汉:武汉大学出版社,2004.
[1] LIU Jie-ling, LING Xiao-bo, ZHANG Lei, WANG Bo, WANG Zhi-liang, LI Zi-mu, ZHANG Hui, YANG Jia-hai, WU Cheng-nan. Network Security Risk Assessment Framework Based on Tactical Correlation [J]. Computer Science, 2022, 49(9): 306-311.
[2] JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei. Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game [J]. Computer Science, 2022, 49(9): 333-339.
[3] ZHAO Dong-mei, WU Ya-xing, ZHANG Hong-bin. Network Security Situation Prediction Based on IPSO-BiLSTM [J]. Computer Science, 2022, 49(7): 357-362.
[4] DENG Kai, YANG Pin, LI Yi-zhou, YANG Xing, ZENG Fan-rui, ZHANG Zhen-yu. Fast and Transmissible Domain Knowledge Graph Construction Method [J]. Computer Science, 2022, 49(6A): 100-108.
[5] DU Hong-yi, YANG Hua, LIU Yan-hong, YANG Hong-peng. Nonlinear Dynamics Information Dissemination Model Based on Network Media [J]. Computer Science, 2022, 49(6A): 280-284.
[6] LYU Peng-peng, WANG Shao-ying, ZHOU Wen-fang, LIAN Yang-yang, GAO Li-fang. Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network [J]. Computer Science, 2022, 49(6A): 588-593.
[7] FANG Tao, YANG Yang, CHEN Jia-xin. Optimization of Offloading Decisions in D2D-assisted MEC Networks [J]. Computer Science, 2022, 49(6A): 601-605.
[8] XU Hao, CAO Gui-jun, YAN Lu, LI Ke, WANG Zhen-hong. Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container [J]. Computer Science, 2022, 49(6): 39-43.
[9] ZHANG Shi-peng, LI Yong-zhong. Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions [J]. Computer Science, 2021, 48(9): 345-351.
[10] CHEN Hai-biao, HUANG Sheng-yong, CAI Jie-rui. Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid [J]. Computer Science, 2021, 48(6A): 491-497.
[11] WANG Jin-heng, SHAN Zhi-long, TAN Han-song, WANG Yu-lin. Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network [J]. Computer Science, 2021, 48(6): 338-342.
[12] ZHANG Kai, LIU Jing-ju. Attack Path Analysis Method Based on Absorbing Markov Chain [J]. Computer Science, 2021, 48(5): 294-300.
[13] LIU Quan-ming, LI Yin-nan, GUO Ting, LI Yan-wei. Intrusion Detection Method Based on Borderline-SMOTE and Double Attention [J]. Computer Science, 2021, 48(3): 327-332.
[14] WANG Yu-chen, QI Wen-hui, XU Li-zhen. Security Cooperation of UAV Swarm Based on Blockchain [J]. Computer Science, 2021, 48(11A): 528-532.
[15] MA Lin, WANG Yun-xiao, ZHAO Li-na, HAN Xing-wang, NI Jin-chao, ZHANG Jie. Network Intrusion Detection System Based on Multi-model Ensemble [J]. Computer Science, 2021, 48(11A): 592-596.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!