期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于博弈模型的网络安全最优攻防决策方法 被引量:36

Network security optimal attack and defense decision-making method based on game model
下载PDF
导出
摘要 为了有效地实施网络安全风险管理,降低安全风险损失,该文基于博弈理论,通过分析攻击者和防御者的攻防交互,设计了一种网络安全最优攻防决策方法。该方法首先根据网络的拓扑信息、节点的可达关系和脆弱性信息,生成网络的状态攻防图,计算攻防图中各原子攻击成功的概率和危害指数,从而得出所有可能攻击路径的成功概率和危害指数,进一步计算不同网络安全状态下攻防双方采取不同攻防策略的效用矩阵。根据状态攻防图,基于非合作非零和博弈模型,提出了一种最优攻防决策算法,结合脆弱点的防控措施,生成了最优攻防策略。通过一个典型的网络实例分析了该方法在网络安全风险管理中的应用。实验结果表明:该方法能够有效地生成最优的攻防决策方案。 To effectively implement the network security risk management and reduce the security risk loss,based on the game theory,this paper designs a network security optimal attack and defense decision-making method through the analysis of interactions between the attacker and the defender. According to the network's topology information,reachable relationship of nodes and vulnerability in-formation,the proposed method generates the network state attack-defense graph( SADG) ,calculates the successful probability and hazard index of each atomic attack in the SADG and gets the successful probability and hazard index of all possible attack paths. The method calculates the utility matrix of different strategies taken by the attacker and the defender at the different network security states. According to the SADG and based on the non-cooperative non-zero-sum game model, this paper proposes an optimal attack and defense decision-making algorithm, and generates optimal attack and defense strategies with the prevention and control measures of vulnerability. This paper analyzes the application of the proposed method in the network security risk management through a typical network example. The experimental results show that this method can effectively generate the optimal offensive and defensive decision.
作者 刘刚 张宏 李千目
机构地区 南京理工大学计算机科学与工程学院
出处 《南京理工大学学报》 EI CAS CSCD 北大核心 2014年第1期12-21,共10页 Journal of Nanjing University of Science and Technology
基金 国家自然科学基金(60903027) 江苏省自然科学重大研究项目(BK2011023) 江苏省自然科学基金(BK2011370) 航天创新基金(CALT201102) 连云港工业攻关科技项目(CG1124) 中国博士后基金(2012M521089)
关键词 网络安全 风险管理 状态攻防图 博弈理论 最优决策 network security risk management state attack-defense graph game theory optimal decision-making
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1吴迪,连一峰,陈恺,刘玉岭.一种基于攻击图的安全威胁识别和分析方法[J].计算机学报,2012,35(9):1938-1950. 被引量:33
  • 2Poolsappasit N , Dewri R, Ray I. Dynamic security risk management using Bayesian attack graphs[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(1) :61-74.
  • 3Noel S,Jajodia S, Wang Lingyu, et al. Measuring security risk of networks using attack graphs[J] . InternationalJournal of Next-Generation Computing, 20IO,1 (1) :135-147.
  • 4Sommestad T, Ekstedt M,Johnson P. Cyber security risks assessment with Bayesian defense graphs and ar?chitectural models[A]. Proceedings of the 42nd Hawaii International Conference on System Sciences[C] . Washington DC, USA: IEEE ,2009: 1- IO.
  • 5Roy S, Ellis C, Shiva S, et al. A survey of game theory as applied to network security[A] . Proceedings of the 43rd Hawaii International Conference on System Sciences[C] . Washington DC, USA: IEEE, 20 IO: 1 -IO.
  • 6Zhang Boyun, Chen Zhigang, Tang Wensheng, et al. Network security situation assessment based on stochastic game model[A] . ICIC' 11 Proceedings of the 7th International Conference on Advanced Intelligent Computing[C]. Berlin, Germany: Springer Berlin Heidelberg,2011 :517-525.
  • 7Wang Yuanzhuo, Yu Min, LiJingyuan, et al. Stochastic game net and applications in security analysis for enterprise network[J]. InternationalJournal of Information Security ,2012,11 (1) :41-52.
  • 8Yan Guanhua, Lee Ritchie, Kent Alex, et al. Towards a Bayesian network game framework for evaluating DDoS attacks and defense[A] . CCS' 12 Proceedings of the 2012 ACM Conference on Computer and Communications Security[C]. USA:ACM,2012:553-566.
  • 9Ou Xinming, Boyer W F, McQueen M A. A Scalable approach to attack graph generation[A]. Proceedings of the 13th ACM Conference on Computer and Commu?nications Security[C]. New York: ACM, 2006: 336 -345.
  • 10Ingols K, Lippmann R, Piwowarski K. Practical attack graph generation for network defense[A]. ACSAC06[C]. NJ, USA:IEEE,2006: 121-130.

二级参考文献34

  • 1陆余良,夏阳.主机安全量化融合模型研究[J].计算机学报,2005,28(5):914-920. 被引量:28
  • 2陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:342
  • 3王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究[J].通信学报,2007,28(3):29-34. 被引量:56
  • 4Swiler L R Phillips C. A Graph-based System for Network Vulnerability Analysis Repor[C]//Proc. of ACM Workshop on New Security Paradigms. [S.l],: ACM Press, 1998.
  • 5Ammann P, Wijesekera D, Kaushik S. Scalable Graph-based Network Vulnerability Analysis[C]//Proc. of ACM Conference on Computer and Communications Security. [S.l.]: ACM Press, 2002:217-224.
  • 6Kyle I, Richard L, Keith R Practical Attack Graph Generation for Network Defense[C]//Proc. of Annual Computer Security Applications Conference. Miami Beach, USA:[s. n.], 2006:121 - 130.
  • 7Ritchey R, Ammann P. Using model checking to analyze network vulnerabilities//Proceedings of the 2000 IEEE Symposium on Research on Security and Privacy. Oakland, California, USA, 2000:156 -165.
  • 8Ammann P, Wijesekera D, Kaushik S. Scalable, graph- based network vulnerability analysis//Proceedings of the 9th ACM Conference on Computer and Communications Security. Washington, DC, USA, 2002: 217-224.
  • 9Cheung S, Lindqvist U, Fong M W. Modeling multi-step cy her attacks for scenario recognition//Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III). Washington, DC, USA, 2003: 284-292.
  • 10Mehta V, Bartzis (2, Zhu H F. Ranking attack graphs// Zamboni D, Kruegel C eds. RAID 2006. Lecture Notes in Computer Science 4219. Berlin Heidelberg: Sprlnger-Verlag, 2006, 127-144.

共引文献56

同被引文献177

引证文献36

二级引证文献146

南京理工大学学报
2014年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部