摘要
根据网络攻防的工作量不对称、信息不对称和后果不对称,运用博弈理论与信息安全经济学,构建了蜜罐和入侵检测系统的信息安全技术组合模型。通过比较两种情况下公司和黑客博弈的纳什均衡混合策略,以及不同技术配置下人工调查概率的大小,探讨了入侵检测系统的检测概率和蜜罐个数对最优配置策略的影响,提出了配置两种技术时的预算范围,从而给出蜜罐和入侵检测系统技术组合的最优配置。最后,通过实例进一步验证了相关结论。
Focusing on workload asymmetry,information asymmetry,and consequences asymmetry between attackers and defenders,the model of information security technology combination of honeypot and intrusion detection systems(IDS)is constructed by using the game theory and economics of information security.The Nash equilibrium mixed strategies of the firm and hackers in two cases,and the manual investigation probabilities at different technical deployments are compared.The influence of the detection probability of the IDS and the number of honeypots on the optimal configuration strategy is discussed.Then,the range of configuration budget when deploying two technologies is proposed.Thus the optimal configuration strategy of the combination of honeypot and IDS is made.Finally,the relative conclusion is illustrated further by an example.
作者
赵柳榕
梅姝娥
仲伟俊
ZHAO Liurong;MEI Shue;ZHONG Weijun(School of Economics and Management, Nanjing Technology University, N anjing 211816, China;School of Economics and Management, Southeast University, Nanjing 211189, China)
出处
《系统管理学报》
CSSCI
CSCD
北大核心
2018年第3期512-519,共8页
Journal of Systems & Management
基金
国家社会科学基金资助项目(15BTQ052)
江苏省社会科学基金资助项目(17GLD008)
江苏省高校哲学社会科学基金资助项目(2016SJB630031)
江苏省博士后基金资助项目(1701080C)
中国博士后基金资助项目(2018M630544)
关键词
蜜罐
入侵检测系统
博弈论
信息安全经济学
honeypot
intrusion detection systems(IDS)
game theory
information security economics
