摘要
如何基于网络外在威胁实施防御决策是构建网络信息防御体系的核心问题,针对实时攻击带来的动态威胁进行科学有效的防御决策是构建网络动态应急防御体系的关键。针对动态防御决策问题,首先基于属性攻击图理论设计了一种网络生存性博弈模型,利用攻防矩阵表示攻防策略和路径,并给出了攻防强度和网络生存性量化方法;其次提出了单步与多步的攻、防策略支出计算方法,并基于攻防策略支出给出防御决策;最后通过实验进行防御决策技术的有效性验证。
How to implement defense decision based on network external threat is the core problem of building network information defense system. Especially for the dynamic threat brought by real-time attack, scientific and effective defense decision is the key to construct network dynamic emergency defense system. Aiming at the problem of dynamic defense decision-making, firstly a network survivability game model based on attribute attack graph theory is designed. The attack and defense matrix is used to represent the attack and defense strategy and path, and the attack and defense strength and network survivability quantification method are given. Secondly, the single step and the multi-step attack and defense strategy payoff calculation method is proposed, and the defense decision is based on the attack and defensive strategy payoff. Finally, the effectiveness of the defense decision technology is verified through experiments.
作者
冷强
杨英杰
常德显
潘瑞萱
蔡英
胡浩
LENG Qiang;YANG Yingjie;CHANG Dexian;PAN Ruixuan;CAI Ying;HU Hao(Information Engineering University,Zhengzhou 450001,China;Henan Polytechnic University,Zhengzhou 450001,China)
出处
《网络与信息安全学报》
2019年第6期58-66,共9页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.61902427)
国家高技术研究发展计划(“863”计划)基金资助项目(No.2015AA016006)
国家重点研发计划基金资助项目(No.2016YFF0204003)
“十三五”装备预研领域基金资助项目(No.61400020201)
关键词
属性攻击图
网络生存性
网络攻防对抗
攻防强度
attribute attack graph
network survivability
network attack-defense confrontation
attack-defense strength
