基于单点多步博弈的网络防御策略选取方法

Network Defense Strategy Selection Method Based on Single-Point Multi-Step Game

当前复杂环境下网络安全问题频发,而现有攻防博弈网络防御模型未考虑网络攻击单点多步的特性,无法有效进行网络防御。针对网络攻防实际需求,通过模拟攻防环境和过程,提出一种基于单点多步网络攻防博弈模型的防御策略选取方法。建立单点多步攻防博弈模型,将全局博弈缩小为漏洞上的局部博弈以适应各种防御体系的攻防分析,采用漏洞评分系统量化攻防博弈效用降低评估主观性,基于攻击图理论构建漏洞连通图和漏洞邻接矩阵模型,并以其为工具对攻防决策攻击图进行分析,在此基础上设计最优防御策略选取方法,结合典型攻防场景验证其可行性。实验结果表明,该方法采取的单点博弈混合策略纳什均衡具有概率独立性,适用于大规模网络攻防博弈分析。

Network security problems occur frequently in the current complex environment,but the existing network defense model based on attack-defense game does not consider the single-point and multi-step characteristics of network attacks,so it can not effectively carry out network defense.According to the actual needs of network attack and defense,this paper proposes a defense strategy selection method based on Single-Point Multi-Step Network Attack-Defense Game(SMNADG)model by simulating the attack-defense environment and process.A single-point multi-step attack-defense game model is established,which reduces the global game to the local game on vulnerability to adapt to a variety of defense systems attack-defense game analysis.The vulnerability scoring system is used to quantify the effectiveness of attack-defense game,and reduce the evaluation subjectivity.Based on attack graph theory,the vulnerability connectivity graph and vulnerability adjacency matrix model are constructed to analyze attack-defense decision-making attack graph.On this basis,the optimal defense strategy selection method is designed,and verified by typical attack-defense scenarios.Experimental results show that the mixed strategy Nash equilibrium of single-point game adopted by the proposed method has probability independence,which is suitable for large-scale network attack-defense game analysis.