基于随机博弈的医疗系统入侵检测优化配置

Optimal Configuration of IDS in Healthcare System Based on Stochastic Game

目的针对医疗网络运行特点与可能经受的网络攻击威胁,提出一种基于入侵检测的主动防御方法。方法依据医疗网络系统结构,结合医疗系统网络安全风险状态和网络攻击的方式,模拟入侵检测系统(Intrusion Detection System,IDS)和攻击者的博弈过程,结合Nash-Q Learning算法,提出了一套医疗网络主动防御系统的设计方法与实现算法,并通过仿真实验验证算法的可行性。结果仿真验证结果表明,与随机选择的入侵检测策略相比,本文提出的算法在多种决策学习率下得到的入侵检测累计收益提高了30%~40%,且可根据当前网络资源可用程度与所面临网络安全威胁级别,动态适配安全防御配置参数,在保障网络整体运行效能前提下,实现网络安全防御的最大化。结论基于IDS的主动防御方法,可以根据网络风险预测,有效提升医疗系统的整体安全性。

Objective Aiming at the characteristics of medical network operation and the possible threat of network attack,to propose an active defense method based on intrusion detection.Methods According to the structure of medical network system,combined with the network security risk state of medical system and the way of network attack,the game process between intrusion detection system(IDS)and attackers was simulated.Combined with Nash-Q Learning algorithm,a design method and implementation algorithm of active defense system for medical network were proposed,and the feasibility of the algorithm was verified by simulation experiments.Results The simulation validation results indicated that the algorithm proposed in this study exhibited a significant enhancement,ranging from 30%to 40%,in the cumulative intrusion detection gains compared to randomly selected intrusion detection strategies.Moreover,the algorithm demonstrated the ability to dynamically adapt security defence configuration parameters based on the current availability of network resources and the level of network security threats.This adaptive approach ensured the maximization of network security defence while concurrently preserving the overall operational efficiency of the network.Conclusion The proactive defence method based on IDS can effectively enhance healthcare systems’overall security by leveraging network risk prediction.