|Table of Contents|

Network security optimal attack and defense decision-making method based on game model


Research Field:
Publishing date:


Network security optimal attack and defense decision-making method based on game model
Liu GangZhang HongLi Qianmu
School of Computer Science and Engineering,NUST,Nanjing 210094,China
network security risk management state attack-defense graph game theory optimal decision-making
To effectively implement the network security risk management and reduce the security risk loss,based on the game theory,this paper designs a network security optimal attack and defense decision-making method through the analysis of interactions between the attacker and the defender.According to the network's topology information,reachable relationship of nodes and vulnerability information,the proposed method generates the network state attack-defense graph(SADG),calculates the successful probability and hazard index of each atomic attack in the SADG and gets the successful probability and hazard index of all possible attack paths.The method calculates the utility matrix of different strategies taken by the attacker and the defender at the different network security states.According to the SADG and based on the non-cooperative non-zero-sum game model,this paper proposes an optimal attack and defense decision-making algorithm,and generates optimal attack and defense strategies with the prevention and control measures of vulnerability.This paper analyzes the application of the proposed method in the network security risk management through a typical network example.The experimental results show that this method can effectively generate the optimal offensive and defensive decision.


[1] 吴迪,连一峰,陈恺,等.一种基于攻击图的安全威胁识别和分析方法[J].计算机学报,2012,35(9):1938-1950.
Wu Di,Lian Yifeng,Chen Kai,et al.A security threats identification and analysis method based on attack graph[J].Chinese Journal of Computers,2012,35(9):1938-1950.
[2]Poolsappasit N,Dewri R,Ray I.Dynamic security risk management using Bayesian attack graphs[J].IEEE Transactions on Dependable and Secure Computing,2012,9(1):61-74.
[3]Noel S,Jajodia S,Wang Lingyu,et al.Measuring security risk of networks using attack graphs[J].International Journal of Next-Generation Computing,2010,1(1):135-147.
[4]Sommestad T,Ekstedt M,Johnson P.Cyber security risks assessment with Bayesian defense graphs and architectural models[A].Proceedings of the 42nd Hawaii International Conference on System Sciences[C].Washington D C,USA:IEEE,2009:1-10.
[5]Roy S,Ellis C,Shiva S,et al.A survey of game theory as applied to network security[A].Proceedings of the 43rd Hawaii International Conference on System Sciences[C].Washington D C,USA:IEEE,2010:1-10.
[6]Zhang Boyun,Chen Zhigang,Tang Wensheng,et al.Network security situation assessment based on stochastic game model[A].ICIC'11 Proceedings of the 7th International Conference on Advanced Intelligent Computing[C].Berlin,Germany:Springer Berlin Heidelberg,2011:517-525.
[7]Wang Yuanzhuo,Yu Min,Li Jingyuan,et al.Stochastic game net and applications in security analysis for enterprise network[J].International Journal of Information Security,2012,11(1):41-52.
[8]Yan Guanhua,Lee Ritchie,Kent Alex,et al.Towards a Bayesian network game framework for evaluating DDoS attacks and defense[A].CCS'12 Proceedings of the 2012 ACM Conference on Computer and Communications Security[C].USA:ACM,2012:553-566.
[9]Ou Xinming,Boyer W F,McQueen M A.A Scalable approach to attack graph generation[A].Proceedings of the 13th ACM Conference on Computer and Communications Security[C].New York:ACM,2006:336-345.
[10]Ingols K,Lippmann R,Piwowarski K.Practical attack graph generation for network defense[A].ACSAC06[C].NJ,USA:IEEE,2006:121-130.
Song Shunhong,Lu Yuliang,Xia Yang,et al.Method of network attack graph generation based on greedy policy[J].Computer Engineering.2011,37(2):126-128.
[12]Dempster A P.Upper and lower probabilities induced by a multivalued mapping[J].The Annals of Mathematical Statistics,1967,38(2):325-339.
[13]Shafer G A.Mathematical theory of evidence[M].Princeton:Princeton University Press,1976:25-38.
[14]Mell P,Scarfone K,Romanosky S.A complete guide to the common vulnerability scoring system(CVSS)version 2.0[EB/OL].http://www.first.org/cvss/cvss-guide,2007-06.
Liu Gang,Li Qianmu,Zhang Hong.Reliability vector orthogonal projection decomposition method of network security risk assessment[J].Journal of Electronics and Information Technology,2012,34(8):1934-1938.
[16]Northcutt S,Novak J,McLachlan D.Networking intrusion detection:An analyst's handbook[M].Thousand Oaks,CA:New Riders Publishing,2000:120-134.
[17]John N.Non-cooperative games[J].The Annals of Mathematics,1951,54(2):286-295.


Last Update: 2014-02-28