|Table of Contents|

Network security optimal attack and defense decision-making method based on game model

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2014年01期
Page:
12-21
Research Field:
Publishing date:

Info

Title:
Network security optimal attack and defense decision-making method based on game model
Author(s):
Liu GangZhang HongLi Qianmu
School of Computer Science and Engineering,NUST,Nanjing 210094,China
Keywords:
network security risk management state attack-defense graph game theory optimal decision-making
PACS:
TP309
DOI:
-
Abstract:
To effectively implement the network security risk management and reduce the security risk loss,based on the game theory,this paper designs a network security optimal attack and defense decision-making method through the analysis of interactions between the attacker and the defender.According to the network's topology information,reachable relationship of nodes and vulnerability information,the proposed method generates the network state attack-defense graph(SADG),calculates the successful probability and hazard index of each atomic attack in the SADG and gets the successful probability and hazard index of all possible attack paths.The method calculates the utility matrix of different strategies taken by the attacker and the defender at the different network security states.According to the SADG and based on the non-cooperative non-zero-sum game model,this paper proposes an optimal attack and defense decision-making algorithm,and generates optimal attack and defense strategies with the prevention and control measures of vulnerability.This paper analyzes the application of the proposed method in the network security risk management through a typical network example.The experimental results show that this method can effectively generate the optimal offensive and defensive decision.

References:

[1] 吴迪,连一峰,陈恺,等.一种基于攻击图的安全威胁识别和分析方法[J].计算机学报,2012,35(9):1938-1950.
Wu Di,Lian Yifeng,Chen Kai,et al.A security threats identification and analysis method based on attack graph[J].Chinese Journal of Computers,2012,35(9):1938-1950.
[2]Poolsappasit N,Dewri R,Ray I.Dynamic security risk management using Bayesian attack graphs[J].IEEE Transactions on Dependable and Secure Computing,2012,9(1):61-74.
[3]Noel S,Jajodia S,Wang Lingyu,et al.Measuring security risk of networks using attack graphs[J].International Journal of Next-Generation Computing,2010,1(1):135-147.
[4]Sommestad T,Ekstedt M,Johnson P.Cyber security risks assessment with Bayesian defense graphs and architectural models[A].Proceedings of the 42nd Hawaii International Conference on System Sciences[C].Washington D C,USA:IEEE,2009:1-10.
[5]Roy S,Ellis C,Shiva S,et al.A survey of game theory as applied to network security[A].Proceedings of the 43rd Hawaii International Conference on System Sciences[C].Washington D C,USA:IEEE,2010:1-10.
[6]Zhang Boyun,Chen Zhigang,Tang Wensheng,et al.Network security situation assessment based on stochastic game model[A].ICIC'11 Proceedings of the 7th International Conference on Advanced Intelligent Computing[C].Berlin,Germany:Springer Berlin Heidelberg,2011:517-525.
[7]Wang Yuanzhuo,Yu Min,Li Jingyuan,et al.Stochastic game net and applications in security analysis for enterprise network[J].International Journal of Information Security,2012,11(1):41-52.
[8]Yan Guanhua,Lee Ritchie,Kent Alex,et al.Towards a Bayesian network game framework for evaluating DDoS attacks and defense[A].CCS'12 Proceedings of the 2012 ACM Conference on Computer and Communications Security[C].USA:ACM,2012:553-566.
[9]Ou Xinming,Boyer W F,McQueen M A.A Scalable approach to attack graph generation[A].Proceedings of the 13th ACM Conference on Computer and Communications Security[C].New York:ACM,2006:336-345.
[10]Ingols K,Lippmann R,Piwowarski K.Practical attack graph generation for network defense[A].ACSAC06[C].NJ,USA:IEEE,2006:121-130.
[11]宋舜宏,陆余良,夏阳,等.基于贪心策略的网络攻击图生成方法[J].计算机工程,2011,37(2):126-128.
Song Shunhong,Lu Yuliang,Xia Yang,et al.Method of network attack graph generation based on greedy policy[J].Computer Engineering.2011,37(2):126-128.
[12]Dempster A P.Upper and lower probabilities induced by a multivalued mapping[J].The Annals of Mathematical Statistics,1967,38(2):325-339.
[13]Shafer G A.Mathematical theory of evidence[M].Princeton:Princeton University Press,1976:25-38.
[14]Mell P,Scarfone K,Romanosky S.A complete guide to the common vulnerability scoring system(CVSS)version 2.0[EB/OL].http://www.first.org/cvss/cvss-guide,2007-06.
[15]刘刚,李千目,张宏.信度向量正交投影分解的网络安全分析评估方法[J].电子与信息学报,2012,34(8):1934-1938.
Liu Gang,Li Qianmu,Zhang Hong.Reliability vector orthogonal projection decomposition method of network security risk assessment[J].Journal of Electronics and Information Technology,2012,34(8):1934-1938.
[16]Northcutt S,Novak J,McLachlan D.Networking intrusion detection:An analyst's handbook[M].Thousand Oaks,CA:New Riders Publishing,2000:120-134.
[17]John N.Non-cooperative games[J].The Annals of Mathematics,1951,54(2):286-295.

Memo

Memo:
-
Last Update: 2014-02-28