移动目标信号博弈的防御最优策略选取

doi:10.3778/j.issn.1673-9418.1909042

摘要/Abstract

摘要：

从不对称的网络攻防实际情况出发，分析网络攻防对抗具有的动态性、不完全信息性和多阶段性的特点。以信号博弈为框架，采用防御者为信号发起者，利用诱导信号干扰攻击的防御行为模式构建移动目标信号博弈防御模型（MTSGDM）。考虑防御检测系统本身存在无法避免的错检缺陷下提出攻击策略与防御策略的收益量化方法，给出精炼贝叶斯均衡求解算法和先验信念修正算法。分别通过相对防御收益和精炼贝叶斯均衡结果选取最优防御策略及最优诱导信号策略，两种策略的组合能够最大化防御收益。最后通过实例说明并验证该模型和方法的可行性和有效性。在分析实验数据的基础上总结出一般性规律，对网络环境下防御者如何决策具有指导意义。

关键词: 网络空间安全, 信号博弈, 移动目标防御, 最优策略选取

Abstract:

Starting from the actual situation of asymmetric network attack and defense, this paper analyzes the dynamic, incomplete information and multi-stage characteristics of network attack and defense confrontation. Using signal game as the framework, the defender is the signal initiator, and the defense behavior model of the induced signal jamming attack is used to construct the moving target signal game defense model (MTSGDM). Considering the profit quantification method of attack strategy and defense strategy under the defect detection fault that the defense monitoring system itself cannot avoid, the refined Bayesian equilibrium algorithm and the prior belief correction algorithm are given. The optimal defense strategy and the optimal induced signal strategy are selected by the relative defense gain and the refined Bayesian equilibrium result respectively. The combination of the two strategies can maximize the defense gain. Finally, the feasibility and effectiveness of the model and method are illustrated and verified by examples. Based on analyzing the experimental data, the general rules are summarized, which has guiding significance for how the defenders decide in the network environment.

Key words: cyberspace security, signal game, moving target defense, optimal strategy selection

孙岩，姬伟峰，翁江. 移动目标信号博弈的防御最优策略选取[J]. 计算机科学与探索, 2020, 14(9): 1510-1520.

SUN Yan, JI Weifeng, WENG Jiang. Selection of Defensive Optimal Strategy for Moving Target Signal Game[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(9): 1510-1520.

参考文献

[1] Liang X N, Xiao Y. Game theory for network security[J]. IEEE Communications Surveys & Tutorials, 2013, 15(1): 472-486.
[2] Yang L, Yu Q. Dynamically-enabled cyber defense[M]. Bei-jing: Posts and Telecommunications, 2018.杨林, 于全. 动态赋能网络空间防御[M]. 北京: 人民邮电出版社, 2018.
[3] Müller G. Budgeting process for information security expen-ditures[J]. Wirtschaftsinformatik, 2006, 48(4): 286-288.
[4] Fallah M S. A puzzle-based defense strategy against flooding attacks using game theory[J]. IEEE Transactions on Dependable and Secure Computing, 2010, 7(1): 5-19.
[5] Manadhata P K. Game theoretic approaches to attack surface shifting[M]//Jajodia S, Ghosh A K, Subrahmanian V S, eds. Moving Target Defense II-Application of Game Theory and Adversarial Modeling. Berlin, Heidelberg: Springer, 2013.
[6] Wang C L, Miao Q, Dai Y Q. Network survivability analysis based on stochastic game model[J]. Multimedia Information Networking and Security, 2014, 55(10): 199-204.
[7] Chowdhary A, Sengupta S, Alshamrani A, et al. Adaptive MTD security using markov game modeling[C]//Proceedings of the 2019 International Conference on Computing, Net-working and Communications, Honolulu, Feb 18-21, 2019. Piscataway: IEEE, 2019: 577-581.
[8] Cai G L, Wang B S, Xing Q Q. Game theoretic analysis for the mechanism of moving target defense[J]. Frontiers of Information Technology & Electronic Engineering, 2017, 18(12): 2017-2034.
[9] Zhang H W, Yu D K, Han J H, et al. Defense policies selec-tion method based on attack-defense signaling game model[J]. Journal of Communications, 2016, 37(5): 51-61.张恒巍, 余定坤, 韩继红, 等. 基于攻防信号博弈模型的防御策略选取方法[J]. 通信学报, 2016, 37(5): 51-61.
[10] Liu J, Zhang H Q, Liu Y. Research on optimal selection of moving target defense policy based on dynamic game with incomplete information[J]. Acta Electronica Sinica, 2018, 46(1): 82-89.刘江, 张红旗, 刘艺. 基于不完全信息动态博弈的动态目标防御最优策略选取研究[J]. 电子学报, 2018, 46(1): 82-89.
[11] Zhang H W, Li T. Optimal active defense based on multi-stage attack-defense signaling game[J]. Acta Electronica Sinica, 2018, 46(1): 82-89.张恒巍, 李涛. 基于多阶段攻防信号博弈的最优主动防御[J]. 电子学报, 2018, 46(1): 82-89.
[12] Jiang W, Fang B X, Tian Z H, et al. Research on defense strategies selection based on attack-defense stochastic game model[J]. Journal of Computer Research and Development, 2010, 47(10): 1714-1723.姜伟, 方滨兴, 田志宏, 等. 基于攻防随机博弈模型的防御策略选取研究[J]. 计算机研究与发展, 2010, 47(10): 1714-1723.
[13] Wang Y Z, Yu J Y, Qiu W, et al. Evolutionary game model and analysis methods for network group behavior[J]. Chinese Journal of Computers, 2015, 38(2): 282-300.王元卓, 于建业, 邱雯, 等. 网络群体行为的演化博弈模型与分析方法[J]. 计算机学报, 2015, 38(2): 282-300.
[14] Tadelis S. Game theory: an introduction[M]. Princeton: Prin-ceton University Press, 2014.
[15] Lippmann R, Haines J W. Analysis and results of the DARPA off-line intrusion detection evaluation[C]//Proceeding of the 17th International Workshop on Recent Advances in Intrusion Detection, Toulouse, Oct 2-4, 2000. Berlin, Heidelberg: Sprin-ger, 2000: 162-182.
[16] Gao Z W, Yao Y, Rao F, et al. Predicting model of vuln-erabilities based on the type of vulnerability severity[J]. Acta Electronica Sinica, 2013, 41(9): 1784-1787.高志伟, 姚尧, 饶飞, 等. 基于漏洞严重程度分类的漏洞预测模型[J]. 电子学报, 2013, 41(9): 1784-1787.
[17] Liu Q X, Zhang C B, Zhang Y Q, et al. Research on key technology of vulnerability threat classification[J]. Journal on Communications, 2012, 33(Z1): 79-87. 刘奇旭, 张翀斌, 张玉清, 等. 安全漏洞等级划分关键技术研究[J]. 通信学报, 2012, 33(Z1): 79-87.
[18] Jiang W. Research on active defense based on attack-defense game model[D]. Harbin: Harbin Institute of Technology, 2010.姜伟. 基于攻防博弈模型的主动防御关键技术研究[D]. 哈尔滨: 哈尔滨工业大学, 2010.
[19] Alese B K, Babatunde I G, Israel H D. DGM approach to network attacker and defender strategies[C]//Proceedings of the 8th International Conference for Internet Technology and Secured Transactions, London, Dec 9-12, 2013. Piscataway: IEEE, 2013: 313-320.
[20] Gordon L, Loeb M, Lucyshyn W, et al. 2015 CSI/FBI computer crime and security survey[C]//Proceeding of the 2014 Computer Crime and Security Institute. Piscataway: IEEE, 2015: 48-64.