發(fā)布時(shí)間：2018-02-01 21:24

  本文關(guān)鍵詞： 博弈論 非對(duì)稱信息 網(wǎng)絡(luò)攻擊 高級(jí)持續(xù)威脅 網(wǎng)絡(luò)安全　出處：《計(jì)算機(jī)應(yīng)用》2017年09期 　論文類型：期刊論文

【摘要】：針對(duì)目前缺少對(duì)高級(jí)持續(xù)威脅(APT)攻擊理論建模分析的問(wèn)題,提出了一種基于Flip It模型的非對(duì)稱信息條件下的攻防博弈模型。首先,將網(wǎng)絡(luò)系統(tǒng)中的目標(biāo)主機(jī)等資產(chǎn)抽象為目標(biāo)資源節(jié)點(diǎn),將攻防場(chǎng)景描述為攻防雙方對(duì)目標(biāo)資源的交替控制;然后,考慮到攻防雙方在博弈中觀察到的反饋信息的不對(duì)稱性以及防御效果的不徹底性,給出了在防御者采取更新策略時(shí)攻防雙方的收益模型及最優(yōu)策略的條件,同時(shí)給出并分別證明了達(dá)到同步博弈與序貫博弈均衡條件的定理;最后通過(guò)數(shù)例分析了影響達(dá)到均衡時(shí)的策略及防御收益的因素,并比較了同步博弈均衡與序貫博弈均衡。結(jié)果表明周期策略是防御者的最優(yōu)策略,并且與同步博弈均衡相比,防御者通過(guò)公布其策略達(dá)到序貫博弈均衡時(shí)的收益更大。實(shí)驗(yàn)結(jié)果表明所提模型能夠在理論上指導(dǎo)應(yīng)對(duì)隱蔽性APT攻擊的防御策略。
[Abstract]:Aiming at the lack of theoretical modeling and analysis of advanced persistent threat (apt) attack, a game model of attack and defense based on Flip it model with asymmetric information is proposed. The target host and other assets in the network system are abstracted as the target resource node, and the attack and defense scene is described as the alternate control of the target resource between the attacking and defending sides. Then, considering the asymmetry of feedback information observed by both sides in the game and the inthoroughness of defense effect. In this paper, the profit model and the conditions of the optimal strategy are given when the defender adopts the renewal strategy, and the theorems of the equilibrium conditions of synchronous game and sequential game are given and proved respectively. Finally, several examples are given to analyze the influence of the strategy and the defense income factors, and to compare the synchronous game equilibrium with the sequential game equilibrium. The results show that the periodic strategy is the best strategy for the defender. And compared with synchronous game equilibrium. The results show that the proposed model can theoretically guide the defense strategy against hidden APT attacks.
【作者單位】： 武警工程大學(xué)網(wǎng)絡(luò)與信息安全武警部隊(duì)重點(diǎn)實(shí)驗(yàn)室;武警工程大學(xué)信息安全研究所;
【基金】：國(guó)家自然科學(xué)基金資助項(xiàng)目(61402531) 陜西省自然科學(xué)基礎(chǔ)研究計(jì)劃項(xiàng)目(2014JQ8358,2015JQ6231,2014JQ8307)~~
【分類號(hào)】：TP393.08
【正文快照】： 0引言近年來(lái),針對(duì)關(guān)鍵基礎(chǔ)設(shè)施(Critical Infrastructure,CI)和政府、大型企業(yè)、軍事機(jī)構(gòu)等信息系統(tǒng)的高級(jí)持續(xù)威脅(Advanced Persistent Threat,APT)[1]攻擊事件頻發(fā),信息資產(chǎn)受到的安全威脅越來(lái)越嚴(yán)重。APT攻擊以其目標(biāo)性強(qiáng)、隱蔽性高、方式多維性、不易被偵測(cè)等特點(diǎn)成為常，

本文編號(hào)：1482907