發(fā)布時間：2018-02-01 21:24

  本文關(guān)鍵詞： 博弈論 非對稱信息 網(wǎng)絡(luò)攻擊 高級持續(xù)威脅 網(wǎng)絡(luò)安全　出處：《計算機應(yīng)用》2017年09期 　論文類型：期刊論文

【摘要】：針對目前缺少對高級持續(xù)威脅(APT)攻擊理論建模分析的問題,提出了一種基于Flip It模型的非對稱信息條件下的攻防博弈模型。首先,將網(wǎng)絡(luò)系統(tǒng)中的目標(biāo)主機等資產(chǎn)抽象為目標(biāo)資源節(jié)點,將攻防場景描述為攻防雙方對目標(biāo)資源的交替控制;然后,考慮到攻防雙方在博弈中觀察到的反饋信息的不對稱性以及防御效果的不徹底性,給出了在防御者采取更新策略時攻防雙方的收益模型及最優(yōu)策略的條件,同時給出并分別證明了達到同步博弈與序貫博弈均衡條件的定理;最后通過數(shù)例分析了影響達到均衡時的策略及防御收益的因素,并比較了同步博弈均衡與序貫博弈均衡。結(jié)果表明周期策略是防御者的最優(yōu)策略,并且與同步博弈均衡相比,防御者通過公布其策略達到序貫博弈均衡時的收益更大。實驗結(jié)果表明所提模型能夠在理論上指導(dǎo)應(yīng)對隱蔽性APT攻擊的防御策略。
[Abstract]:Aiming at the lack of theoretical modeling and analysis of advanced persistent threat (apt) attack, a game model of attack and defense based on Flip it model with asymmetric information is proposed. The target host and other assets in the network system are abstracted as the target resource node, and the attack and defense scene is described as the alternate control of the target resource between the attacking and defending sides. Then, considering the asymmetry of feedback information observed by both sides in the game and the inthoroughness of defense effect. In this paper, the profit model and the conditions of the optimal strategy are given when the defender adopts the renewal strategy, and the theorems of the equilibrium conditions of synchronous game and sequential game are given and proved respectively. Finally, several examples are given to analyze the influence of the strategy and the defense income factors, and to compare the synchronous game equilibrium with the sequential game equilibrium. The results show that the periodic strategy is the best strategy for the defender. And compared with synchronous game equilibrium. The results show that the proposed model can theoretically guide the defense strategy against hidden APT attacks.
【作者單位】： 武警工程大學(xué)網(wǎng)絡(luò)與信息安全武警部隊重點實驗室;武警工程大學(xué)信息安全研究所;
【基金】：國家自然科學(xué)基金資助項目(61402531) 陜西省自然科學(xué)基礎(chǔ)研究計劃項目(2014JQ8358,2015JQ6231,2014JQ8307)~~
【分類號】：TP393.08
【正文快照】： 0引言近年來,針對關(guān)鍵基礎(chǔ)設(shè)施(Critical Infrastructure,CI)和政府、大型企業(yè)、軍事機構(gòu)等信息系統(tǒng)的高級持續(xù)威脅(Advanced Persistent Threat,APT)[1]攻擊事件頻發(fā),信息資產(chǎn)受到的安全威脅越來越嚴(yán)重。APT攻擊以其目標(biāo)性強、隱蔽性高、方式多維性、不易被偵測等特點成為常，

本文編號：1482907