基于动态安全管理模式的信息系统安全防御策略研究

doi:10.3969/j.issn.1671-1122.2026.01.005

摘要/Abstract

摘要：

针对静态安全管理模式应对动态安全管理场景的局限，考虑攻防对抗行为对策略选择的影响，文章提出基于动态安全管理模式的信息系统安全防御策略选择方法。该方法融合信念理论，构建信念随机博弈模型，有效模拟信息系统在面对不同安全威胁时的信念状态和攻防过程。通过分析两者之间的博弈关系，评估系统的安全状态，计算攻防状态下管理者的防御成本和收益，进而得出攻击成功率，从而确定最优防御策略。该实验以真实涉密信息系统为研究对象，从攻击成功率、防御成本和防御收益3个方面验证该方法的有效性，为信息系统的安全管理提供科学依据和改进意见。

关键词: 信息系统安全, 动态管理模式, 精炼贝叶斯, 信念理论

Abstract:

Aiming at the limitation of static security management mode in dealing with dynamic security management scenarios, considering the influence of offensive and defensive confrontation behavior on strategy selection, this paper put forward a security defense strategy selection method of information system based on dynamic security management mode. Combining belief theory, a belief random game model was constructed to effectively simulate the belief state and the attack and defense process of information systems in the face of different security threats. By analyzing the game relationship between them, the security state of the system was evaluated, and the defense costs and benefits of managers in the attack and defense state were calculated, as well as the impact on the success rate of attacks, so as to the optimal defense strategy. Taking the real classified information system as the research object, this paper demonstrated the effectiveness of the experiment from three aspects: attack success rate, defense cost and defense benefit, which provides scientific basis and improvement suggestions for the security management of information system.

Key words: information system security, dynamic management model, refined Bayesian, belief theory

中图分类号:

TP309

吴越, 张雅雯, 程相然. 基于动态安全管理模式的信息系统安全防御策略研究[J]. 信息网络安全, 2026, 26(1): 59-68.

WU Yue, ZHANG Yawen, CHENG Xiangran. Research on Security Defense Strategy of Information System Based on Dynamic Security Management Model[J]. Netinfo Security, 2026, 26(1): 59-68.

图/表 10

图1

图2

表1

表2

表3

表4

表5

图3

图4

图5

参考文献 19

[1]	MA Hhongjian, LI Yiyong, CHE Lu, et al. Research on Security Management of University Information System Based on Smart Campus[J]. Modern Information Technology, 2022, 6(8): 155-157.
	马鸿健, 李义勇, 车路. 等. 基于智慧校园的高校信息系统安全管理研究[J]. 现代信息科技, 2022, 6(8): 155-157.
[2]	YIN Hhuantong. Analysis of Network Security and Research on Hospital Information System Security Management[J]. China New Telecommunications. 2021, 23(18): 115-116
	殷焕炯. 试析网络安全及医院信息系统安全管理研究[J]. 中国新通信, 2021, 23(18): 115-116.
[3]	WANG Ming. Practice in Security Management of Railway Station Anddepot Information System[J]. Railway Computer Application, 2021, 30(11): 47-53.
	王明. 铁路基层站段信息系统安全管理实践[J]. 铁路计算机应用, 2021, 30(11): 47-53.
[4]	DING Guanghua, HAN Xuejun, ZHANG Ggangling. Analysis on the Construction Path of Information System Security Management System——From the Perspective of Provincial People's Bank Security Management[J]. FinTech Time, 2022, (9): 22-24.
	丁光华, 韩学军, 张刚领. 信息系统安全管理体系建设路径探析——以省域人民银行安全管理为视角[J]. 金融科技时代, 2022,(9): 22-24.
[5]	ZHAO Yue, MA Yuwei, HAN Lei. Security Management Strategy of Integrated Information System[J]. Dual Use Technologies & Products. 2024, (4): 66-69.
	赵越, 马玉伟, 韩磊. 集团企业一体化信息系统安全管理策略研究[J]. 军民两用技术与产品, 2024,(4): 66-69.
[6]	LIU Zihui, PAN Wei, WU Chao. Research on the Application of SI-SB System Security Model in the Security Management of High-Speed Railway Information System[J]. Science & Technology for Development. 2021, 17(5): 906-913.
	刘子慧, 潘伟, 吴超. 安全信息——安全行为系统安全模型在高铁信息系统安全管理中的应用研究[J]. 科技促进发展, 2021, 17(5): 906-913.
[7]	CHEN Changmao. Research on Critical Factors AffectingInformatization Security Management in Hcompany[D]. Guangzhou: South China University of Technology, 2023.
	陈昌茂. H公司信息系统安全管理关键影响因素研究[D]. 广州: 华南理工大学, 2023.
[8]	TANG Ronghua. Evaluation of Information System Security Management Based on Grey Relational Analysis and Synthesis[J]. Video Engineering, 2022, 46(11): 41-46.
	唐荣华. 基于灰色关联分析综合法的信息系统安全管理评价[J]. 电视技术, 2022, 46(11): 41-46.
[9]	GUO Ziyu, QI Jiahao, ZUO Jinxin, et al. A Security Evaluation Model for Edge Information Systems Based on Index Screening[J]. IEEE Internet of Things Journal, 2024, 11(12): 21585-21603. doi: 10.1109/JIOT.2024.3375077 URL
[10]	WANG Fei. Research on Optimization Algorithms for Artificial Intelligence Network Security Management Based on All IP Internet of Things Fusion Technology[J]. Computers and Electrical Engineering, 2024, 115: 109105. doi: 10.1016/j.compeleceng.2024.109105 URL
[11]	MAO Xinyue. Research on Information System Security ManagementBased on Game Theory[D]. Guizhou: Guizhou University, 2017.
	毛新月. 基于博弈论的信息系统安全管理研究[D]. 贵州: 贵州大学, 2017.
[12]	GAN Qingyun. Analysis of Security Risk Self-assessment of Classified Information System[J]. Cyberspace Security, 2017, 8(Z4): 51-53.
	甘清云. 浅析涉密信息系统安全风险自评估[J]. 网络空间安全, 2017, 8(Z4): 51-53.
[13]	LEITGEB H. The stability theory of belief[J]. Philosophical review, 2014, 123(2): 131-171. doi: 10.1215/00318108-2400575 URL
[14]	Tarun Yadav, Arvind Mallari Rao. Technical Aspects of Cyber Kill Chain[C]// International symposium on security in computing and communication. Cham: Springer International Publishing, 2015: 438-452.
[15]	NIU Xinxin. A Study on Peirce's Theory[D]. Baoding: Hebei University, 2024.
	牛鑫鑫. 皮尔士信念理论研究[D]. 保定: 河北大学, 2024.
[16]	WANG Yun, ZHANG Yunbin. Belief Elicitation in Economic Experiments: Theory, Methodology and Applications[J]. South China Journal of Economics, 2020, (6): 87-104. doi: 10.19592/j.cnki.scje.371608
	王云, 张畇彬. 经济学实验中的信念诱导与测度:理论、方法与应用[J]. 南方经济, 2020,(6): 87-104.
[17]	TENG Jimmy. Refining Perfect Bayesian Equilibrium by Bayesian Iterative Conjectures Algorithm[J]. Game Theory & Bargaining Theory, 2012, 10: 174-184.
[18]	ZHANG Hengwei, WANG Jindong, YU Dingkun, et al. Active Defense Strategy Selection Based on Static Bayesian Game[C]// Third international conference on cyberspace technology(CCT 2015). Stevenage UK: IET, 2015: 44-50.
[19]	YUAN Bo. Research on the Decision-Making Method of Network DefenseStrategy Based on Dynamic Game Theory[D]. Zhengzhou: Zhengzhou University of Light Industry, 2022.
	袁博. 基于动态博弈的网络防御策略选取方法研究[D]. 郑州: 郑州轻工业大学, 2022.

	管理者
攻击者	HPer	$\left[ \begin{matrix} \left( {{U}_{\text{HPer},\alpha,{{\rho }_{1}}}},{{U}_{\text{D},\eta,\sim {{\mu }_{1}}}} \right) & \left( {{U}_{\text{HPer},\alpha,\sim {{\rho }_{1}}}},{{U}_{\text{D},\eta,{{\mu }_{1}}}} \right) \\ \left( {{U}_{\text{HPer},\alpha,{{\rho }_{1}}}},{{U}_{\text{D},\sim \eta }} \right) & \left( {{U}_{\text{HPer},\alpha,\sim {{\rho }_{1}}}},{{U}_{\text{D},\sim \eta }} \right) \\ \end{matrix} \right]$
	MPer	$\left[ \begin{matrix} \left( {{U}_{\text{MPer},\beta,{{\rho }_{2}}}},{{U}_{\text{D},\eta,\sim {{\mu }_{2}}}} \right) & \left( {{U}_{\text{MPer},\beta,\sim {{\rho }_{2}}}},{{U}_{\text{D},\eta,{{\mu }_{2}}}} \right) \\ \left( {{U}_{\text{MPer},\beta,{{\rho }_{2}}}},{{U}_{\text{D},\sim \eta }} \right) & \left( {{U}_{\text{MPer},\beta,\sim {{\rho }_{2}}}},{{U}_{\text{D},\sim \eta }} \right) \\ \end{matrix} \right]$
	LPer	$\left[ \begin{matrix} \left( {{U}_{\text{LPer},\gamma,{{\rho }_{3}}}},{{U}_{D,\eta,\sim {{\mu }_{3}}}} \right) & \left( {{U}_{\operatorname{MPer},\gamma,\sim {{\rho }_{3}}}},{{U}_{\text{D},\eta,{{\mu }_{3}}}} \right) \\ \left( {{U}_{\text{LPer},\gamma,{{\rho }_{3}}}},{{U}_{D,\sim \eta }} \right) & \left( {{U}_{\text{MPer},\gamma,\sim {{\rho }_{3}}}},{{U}_{\text{D},\sim \eta }} \right) \\ \end{matrix} \right]$

攻击阶段	攻击动作	成功率	危害程度	操作成本
${{a}_{1}}$	扫描系统漏洞	70%	0.52	50
${{a}_{2}}$	破解密码	40%	0.67	90
${{a}_{3}}$	上传恶意程序	50%	0.81	70
${{a}_{4}}$	提升系统权限	50%	0.95	60
${{a}_{5}}$	安装嗅探器	40%	0.72	80
${{a}_{6}}$	入侵数据库	30%	0.95	110
${{a}_{7}}$	窃取信息	30%	1	200
?	无行动	0	0	0

防御策略	行为描述	符号表示	变迁触发率参数
IDS	入侵检测	${{d}_{1}}$	${{\lambda }_{\text{9}}}$
Anti_Vul	病毒查杀	${{d}_{2}}$	${{\lambda }_{\text{10}}}$
Block_IP	锁定IP	${{d}_{3}}$	${{\lambda }_{\text{11}}}$
Rem_Scri	清除恶意程序	${{d}_{4}}$	${{\lambda }_{\text{12}}}$
Rem_Sniffer	清除嗅探器	${{d}_{5}}$	${{\lambda }_{\text{13}}}$
Trace_IP	溯源追查	${{d}_{6}}$	${{\lambda }_{\text{14}}}$
?	无行动	${{d}_{7}}$	${{\lambda }_{\text{15}}}$

行为	${{d}_{1}}$	${{d}_{2}}$	${{d}_{3}}$	${{d}_{4}}$	${{d}_{5}}$	${{d}_{6}}$	${{d}_{7}}$
防御方案1	√	—	√	√	—	√	√
防御方案2	√	√	√	—	—	—	√
防御方案3	√	√	√	√	√	—	—
防御方案4	√	—	√	√	√	√	—
防御方案5	—	—	√	—	√	√	—
防御方案6	√	—	√	—	√	—	—
防御方案7	—	√	—	√	—	√	—

防御策略组合	窃取信息成功率	总防御成本	总防御者收益
本文方法	70.23%	0	-253.12
防御方案1	35.14%	20.35	-153.89
防御方案2	25.29%	33.92	-109.24
防御方案3	40.64%	50.28	-113.36
防御方案4	25.42%	50.69	-70.47
防御方案5	15.67%	84.45	-55.98
防御方案6	20.28%	70.22	-120.48
防御方案7	40.64%	50.64	-124.93