基于时间微分博弈的网络安全防御决策方法

doi:10.3969/j.issn.1671-1122.2022.05.008

摘要/Abstract

摘要：

现有的网络防御决策方法大多针对防御行动内容开展研究,忽略了网络攻防时机因素的影响,降低了安全防御的效能。在网络安全领域,关于防御时机决策的研究有限,现有大部分方法仅从时间单一维度建模分析攻防行为,缺乏对网络攻防行动的考量。文章统一考虑网络防御行动和防御时机决策问题,提出融合时间博弈和微分博弈的防御决策方法。首先,分析网络攻防行动和时机的特征,定义攻防行为和攻防时间策略。然后,借鉴传播动力学模型构建网络安全状态微分方程,分析网络节点安全状态的演化过程,在此基础上构建网络攻防时间微分博弈模型。最后,给出博弈鞍点均衡的求解方法,并依据鞍点均衡策略设计最优防御策略选取算法。文章通过仿真实验验证了模型和算法的有效性,相比已有方法,文章所提方法从行动和时间两个维度综合提升了网络防御效能。

关键词: 网络安全, 攻防对抗, 微分博弈, 时间博弈, 防御决策

Abstract:

Most of the existing network defense decision-making methods aim at defense intensity, neglecting network attack and defense timing influence and reducing security defense efficacy. Related research on timing decision in network security area is considerably limited, while most methods merely model on time dimension to analyze attack and defense behavior and lack intensity consideration. This paper studied both defense intensity and defense timing decision, and proposed a timing and differential game combined defense decision method. First, characteristics of network defense actions and timing were analyzed, and actions and timing strategies were defined. Second, refering to propagation dynamics model, network security status differential functions were elaborated. This paper analyzed evolution process of network node security status, and presented a network attack-defense timing differential game model. Third, this paper solved saddle point equilibrium of game, and proposed optimal defense decision-making method on that. Experiment results indicate effectiveness of the model and algorithm, and network defense efficacy enhanced on intensity and time aspects compared with existing papers.

Key words: network security, attack-defense confrontation, differential game, time game, defense decision-making

中图分类号:

TP309

孙鹏宇, 谭晶磊, 李晨蔚, 张恒巍. 基于时间微分博弈的网络安全防御决策方法[J]. 信息网络安全, 2022, 22(5): 64-74.

SUN Pengyu, TAN Jinglei, LI Chenwei, ZHANG Hengwei. Network Security Defense Decision-Making Method Based on Time Differential Game[J]. Netinfo Security, 2022, 22(5): 64-74.

图/表 10

表1

表2

图1

表3

表4

图2

图3

图4

图5

图6

参考文献 25

[1]	WU Zenan, TIAN Liqin, ZHANG Yi, et al. Network Attack and Defense Modeling and System Security Analysis: A Novel Approach Using Stochastic Evolutionary Game Petri Net[EB/OL]. (2021-11-13)[2021-12-30]. https://dl.acm.org/doi/abs/10.1155/2021/4005877.
[2]	LIU Binbin. Network Security Threat Situation Recognition Based on Attack and Defense Game Model[J]. Journal of Physics: Conference Series, 2021, 2037(1): 120-126.
[3]	KNAKE R K. Internet Governance in an Age of Cyber Insecurity[M]. New York: Council on Foreign Relations, 2010.
[4]	YANG Lin, CHEN Shi. Dynamic Defense Technology in Cyberspace[J]. Secrecy Science and Technology, 2020(6): 4-8.
	杨林, 陈实. 网络空间动态防御技术[J]. 保密科学技术, 2020(6): 4-8.
[5]	XU Xiaotong, WANG Gaocai, HU Jintian, et al. Study on Stochastic Differential Game Model in Network Attack and Defense[J]. Security and Communication Networks, 2020(6): 1-15.
[6]	WANG Wenbo, KWASINSKI A, NIYATO D, et al. Learning for Robust Routing Based on Stochastic Game in Cognitive Radio Networks[J]. IEEE Transactions on Communications, 2018, 66(6): 2588-2602. doi: 10.1109/TCOMM.2018.2799616 URL
[7]	SUN Yan, JI Weifeng, WENG Jiang. Selection of Defensive Optimal Strategy for Moving Target Signal Game[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(9): 1510-1520.
	孙岩, 姬伟峰, 翁江. 移动目标信号博弈的防御最优策略选取[J]. 计算机科学与探索, 2020, 14(9): 1510-1520.
[8]	HOSSEINI S. Defense Against Malware Propagation in Complex Heterogeneous Networks[J]. Cluster Computing, 2021, 24(2): 1199-1215. doi: 10.1007/s10586-020-03181-4 URL
[9]	PAWLICK J, FARHANG S, ZHU Quanyan. Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats[C]// Springer. 2015 International Conference on Decision and Game Theory for Security. Heidelberg: Springer, 2015: 289-308.
[10]	SUN Wenjun, SU Yang, CAO Zhen. Attack-Defense Game Model for Advanced Persistent Threats with Asymmetric Information[J]. Journal of Computer Applications, 2017, 37(9): 2557-2562.
	孙文君, 苏旸, 曹镇. 非对称信息条件下APT攻防博弈模型[J]. 计算机应用, 2017, 37(9): 2557-2562.
[11]	DING Shaohu, QI Ning, GUO Yiwei. Evaluation of Mimic Defense Strategy Based on M-FlipIt Game Model[J]. Journal on Communications, 2020, 41(7): 186-194.
	丁绍虎, 齐宁, 郭义伟. 基于M-FlipIt博弈模型的拟态防御策略评估[J]. 通信学报, 2020, 41(7): 186-194.
[12]	TAN Jinglei, ZHANG Hengwei, ZHANG Hongqi, et al. Optimal Strategy Selection Approach of Moving Target Defense Based on Markov Time Game[J]. Journal on Communications, 2020, 41(1): 42-52. doi: 10.1111/j.1460-2466.1991.tb02330.x URL
	谭晶磊, 张恒巍, 张红旗, 等. 基于Markov时间博弈的移动目标防御最优策略选取方法[J]. 通信学报, 2020, 41(1): 42-52.
[13]	JIN Zhigang, WANG Xinjian, LI Gen, et al. The Generation Method of Network Defense Strategy Combining with Attack Graph and Game Model[J]. Netinfo Security, 2021, 21(1): 1-9.
	金志刚, 王新建, 李根, 等. 融合攻击图和博弈模型的网络防御策略生成方法[J]. 信息网络安全, 2021, 21(1): 1-9.
[14]	LIU Xiaohu, ZHANG Hengwei, ZHANG Yuchen, et al. Active Defense Strategy Selection Method Based on Two-Way Signaling Game[J]. Security and Communication Networks, 2019(2): 1-14.
[15]	LIU Xiaohu, ZHANG Hengwei, MA Junqiang, et al. Research Review of Network Defense Decision-Making Methods Based on Attack and Defense Game[J]. Chinese Journal of Network and Information Security, 2022, 8(1): 1-14.
	刘小虎, 张恒巍, 马军强, 等. 基于攻防博弈的网络防御决策方法研究综述[J]. 网络与信息安全学报, 2022, 8(1): 1-14.
[16]	DIJK M V, JUELS A, OPREA A, et al. FlipIt: The Game of ‘Stealthy Takeover'[J]. Journal of Cryptology, 2013, 26(4): 655-713. doi: 10.1007/s00145-012-9134-5 URL
[17]	ACEMOGLU D, CHERNOZHUKOV V, WERNING I, et al. Optimal Targeted Lockdowns in a Multigroup SIR Model[J]. American Economic Review: Insights, 2021, 3(4): 487-502. doi: 10.1257/aeri.20200590 URL
[18]	MENG Qingwei, QIU Mingyang, WANG Gang, et al. Zeroday Virus Transmission Model and Stability Analysis[J]. Journal of Electronics & Information Technology, 2021, 43(7): 1849-1855.
	孟庆微, 仇铭阳, 王刚, 等. 零日病毒传播模型及稳定性分析[J]. 电子与信息学报, 2021, 43(7): 1849-1855.
[19]	DEL REY A M, VARA R C, GONZÁLEZ S R. A Computational Propagation Model for Malware Based on the SIR Classic Model[J]. Neurocomputing, 2021, 484(1): 161-171. doi: 10.1016/j.neucom.2021.08.149 URL
[20]	ZHOU Zhining, WANG Binjun. Virus Propagation Model in Ad Hoc Network[J]. Computer Application and Software, 2021, 38(5): 331-336, 343.
	周枝凝, 王斌君. 自组织网络病毒传播模型研究[J]. 计算机应用与软件, 2021, 38(5): 331-336, 343.
[21]	FRIESZ T L. Dynamic Optimization and Differential Games[M]. Heidelberg: Springer, 2010.
[22]	MI Yan, ZHANG Hengwei, HU Hao, et al. Optimal Network Defense Strategy Selection Method: A Stochastic Differential Game Model[EB/OL]. (2021-08-24)[2021-11-18]. https://www.hindawi.com/journals/scn/2021/5594697/.
[23]	HARDIK R, POOJA A. A Survey on: Cyber Crime & Information Security[J]. IOSR Journal of Computer Engineering, 2018, 20(1): 30-34.
[24]	RICHARDSON R, DIRECTOR C S I. CSI Computer Crime and Security Survey[EB/OL]. (2008-01-08)[2021-12-17]. https://www.researchgate.net/publication/313552042_CSI_computer_crime_and_security_survey.
[25]	SPRINGER P J. Encyclopedia of Cyber Warfare[M]. Santa Barbara: ABC-CLIO, LLC, 2017.

符号	名称	具体含义
${{R}_{A}}$	攻击回报	攻击方控制系统资源获得的回报
${{k}_{1}}$	攻击回报系数	实施攻击策略造成的危害程度
$T{{C}_{A}}$	时间策略攻击成本	实施时间策略所付出的攻击成本
$B{{C}_{A}}$	行为策略攻击成本	实施行为策略所付出的攻击成本
${{\sigma }_{1}}$	时间策略效用系数	单位时间成本所消耗的资源
${{R}_{D}}$	防御回报	防御方控制系统资源获得的回报
${{k}_{2}}$	防御回报系数	实施防御策略产生的保护程度
$T{{C}_{D}}$	时间策略防御成本	实施时间策略所付出的防御成本
$B{{C}_{D}}$	行为策略防御成本	实施行为策略所付出的防御成本
${{\sigma }_{2}}$	行为策略效用系数	单位执行成本所消耗的资源

方法	策略类型	防御方法	决策时效性	模型通用性	应用场景
文献[5]方法	行为策略	微分博弈	较好	较好	网络安全评估
文献[7]方法	行为策略	信号博弈	一般	一般	网络安全防御
文献[10]方法	时间策略	FlipIt博弈	一般	较好	网络安全分析
文献[11]方法	时间策略	M-FlipIt	一般	一般	安全性能评估
文献[12]方法	时间策略	Markov时间博弈	较好	一般	MTD 决策
本文模型	时间策略+行为策略	时间博弈+微分博弈	较好	较好	网络安全防御

序号	攻击策略	策略描述	攻击强度
1	Web_monitor	安装网页监听程序	0.21
2	Crack_Password	获取用户登录信息	0.29
3	Install_Trojan	植入特洛伊木马病毒	0.80
4	Steal_information	窃取系统机密资源	0.95

序号	防御策略	策略描述	防御强度
1	Restart_server	重新启动服务器恢复网络	0.27
2	Delete_account	删除可疑账户	0.35
3	Uninstall_Trojan	卸载删除特洛伊木马	0.80
4	Limit_ports	限制来自端口的数据包	0.85