EFIS数据源防御部署优化的非合作博弈模型

doi:10.3969/j.issn.1671-1122.2024.04.011

摘要/Abstract

摘要：

电子飞行仪表系统（Electronic Flight Instrument System，EFIS）具有高安全性要求，其运行环境极端，可供分配的防御策略资源严重受限，缺乏合理性的防御策略部署会影响系统整体安全。文章从攻防决策视角转换和非合作博弈理论出发，在融合安全视角下提出一种伴随EFIS周期性检修的有限防御策略部署优化模型。首先通过建立双属性的攻击防御树（Attack Defense Tree，ADT）构建攻防策略空间；然后运用决策视角转换思想，从攻击者的角度进行非合作博弈分析，揭示攻击者意图降低系统安全性的攻击策略分配；最后基于攻击者博弈结果对防御策略进行博弈分析，并通过验证提高防御者策略安全属性的可行性，为安全资源分配提供可靠的理论基础。该模型基于蒙特卡洛模拟成功求解了非合作博弈下的防御策略部署问题，得到期望效用最大化时的防御策略优化部署方案，避免了防御措施的冗余添加，同时有效提高了系统整体的安全性。

关键词: 电子飞行仪表系统, 防御策略部署, 攻击防御树, 非合作博弈, 蒙特卡洛模拟

Abstract:

The Electronic Flight Instrument System (EFIS), characterized by high safety requirements and an extreme operating environment, faces severe limitations in the allocation of defense strategy resources. The lack of a rational defense strategy deployment can significantly impact the overall security of the system. This paper proposed a limited defense strategy deployment optimization model in conjunction with the periodic maintenance of EFIS, drawing on the perspectives of attack-defense decision-making and non-cooperative game theory within the integrated framework of security considerations. The methodology began by establishing a dual-attribute Attack Defense Tree (ADT) to construct the space of attack-defense strategies. Subsequently, employing the perspective transformation approach, a non-cooperative game analysis was conducted from the attacker’s viewpoint to reveal the distribution of attack strategies intending to compromise system security. Finally, based on the results of the attacker’s game results, a game analysis was performed for defense strategies. The feasibility of enhancing the security attributes of defender strategies is validated, providing a reliable theoretical foundation for the allocation of security resources. The model successfully addresses the defense strategy deployment problem under non-cooperative games using Monte Carlo simulation. The optimized deployment scheme for defense strategies, maximizing the expected utility, is obtained. This approach avoids redundant additions of defense measures, effectively enhancing the overall security of the system.

Key words: EFIS, defense strategy deployment, ADT, non-cooperative game, Monte Carlo simulation

中图分类号:

TP309

顾兆军, 张一诺, 扬雪影, 隋翯. EFIS数据源防御部署优化的非合作博弈模型[J]. 信息网络安全, 2024, 24(4): 614-625.

GU Zhaojun, ZHANG Yinuo, YANG Xueying, SUI He. A Non-Cooperative Game Model for Optimizing EFIS Data Source Defense Deployment[J]. Netinfo Security, 2024, 24(4): 614-625.

图/表 16

图1

图2

表1

表2

表3

图3

表4

表5

图4

图5

表6

图6

图7

表7

图8

图9

参考文献 21

[1]	BARON C, LOUIS V. Towards a Continuous Certification of Safety-Critical Avionics Software[EB/OL]. (2021-01-03)[2023-12-22]. https://www.sciencedirect.com/science/article/pii/S0166361520306163.
[2]	VILLEGAS J, FORTES S, ESCAÑO V, et al. Verification and Validation Framework for AFDX Avionics Networks[J]. IEEE Access, 2022, 10: 66743-66756.
[3]	SUTHAPUTCHAKUN C, SUN Zhili, KAVADIAS C, et al. Performance Analysis of AFDX Switch for Space Onboard Data Networks[J]. IEEE Transactions on Aerospace and Electronic Systems, 2016, 52(4): 1714-1727.
[4]	MATTI E, JOHNS O, KHAN S, et al. Aviation Scenarios for 5G and Beyond[C]// IEEE. In 2020 AIAA/IEEE 39th Digital Avionics Systems Conference(DASC). New York: IEEE, 2020: 1-10.
[5]	ZHAO Changxiao, WANG Kenian, ZHANG Wei, et al. Integrated Analysis Method of Functional Safety and Cyber Security of Avionics System for Civil Aircraft[J]. China Safety Science Journal, 2022, 32(9): 49-56. doi: 10.16265/j.cnki.issn1003-3033.2022.09.2126
	赵长啸, 汪克念, 张伟, 等. 民机航电系统功能安全-信息安全一体化分析方法[J]. 中国安全科学学报, 2022, 32(32):49-56.
[6]	ZIMMER L, YVARS P A, LAFAYE M. Models of Requirements for Avionics Architecture Synthesis: Safety, Capacity and Security[EB/OL]. (2020-12-01)[2023-12-22]. https://hal.science/hal-03957544/.
[7]	ATHAVALE J, MARIANI R, PAULITSCH M. Flight Safety Certification Implications for Complex Multi-Core Processor Based Avionics Systems[C]// IEEE. In 2019 IEEE International Reliability Physics Symposium(IRPS). New York: IEEE, 2019: 1-6.
[8]	SMITH M, STROHMEIER M, HARMAN J, et al. Safety vs. Security: Attacking Avionic Systems with Humans in the Loop[EB/OL]. (2019-05-20)[2023-12-22]. https://www.researchgate.net/publication/333233094_Safety_vs_Security_Attacking_Avionic_Systems_with_Humans_in_the_Loop.
[9]	BEEK M H T, LEGAY A, LAFUENTE AL, et al. Quantitative Security Risk Modeling and Analysis with RisQFLan[EB/OL]. (2021-10-01)[2023-12-22]. https://doi.org/10.1016/j.cose.2021.102381.
[10]	JHAWAR R, MAUW S, ZAKIUDDIN I. Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory[EB/OL]. (2016-01-01)[2023-12-22]. https://research.utwente.nl/en/publications/automating-cyber-defence-responses-using-attack-defence-trees-and.
[11]	HUANG Bo, QIN Yuhai, LIU Yang, et al. Research of Vulnerability Assessment and Risk ProbabilityBase on General Attack Tree[J]. Netinfo Security, 2022, 22(10): 39-44.
	黄波, 秦玉海, 刘旸, 等. 基于通用攻击树的脆弱性评估与风险概率研究[J]. 信息网络安全, 2022, 22(10):39-44.
[12]	CHEHIDA S, BAOUYA A, BOZGA M, et al. Exploration of Impactful Countermeasures on IoT Attacks[C]// IEEE. 9th Mediterranean Conference on Embedded Computing(MECO). New York: IEEE, 2020: 1-4.
[13]	ARIAS J, BUDDE C E, PENCZEK W, et al. Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems[C]// Springer. In International Conference on Formal Engineering Methods. Heidelberg: Springer, 2020: 3-19
[14]	RIOS E, REGO A, ITURBE E, et al. Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees[EB/OL]. (2020-08-07)[2023-12-22]. https://www.mdpi.com/1424-8220/20/16/4404.
[15]	PETRUCCI L, KNAPIK M, PENCZEK W, et al. Squeezing State Spaces of (Attack-Defence) Trees[C]// IEEE. 24th International Conference on Engineering of Complex Computer Systems(ICECCS). New York: IEEE, 2019: 71-80.
[16]	LIU Guiyun, PENG Baihao, ZHONG Xiaojing. Epidemic Analysis of Wireless Rechargeable Sensor Networks Based on an Attack-Defense Game Model[EB/OL]. (2021-01-15)[2023-12-22]. https://www.mdpi.com/1424-8220/21/2/594.
[17]	LIU Guiyun, PENG Baihao, ZHONG Xiaojing, et al. Attack-Defense Game between Malicious Programs and Energy-Harvesting Wireless Sensor Networks Based on Epidemic Modeling[J]. Complexity, 2020(1): 1-9.
[18]	ZHOU Haiping, SHEN Shigen, LIU Jianhua. Malware Propagation Model in Wireless Sensor Networks under Attack-Defense Confrontation[J]. Computer Communications, 2020, 162: 51-58.
[19]	WU Yingfu, KANG Bingyi, WU Hao. Strategies of Attack-Defense Game for Wireless Sensor Networks Considering the Effect of Confidence Level in Fuzzy Environment[EB/OL]. (2021-04-12)[2023-12-22]. https://www.sciencedirect.com/science/article/pii/S0952197621000853.
[20]	ZHANG Zhimei, HUANG Shaowei, CHEN Ying, et al. Cyber-Physical Coordinated Risk Mitigation in Smart Grids Based on Attack-Defense Game[J]. IEEE Transactions on Power Systems, 2021, 37(1): 530-542.
[21]	PENG Rui, WU Di, SUN Mengyao, et al. An Attack-Defense Game on Interdependent Networks[J]. Journal of the Operational Research Society, 2021, 72(10): 2331-2341.

策略类型	策略完整收益	策略目标资产	资产相对重要性
网络策略	5	物理策略	5
物理策略	3	网络策略	4
信息物理策略	3	信息物理策略	3
间接策略	2	间接策略	1

攻击者策略类型	完整执行成本	防御者策略类型	完整执行成本
网络策略	4	物理策略	5
物理策略	2	网络策略	3
信息物理策略	1	信息物理策略	1

策略类型	完整风险值
信息物理策略	2
网络策略	1
物理策略	1