基于时机博弈的网络安全防御决策方法

现有的网络防御决策模型大多基于攻防行为进行建模分析，忽视了攻防时机对网络安全产生的影响，且对网络攻防时机的选取大多依赖经验和主观判断，导致网络安全管理者在进行防御决策时难以提供可信的理论支撑。然而网络攻防的时机因素对网络防御决策的意义重大，在面对外部攻击时能否进行实时决策，决定了网络在攻防对抗中能否掌握主动，以最小的代价将攻击危害降到最低。针对网络安全中的时机策略选取问题，提出一种网络安全防御决策方法，基于SIR传染病模型并加以改进，构造描述网络安全状态的微分方程，实现对系统安全状态的实时度量。借鉴FlipIt博弈方法构建攻防时机博弈模型，提出攻防收益量化与计算方法，通过求解不同攻防周期策略下的纳什均衡，获得最优防御时间策略。实验结果表明，当攻击策略一定时，使用该方法动态选择最优防御策略的平均收益为0.26，相比固定周期的防御方法，平均防御收益提高了23.81%。

Network Security Defense Decision Method Based on Time Game

Currently major network assessment models focus on the intensity of attack and defense, often ignoring the impact of timing on network security.While selecting attack and defense timing, mostly relying on subjective experience and judgement, network managers lack quantitative analysis and credible theoretical support on making defense decisions.A key factor in network defense is timing decision against various attacks to seize the initiative with lower cost and damage, which is significant in protecting network resource.To effectively solve the problem of time strategy selection in network security, this study proposes a network security defense decision-making method, an improved Susceptible-Infectious-Removed (SIR) epidemic model that is used to characterize differential equations of network real-time security states.We present a method to quantify and calculate utilities of attack and defense with a FlipIt game method.An optimal defense time strategy is proposed via calculating the Nash equilibrium under different periodic strategies of attack and defense.The experimental results show that, when the attack strategy is constant, the dynamic optimal defense strategy in this study is 0.26.Compared with periodic defense strategy, the average utility is improved by 23.81%.