基于Markov博弈模型的网络安全态势感知方法

为了分析威胁传播对网络系统的影响,准确、全面地评估系统的安全性,并给出相应的加固方案,提出一种基于Markov博弈分析的网络安全态势感知方法通过对多传感器检测到的安全数据进行融合,得到资产、威胁和脆弱性的规范化数据;对每个威胁,分析其传播规律,建立相应的威胁传播网络:通过对威胁、管理员和普通用户的行为进行博弈分析,建立...

Network Security Situation Awareness Approach Based on Markov Game Model

To analyze the influence of propagation on a network system and accurately evaluate system security, this paper proposes an approach to improve the awareness of network security, based on the Markov Game Model (MGM). This approach gains a standard data of assets, threats, and vulnerabilities via fusing a variety of system security data collected by multi-sensors. For every threat, it analyzes the rule of propagation and builds a threat propagation network (TPN). By using the Game Theory to analyze the behaviors of threats, administrators, and ordinary users, it establishes a three player MGM. In order to make the evaluation process a real-time operation, it optimizes the related algorithm. The MGM can dynamically evaluate system security situation and provide the best reinforcement schema for the administrator. The evaluation of a specific network indicates that the approach is suitable for a real network environment, and the evaluation result is precise and efficient. The reinforcement schema can effectively curb the propagation of threats.