基于贝叶斯序贯博弈模型的智能电网信息物理安全分析

智能电网是利用信息技术优化从供应者到消费者的电力传输和配电网络.作为一种信息物理系统（Cyber-physical system,CPS）,智能电网由物理设备和负责数据计算与通信的网络组成.智能电网的诸多安全问题会出现在通信网络和物理设备这两个层面,例如注入坏数据和收集客户隐私信息的网络攻击,攻击电网物理设备的物理攻击等.本文主要研究了智能电网的系统管理员（防护者）如何确定攻击者类型,从而选择最优防护策略的问题.提出了一种贝叶斯序贯博弈模型以确定攻击者的类型,根据序贯博弈树得到博弈双方的均衡策略.首先,对类型不确定的攻击者和防护者构建静态贝叶斯博弈模型,通过海萨尼转换将不完全信息博弈转换成完全信息博弈,得到贝叶斯纳什均衡解,进而确定攻击者的类型.其次,考虑攻击者和防护者之间的序贯博弈模型,它能够有效地帮助防护者进行决策分析.通过逆向归纳法分别对两种类型的攻击者和防护者之间的博弈树进行分析,得到博弈树的均衡路径,进而得到攻击者的最优攻击策略和防护者的最优防护策略.分析表明,贝叶斯序贯博弈模型能够使防护者确定攻击者的类型,并且选择最优防护策略,从而为涉及智能电网信息安全的相关研究提供参考.     

信息安全技术投资的自适应模型

根据攻防双方信息不对称现象,结合不完全信息博弈论及信息安全的有关理论,构建一个基于成本-收益的信息安全技术选择的投资博弈模型,得出在两种不同的安全技术配置下(仅使用防火墙或防火墙与入侵检测系统共用)博弈双方的最优策略.通过对用户攻击率、系统响应率和入侵给系统带来的损失及系统的响应成本进行分析比较,探讨了安全技术的价值,从而给出能动态调整安全技术的自适应入侵响应策略.最后通过实例进一步验证了相关结论.     

An attack-and-defence game for security assessment in vehicular ad hoc networks

Recently, there is an increasing interest in Security and Privacy issues in Vehicular ad hoc networks (or VANETs). However, the existing security solutions mainly focus on the preventive solutions while lack a comprehensive security analysis. The existing risk analysis solutions may not work well to evaluate the security threats in vehicular networks since they fail to consider the attack and defense costs and gains, and thus cannot appropriately model the mutual interaction between the attacker and defender. In this study, we consider both of the rational attacker and defender who decide whether to launch an attack or adopt a countermeasure based on its adversary’s strategy to maximize its own attack and defense benefits. To achieve this goal, we firstly adopt the attack-defense tree to model the attacker’s potential attack strategies and the defender’s corresponding countermeasures. To take the attack and defense costs into consideration, we introduce Return On Attack and Return on Investment to represent the potential gain from launching an attack or adopting a countermeasure in vehicular networks. We further investigate the potential strategies of the defender and the attacker by modeling it as an attack-defense game. We then give a detailed analysis on its Nash Equilibrium. The rationality of the proposed game-theoretical model is well illustrated and demonstrated by extensive analysis in a detailed case study.     

融合攻击图和博弈模型的网络防御策略生成方法

近些年威胁网络安全的事件日趋频繁,黑客的攻击手段越来越复杂,网络安全防护的难度不断增加.针对实际攻防环境中攻击策略复杂多变和攻击者不理性的问题,文章将攻击图融入攻防博弈模型,并引入强化学习算法,设计了一种网络主动防御策略生成方法.该方法首先基于改进攻击图的网络脆弱性评估模型,成功压缩策略空间并有效降低建模难度,然后对网...     

基于非零和攻防博弈模型的主动防御策略选取方法

针对现实网络攻防环境中防御措施的滞后性以及攻防对抗过程中双方收益不完全相等的问题,提出一种基于非零和博弈的主动防御策略选取方法。首先依据攻击者与系统的博弈关系,结合网络安全问题实际情况提出网络安全博弈图;其次在此基础上给出一种基于非零和博弈的网络攻防博弈模型,结合主机重要度以及防御措施成功率计算单一安全属性攻防收益值,进而根据攻防意图对整体攻防收益进行量化;最后通过分析纳什均衡得到最优主动防御策略。实例验证了该方法在攻击行为预测和主动防御策略选取方面的有效性和可行性。     

基于博弈模型的网络安全失效分析方法研究

提出了一种基于博弈模型的网络安全性失效的分析方法。针对不可修复的网络系统,安全失效过程被看作一个攻击方控制状态转移的随机博弈过程。从攻击的角度计算分析了在此过程中攻击方的总收益和最优策略,结果表明当支付期望值在一定的范围内变化时,攻击者将不改变其行动选择。     

基于贝叶斯−斯坦科尔伯格博弈的SDN安全控制平面模型

提出一种基于动态异构冗余的安全控制平面,通过动态地变换异构的控制器以增加攻击者的难度。首先,提出基于贝叶斯?斯坦科尔伯格博弈模型的控制器动态调度方法,将攻击者和防御者作为博弈参与双方,求得均衡解,进而指导调度策略;其次,引入一种自清洗机制,与博弈策略结合形成闭环的防御机制,进一步地提高了控制层的安全增益;最后,实验定量地描述了基于该博弈策略的安全控制层相比与传统部署单个控制器以及采用随机策略调度控制器的收益增益,并且自清洗机制能够使控制平面一直处于较高的安全水平。     

主动攻击下的隐写系统博弈模型

针对隐写系统面临的主动攻击问题,对隐写方和主动攻击方之间的对抗关系进行建模,提出了以信息嵌入率和错误率两个目标为收益函数的隐写系统博弈模型。借助二人有限零和博弈基本理论,分析了隐写方和主动攻击方博弈均衡的存在性,并给出了均衡局势下对抗双方的策略求解方法。最后通过求解一个实例说明了模型的有效性。建立的模型可为隐写方和主动攻击方的最优策略选择提供理论依据,对抗主动攻击的隐写算法设计也具有一定的指导意义。     

基于攻防博弈模型的层次化网络安全评估探析

攻防博弈模型在网络安全评估中的应用,可以帮助系统管理员及时发现网络中潜在的网络威胁和存在的安全隐患,而系统管理员可以根据不同的安全需求进行最优防御策略的选择和实施,从而大大降低不安全事件发生的可能性,进一步达到网络安全防护的目的。     

基于攻防博弈的SCADA系统信息安全评估方法

信息安全评估是保障SCADA系统正常工作的基础性工作。现有各类评估方法都未考虑攻击者与防御者双方之间的相互影响及经济效益。为了解决这一问题,提出了一种基于攻击防御树和博弈论的评估方法。该方法以攻击防御树为基础,计算攻击者和防御者各自的期望收益函数,并建立系统的攻防博弈模型,求解该完全信息静态博弈模型的混合策略纳什均衡,得到攻防双方的策略选择概率分布结果。针对一个SCADA系统主从站的信息攻防实例进行计算分析,说明了该方法的具体应用。评估结果表明,该方法合理可行,能够帮助风险管理者评估现有系统信息安全防御措施的投资效益,有针对性地重点部署防御措施,实现收益最大化。     

QoS guaranteeing robust scheduling in attack resilient cloud integrated cyber physical system

In this paper, we propose a security framework based on the semi-network form game in unison with a robust and attack resilient scheduling mechanism for a cloud integrated Cyber Physical System (CPS). As CPS moves from the traditional Sensing Control and Data Acquisition (SCADA) systems with limited on-board processing units, the need to use cloud computing arises owing to the ever increasing processing demands of heterogeneous CPS applications. In such systems, system stability and critical operational capability have the highest priority. This multi-system coupling can have security vulnerabilities which can cripple the speed and effectiveness of data processing, which is unacceptable in time and resource critical CPS applications owing to the need for satisfying the stringent Quality of Service (QoS) requirements. Therefore, a robust scheduling mechanism invulnerable to security attacks is needed to efficiently utilize the scalable processing components as provided by a cloud computing platform. However, scalability brought in by the cloud integration and data migration increases the attack space of an attacker due to an increase in available access points. To address this issue, we developed a new method of learning procedure using Bayesian Networks for the semi-network form game to aid our scheduling algorithm. We employ game theoretic principles to proactively understand the behavior of an attacker based on the strategic decisions made by the defender. This helps us in building a robust scheduling mechanism that schedules tasks based on the decisions made from the output of the game.     

Learning machiavellian strategies for manipulation in Stackelberg security games

This paper suggests a new approach for repeated Stackelberg security games (SSGs) based on manipulation. Manipulation is a strategy interpreted by the Machiavellianism social behavior theory, which consists on three main concepts: view, tactics, and immorality. The world is conceptualized by manipulators and manipulated (view). Players employ Machiavelli’s tactics and Machiavellian intelligence in order to manipulate attacker/defender situations. The immorality plays a fundamental role in these games, defenders are able to not be attached to a conventional moral in order to achieve their goals. We consider a security game model involving manipulating defenders and manipulated attackers engaged cooperatively in a Nash game and at the same time restricted by a Stackelberg game. The resulting game is non-cooperative bargaining game. The cooperation is represented by the Nash bargaining solution. We propose an analytical formula for solving the manipulation game, which arises as the maximum of the quotient of two Nash products. The role of the players in the Stackelberg security game are determined by the weights of the players for the Nash bargaining approach. We consider only a subgame perfect equilibrium where the solution of the manipulation game is a Strong Stackelberg Equilibrium (SSE). We employ a reinforcement learning (RL) approach for the implementation of the immorality. A numerical example related to developing a strategic schedule for the efficient use of resources for patrolling in a smart city is handled using a class of homogeneous, ergodic, controllable, and finite Markov chains for showing the usefulness of the method for security resource allocation.

     

基于静态贝叶斯博弈的风险评估方法研究

目前基于博弈论的风险评估方法大多数采用完全信息博弈模型,无法应对攻击者和防御者互不清楚对方行为的情况。基于静态贝叶斯博弈理论建立攻防博弈模型,将攻击者和防御者分为多种类型,全面地分析了博弈的贝叶斯均衡及其存在性,并结合防御者反击行为、攻击成功率对已有的策略收益量化方法进行改进。基于博弈均衡进行攻击行为可信预测,给出了风险评估算法对信息系统所存在的风险进行计算,得到系统风险值。最后,通过一个实例分析验证了模型和算法的有效性。     

基于演化博弈的蜜罐有效性机理证明

借鉴自然界生物演变进化过程中复制动态的思想,基于演化博弈对蜜罐技术的有效性机理进行研究,分析网络中攻防双方如何根据自身行动策略及支付函数进行演变,从而使博弈收益最大化。演化博弈从一种全新角度诠释了博弈均衡概念,不再是完全理性也非完全信息,为纳什均衡和均衡战略的选择演绎出新方法。演化博弈过程中,防御方是包括普通服务和蜜罐的混合系统,其对手是访问混合系统的恶意攻击者,双方构成了博弈参与者。混合网络系统可看作一个生态系统,而来访者则只有攻击者一个种群;混合系统持续为来访者提供服务,攻击者可选择访问或不访问。论文基于复制动态方程推理计算满足演化稳定策略的均衡点,并利用Matlab平台仿真验证博弈双方的策略演变趋势,从而在理论上证明了蜜罐技术的有效性机理。     

基于时空维度分析的网络安全态势预测方法

现有网络安全态势预测方法无法准确反映未来安全态势要素值变化对未来安全态势的影响,且不能很好地处理各安全要素间的相互影响关系对未来网络安全态势的影响,提出了基于时空维度分析的网络安全态势预测方法.首先从攻击方、防护方和网络环境3方面提取网络安全态势评估要素,然后在时间维度上预测分析未来各时段内的安全态势要素集,最后在空间维度上分析各安全态势要素集及其相互影响关系对网络安全态势的影响,从而得出网络的安全态势.通过对公用数据集网络的测评分析表明,该方法符合实际应用环境,且相比现有方法提高了安全态势感知的准确性.     

The economic impact of cyber terrorism

What is the economic impact of cyber terrorism? Can organizations achieve strategic advantage in the cyber terrorism game? A general game theoretical model is proposed to study the optimal information systems (ISs) security investment and then applied to compare the losses caused by cyber terrorists and common hackers. Literature is reviewed on IS security, game theoretical models of IS security, cyber terrorism, cyber deterrence and IS security breach function. Simulations with varying levels of attacker’s preference, breach function sensitivity and deterrence level are carried out to determine sensitivity to the optimal IS security investment. Results suggest that organizations should invest more to protect their strategic information systems against cyber terrorists who have long-term goals.     

基于互信息博弈的侧信道攻击安全风险评估

侧信道攻击的攻防过程可以视为互信息博弈过程,博弈的双方分别为密码设备设计者(防御方)和攻击者。 防御方的博弈目标是通过制定相关的防御策略,减少由侧信道泄漏所引发的局部风险和全局风险;对攻击方而言,其 博弈目标正好与之相反。从制定安全策略、降低安全风险的角度出发,将互信息博弈理论引入密码芯片设计者(防御 方)和攻击者的决策过程,考察攻防策略的选择对安全风险的影响,并结合互信息的量化方法,给出了 Nash均衡条件 下攻防双方的优化策略选择方法及Nash均衡下攻防双方的互信息收益。     

基于攻防随机博弈模型的防御策略选取研究

由于网络安全攻防双方的目标对立性和策略依存性,使得最优防御策略选取问题十分复杂.形式化定义了网络安全防御策略选取问题.提出了一种刻画网络安全攻防矛盾,解决防御策略选取问题的攻防随机博弈模型.该模型是矩阵型攻防博弈模型和Markov决策过程的扩展,是多人、多状态的动态攻防推演模型.将攻击者在网络实体上的特权状态作为攻防随机博弈模型的元素,建模网络攻防状态的动态变化,并预测攻击行为和决策最优防御策略.给出了基于上述模型的防御策略选取算法.用一个网络实例分析了该模型和算法在攻击策略预测和防御策略决策方面的有效性.     

基于非零和随机博弈的APT攻击主动防御策略选取

为解决APT（高级持续性威胁）攻防对抗过程中的防御滞后性问题,并在有限资源下做出最优主动防御决策,针对APT攻击过程中攻防双方意图、可行策略集随攻击阶段推进而演变的特点进行了研究,基于非合作博弈理论构建了多阶段APT攻防随机博弈模型AO-ADSG（APT-oriented attack-defense stochastic game）。针对APT攻防对抗中双方效用不对等的现象引入非零和思想,设计符合APT攻击特征的全资产要素效用量化方法;在分析博弈均衡的基础上给出最优防御策略选取算法。最后,通过“夜龙攻击”模拟实验验证了提出方法的可行性及正确性。     

A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention

ABSTRACT

Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.