基于博弈论的无线传感网络节点攻防优化

针对无线传感器网络各节点在安全需求与资源消耗上存在的矛盾,提出一种基于博弈论的无线传感网络节点优化博弈模型.首先,通过分析网络节点中攻击方的攻击代价与防守方的防守开销,基于博弈论分析攻防双方的效用函数并构造攻防博弈模型;其次,根据网络节点中攻防双方选择的不同行动策略,结合信息论技术将攻防双方抽象成随机变量,并设计博弈信...     

Evaluation of mimic defense strategy based on M-FlipIt game model

To make up for the lack of security performance evaluation of the mimic defense systems in the advanced persistent threat scenarios an improved game model based on the FlipIt game theory model was proposed.The dynamic strategy of mimic defense under different heterogeneity conditions was evaluated,and a case study for the simulation analysis was conducted.The simulation results show that the rotation of indefinite period can make up for the lack of heterogeneity and maintain the higher game payoff of defenders.     

Website defense strategy selection method based on attack-defense game and Monte Carlo simulation

Aiming at the selection of security defense strategy in network attack-defense,the dynamic change process of mutual influence between attack-defense strategy was studied.Based on the game process of both offense and defense,the attack-defense game model was constructed,the attack process of the attacker based on Monte Carlo simulation was simulated and the attacker’s best attack utility was obtained,so as to calculate the best defensive utility of the defender.In order to maximize the effectiveness of network security defense,the optimal defense strategy under limited resources was implemented.Simulation experiments verify the effectiveness of the proposed method and analyze the influence of different parameter settings on the selection of defense strategy.     

Optimal strategy selection method for moving target defense based on signaling game

To solve the problem of the optimal strategy selection for moving target defense,the defense strategy was defined formally,the defense principle from the perspective of attack surface shifting and exploration surface enlarging was taken into account.Then,network attack-defense behaviors were analyzed from the sight of dynamic confrontation and bounded information.According to the analysis of attack-defense game types and confrontation process,the moving target defense model based on signaling game was constructed.Meanwhile,the method to quantify strategies was improved and the solution of perfect Bayesian equilibrium was proposed.Furthermore,the optimal defense strategy selection algorithm was designed by the equilibrium analysis.Finally,the simulation demonstrates the effectiveness and feasibility of the proposed optimal strategy and selection method.     

Optimal strategy selection approach of moving target defense based on Markov time game

For the problem that the existed game model was challenging to model the dynamic continuous characteristics of network attack and defense confrontation effectively,a method based on Markov time game was proposed to select the optimal strategy for moving target defense.Based on the analysis of the attack and defense confrontation process of moving targets,the set of moving target attack and defense strategies was constructed.The dynamics of the single-stage moving target defense process was described by time game.The randomness of multi-stage moving target defense state transformation was described by Markov decision process.At the same time,by abstracting the use of resource vulnerability by attack-defense participants as the alternation of the control of the attack surface,the versatility of the game model was effectively guaranteed.On this basis,the existence of equilibrium was analyzed and proved,and the optimal strategy selection algorithm was designed.Finally,the practicality of the constructed model and the effectiveness of the algorithm are verified by an application example.     

基于动态伪装网络的主动欺骗防御方法

针对现有蜜罐易被攻击者识破而导致其抵御渗透攻击时经常失效的问题,提出一种基于动态伪装网络的主动欺骗防御方法。首先,给出动态伪装网络定义并描述基于动态伴随网络的主动欺骗攻防场景;然后,在分析攻防交互过程的基础上,构建信号博弈模型来指导最优欺骗策略选取;进一步,设计基于双层威胁渗透图的攻防策略收益量化方法;最后,提出一种统一纯策略与混策略的博弈均衡求解方法。实验结果表明,基于动态伪装网络,精炼贝叶斯均衡能够为防御者实施最优防御策略提供有效指导,实现防御者收益最大化。此外,还总结了利用动态伪装网络进行主动欺骗防御的特点与规律。     

Research on active defense based on multi-stage cyber deception game

In view of the characteristic that attacker depended on the detected information to decide the next actions,the non-cooperative signal game theory was applied to analyze cyber attack and defense.The signal deception mechanism in the process of cyber attack and defense was considered deeply by constructing a multi-stage cyber deception game model,and the dynamic analysis and deduction of the multi-stage cyber attack and defense was realized by considering the attenuation of cyber deception signals.A solution for multi-stage cyber deception game equilibrium was improved based on analysis of cyber attack and defense,and an optimal algorithm for selecting cyber deception defense strategies was designed.The effectiveness of the model is verified by simulations.The rules of multi-stage cyber deception games are summarized based on the results,which can provide effective guidance for the research on cyber active defense.     

基于博弈论的跳频通信装备电子防御效能评估

为解决不同电子进攻条件下跳频通信装备电子防御效能动态评估问题,提出了一种基于博弈论的评估方法.首先,从技术性能、战术策略、操作人员3个角度构建评估指标体系;其次,通过4种归一化方法、复合权重、两种聚合模型,设计了一种多指标综合算法对通信电子防御效能进行评估;最后,将评估结果作为盈利,通过攻防双方博弈得到纳什均衡评估值.仿真分析表明,该方法能合理地考虑攻防双方、战术策略和操作人员对效能发挥的影响,与传统的静态评估方法相比更具科学性、优越性,具有一定的实用价值.     

Honeypot game‐theoretical model for defending against APT attacks with limited resources in cyber‐physical systems

A cyber‐physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well‐funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game‐theoretical model considering both low‐ and high‐interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.     

Improving replicator dynamic evolutionary game model for selecting optimal defense strategies

In terms of the existence of strategy dependency in the same game group,network attack-defense evolutionary game model based on the improved replicator dynamics was constricted by introducing the intensity coefficient,which completed the method of calculating replicator dynamic rate.The improved replicator dynamic equation was adopted to solve the evolutionary equilibrium for the situation that both attack and defense have two optional strategies.The stability of the equilibrium points was analyzed by the local stability analysis method of Jacobian matrix,and the optimal defense strategies were obtained under different conditions.The results show that the strategy dependency between the players in the same group has a certain influence on the evolution of the game,both the incentive and the inhibition.Finally,the accuracy and validity of the model and method are verified by the experimental simulation,which provides a new theoretical support for solving the information security problems in the real.     

Mimic defense authentication method for physical access control

To address the security problem of the vulnerability of the authentication methods of traditional physical access control systems,a mimic defense authentication method was designed based on the principle of mimic defense technique and its dynamic heterogeneous redundant architecture (DHR),using mobile 2D code as the interface and dynamic password as the core.First,the actuator pool of the authentication server was constructed.Then,a central controller consisting of functional modules such as input distribution agent,selector and voter was used to dynamically schedule heterogeneous redundant actuators from the actuator pool.Finally,a multimode ruling on the heterogeneous redundant actuator output to determine the authentication result was made by the voter.The experimental results show that the proposed authentication method has higher security and reliability compared to the traditional physical access control system authentication method,and at the same time,it can be used in combination with other authentication methods.     

Endogenous security architecture of Ethernet switch based on mimic defense

Aiming at the unknown vulnerabilities and unknown backdoor security threats faced by Ethernet switches,a switch endogenous security architecture based on mimicry defense theory was proposed.The theoretical basis,construction mode and security mechanism of the architecture ware introduced,the algorithm strategy and security improvement effect of TAMA algorithm were proposed and analyzed,a prototype of mimic switch was designed and implemented,and the security tests of white box stuffing and attack chain were carried out.Theoretical analysis and test results show that the architecture has good unknown vulnerabilities and unknown backdoor defense capabilities in various attack scenarios.     

Markov微分博弈模型及其在网络安全中的应用

当前基于博弈理论的网络安全研究成果难以应用于实时、连续、随机对抗的网络攻防过程.本文针对网络安全防御的实时性和网络状态变化的随机性,基于动态、实时对抗的视角分析攻防行为,在结合微分博弈模型和Markov决策方法的基础上进行扩展,构建Markov攻防微分博弈模型,分析具有多个阶段且每阶段持续时间较短的攻防过程;提出多阶段博弈均衡解计算方法,设计多阶段最优防御策略选取算法.仿真实验结果表明,模型和算法有效且可行.     

Defense strategies selection based on attack-defense evolutionary game model

Due to that the current network security researches based on game theory mostly use the completely rationality assumption,which is not consistent with the facts.Under the bounded rationality constraint of network attack-defense,attack-defense evolutionary game model and a method to solve evolutionary stable equilibrium based on the non-cooperative evolutionary game theory was proposed.The optimal defense strategy selection algorithm was designed based on the analysis of the evolutionary stable strategy.The effectiveness of the model and method proposed is verified by simulation results,through which some evolution conclusions of offensive behavior on the premise of limited rationality were drawn.     

基于多阶段攻防信号博弈的最优主动防御

从网络攻防对抗的实际场景出发,针对具有不完全信息约束的多阶段动态攻防过程,构建了多阶段攻防信号博弈模型.针对多阶段攻防过程中信号作用衰减的问题,提出信号衰减因子进行量化描述.在此基础上,设计了多阶段攻防博弈均衡的求解方法,并给出了最优主动防御策略选取算法.通过仿真实验验证了本文模型和方法的有效性,并且分析总结了多阶段攻防博弈的规律.     

Moving target defense against network eavesdropping attack using POF

Eavesdropping attack hereby was the major attack for traditional network communication.As this kind of attacks was stealthy and untraceable,it was barely detectable for those feature detection or static configuration based passive defense approaches.Since existing encryption or dynamic address methods could only confuse part of fields of network protocols,they couldn’t form a comprehensive protection.Therefore a moving target defense method by utilizing the protocol customization ability of protocol-oblivious forwarding (POF) was proposed,through private protocol packet randomization strategy and randomly drop deception-packets on dynamic paths strategy.It could greatly increase the difficulty of implementing network eavesdropping attack and protect the privacy of the network communication process.Experiments and compare studies show its efficiency.     

基于Markov演化博弈的网络防御策略选取方法

当前运用博弈理论的网络安全研究大多采用完全理性假设,本文针对现实社会中攻防双方的有限理性限制条件和攻防过程的动态变化特征,基于非合作演化博弈理论,从有限理性约束出发,将演化博弈模型与Markov决策相结合,构建多阶段Markov攻防演化博弈模型,实现对多阶段、多状态攻防对抗的动态分析推演;依据博弈的折扣总收益设计目标函数,提出多阶段博弈均衡的求解方法,给出最优防御策略选取算法.通过实验验证了模型和方法的有效性.     

Heterogeneous redundancies scheduling algorithm for mimic security defense

The scheduling of heterogeneous redundancies is one of the key lines of mimic security defense,but the existing scheduling strategies are lack of consideration about the similarity among redundancies and the scheduling algorithms are incomprehensive.A new scheduling algorithm called random seed & minimum similarity (RSMS) algorithm was proposed,which combined dynamics and reliability by determining a scheduling scheme with minimum global-similarity after choosing a seed-redundancy randomly.Theoretical analysis and simulation results show that RSMS algorithm possessed a far longer scheduling cycle than maximum dissimilarity algorithm,as well as a far lower failure rate than random scheduling algorithm,which represents an effective balance between dynamics and reliability.     

Dynamic defenses in cyber security: Techniques,methods and challenges

Driven by the rapid development of the Internet of Things, cloud computing and other emerging technologies, the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities. However, security problems in cyberspace are becoming serious, and traditional defense measures (e.g., firewall, intrusion detection systems, and security audits) often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence. By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing, and the probability of vulnerability exposure is increasing. Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace. Nonetheless, few related works systematically introduce dynamic defense mechanisms for cyber security. The related concepts and development strategies of dynamic defense are rarely analyzed and summarized. To bridge this gap, we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security. Specifically, we firstly introduce basic concepts and define dynamic defense in cyber security. Next, we review the architectures, enabling techniques and methods for moving target defense and mimic defense. This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense. Finally, we discuss some open challenges and opportunities for dynamic defense in cyber security.     

基于随机演化博弈模型的网络防御策略选取方法

针对攻防博弈系统中存在攻防策略集和系统运行环境改变等各类随机干扰因素的问题,传统确定性博弈模型无法准确描述攻防博弈过程.利用非线性Itó随机微分方程构建随机演化博弈模型,用于分析攻防随机动态演化过程.通过求解,并根据随机微分方程稳定性判别定理对攻防双方的策略选取状态进行稳定性分析,设计出基于随机攻防演化博弈模型的安全防御策略选取算法.最后,通过仿真验证了不同强度的随机干扰对攻防决策演化速率的影响,且干扰强度越大,防御者更倾向于选择强防御策略,攻击者更倾向于选择强攻击策略.本文模型和方法能够用于网络攻击行为预测和安全防御决策.