基于博弈论和网络弱点分析的网络主动防御技术研究

针对各种网络攻击，传统的安全技术大部分属于静态的、片面的被动安全防御，各种技术孤立使用．不能很好地配合，防御滞后于攻击，缺乏主动性和对攻击的预测能力。面对这两个问题，综合使用多种防御措施，基于博弈论最优决策方法，实现了在攻击发生前，对攻击步骤做到最优预测，并做好相应的防御准备，从而获得攻防的主动权。研究中，首先分析网络弱点信息，建立弱点信息关联图和基于弱点的系统状态转化图。同时捕获当前攻击行为模式串，预测并获取攻击者准弱点利用集。然后进一步建立系统状态转换博弈树，并对树节点进行权重标识，建立博弈论可求解的矩阵博弈模型。最后，利用线性规划知识求解该博弈模型，得到可能攻击行为概率分布和相应的防御措施最优概率分布，从而达到网络主动防御的目的。

The Network Active Defense Research based on the Game Theory and the Analysis of Network Vulnerabilities

At present, in order to deal with various network attack, there appears many kinds corresponding defense measures. But these traditional safety technologies most belong to. the static, one-sided passive safety defense, which lag behind the attacks. At the same time, because many sorts of technologies are used isolated, the function effect is not good. Facing the two problems, this study comprehensive us- es a variety of defensive measures, and uses the game theory and the optimal decision method to get the optimal forecasting of the network attack, therefore does some defense preparation. This research first analyzes the weaknesses information of current network, captures sthe current attacks, and then gets the next most possible attack weakness set. Afier that, this study further establishes system state transition game tree, and uses the game theory to establish the matrix game model. In the end, the knowledge in linear programming is used to solve the game model, and achieves the probability distribution of possible attack behaviors and the optimal probability distribution of corre- sponding defensive measures,which reaches the purpose of the network active defense.