非对称信息条件下APT攻防博弈模型

针对目前缺少对高级持续威胁（APT）攻击理论建模分析的问题，提出了一种基于FlipIt模型的非对称信息条件下的攻防博弈模型。首先，将网络系统中的目标主机等资产抽象为目标资源节点，将攻防场景描述为攻防双方对目标资源的交替控制；然后，考虑到攻防双方在博弈中观察到的反馈信息的不对称性以及防御效果的不彻底性，给出了在防御者采取更新策略时攻防双方的收益模型及最优策略的条件，同时给出并分别证明了达到同步博弈与序贯博弈均衡条件的定理；最后通过数例分析了影响达到均衡时的策略及防御收益的因素，并比较了同步博弈均衡与序贯博弈均衡。结果表明周期策略是防御者的最优策略，并且与同步博弈均衡相比，防御者通过公布其策略达到序贯博弈均衡时的收益更大。实验结果表明所提模型能够在理论上指导应对隐蔽性APT攻击的防御策略。

Attack-defense game model for advanced persistent threats with asymmetric information

To solve the problem of the lack of modeling and analysis of Advanced Persistent Threat (APT) attacks, an attack-defense game model based on FlipIt with asymmetric information was proposed. Firstly, the assets such as targeted hosts in the network system were abstracted as the target resource nodes and the attack-defense scenarios were described as the alternating control of the target nodes. Then, considering the asymmetry of the feedback information observed by the two sides and the incomplete defensive effect, the conditions of the payoff model and the optimal strategy of the attacker and defender were proposed in the case of renewal defense strategy. Besides, theorems of simultaneous and sequential equilibrium were proposed and demonstrated. Finally, numerical illustrations were given to analyze the factors of equilibrium strategy as well as defense payoff and to compare simultaneous and sequential equilibrium. The experimental results show that period strategy is defender's best strategy and the defender can achieve sequential equilibrium meanwhile obtaining more payoffs compared with simultaneous equilibrium by announcing her defense strategy in advance. Conclusions show that the proposed model can theoretically guide defense strategy towards stealthy APT attacks.