网络与信息安全学报 ›› 2019, Vol. 5 ›› Issue (6): 58-66.doi: 10.11959/j.issn.2096-109x.2019063

• 学术论文 • 上一篇    下一篇

面向网络实时对抗的动态防御决策方法

冷强1,杨英杰1,常德显1,潘瑞萱1,蔡英2,胡浩1()   

  1. 1 信息工程大学,河南 郑州 450001
    2 河南省理工学校,河南 郑州 450001
  • 修回日期:2019-04-08 出版日期:2019-12-15 发布日期:2019-12-14
  • 作者简介:冷强(1993- ),男,四川内江人,信息工程大学硕士生,主要研究方向为信息安全风险评估|杨英杰(1971- ),男,河南郑州人,博士,信息工程大学教授,主要研究方向为信息安全|常德显(1977- ),男,河南邓州人,博士,信息工程大学副教授,主要研究方向为信息安全|潘瑞萱(1995- ),女,陕西华县人,信息工程大学硕士生,主要研究方向为SDN网络协议安全|蔡英(1983- ),女,河南郑州人,主要研究方向为金融信息安全与风险管理|胡浩(1989- ),男,安徽池州人,博士,信息工程大学讲师,主要研究方向为网络安全态势感知和图像秘密共享
  • 基金资助:
    国家自然科学基金资助项目(61902427);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016006);国家重点研发计划基金资助项目(2016YFF0204003);“十三五”装备预研领域基金资助项目(61400020201)

Dynamic defense decision method for network real-time confrontation

Qiang LENG1,Yingjie YANG1,Dexian CHANG1,Ruixuan PAN1,Ying CAI2,Hao HU1()   

  1. 1 Information Engineering University,Zhengzhou 450001,China
    2 Henan Polytechnic University,Zhengzhou 450001,China
  • Revised:2019-04-08 Online:2019-12-15 Published:2019-12-14
  • Supported by:
    The National Natural Science Foundation of China(61902427);The National High Technology Research and Development Program of China (“863” Progran)(2015AA016006);The National Key Research and Development Program of China(2016YFF0204003);The Equipment Pre-research Foundation during the National 13th Five-Year Plan(61400020201)

摘要:

如何基于网络外在威胁实施防御决策是构建网络信息防御体系的核心问题,针对实时攻击带来的动态威胁进行科学有效的防御决策是构建网络动态应急防御体系的关键。针对动态防御决策问题,首先基于属性攻击图理论设计了一种网络生存性博弈模型,利用攻防矩阵表示攻防策略和路径,并给出了攻防强度和网络生存性量化方法;其次提出了单步与多步的攻、防策略支出计算方法,并基于攻防策略支出给出防御决策;最后通过实验进行防御决策技术的有效性验证。

关键词: 属性攻击图, 网络生存性, 网络攻防对抗, 攻防强度

Abstract:

How to implement defense decision based on network external threat is the core problem of building network information defense system.Especially for the dynamic threat brought by real-time attack,scientific and effective defense decision is the key to construct network dynamic emergency defense system.Aiming at the problem of dynamic defense decision-making,firstly a network survivability game model based on attribute attack graph theory is designed.The attack and defense matrix is used to represent the attack and defense strategy and path,and the attack and defense strength and network survivability quantification method are given.Secondly,the single step and the multi-step attack and defense strategy payoff calculation method is proposed,and the defense decision is based on the attack and defensive strategy payoff.Finally,the effectiveness of the defense decision technology is verified through experiments.

Key words: attribute attack graph, network survivability, network attack-defense confrontation, attack-defense strength

中图分类号: 

No Suggested Reading articles found!