通信学报 ›› 2018, Vol. 39 ›› Issue (8): 29-36.doi: 10.11959/j.issn.1000-436x.2018134

• 论文Ⅰ:人工智能与网络安全 • 上一篇    下一篇

基于定性微分博弈的网络安全威胁预警方法

黄世锐1,张恒巍1,2(),王晋东1,窦睿彧1   

  1. 1 信息工程大学三院,河南 郑州 450001
    2 信息保障技术重点实验室,北京 100093
  • 修回日期:2018-07-17 出版日期:2018-08-01 发布日期:2018-09-13
  • 作者简介:黄世锐(1994-),男,广东汕头人,信息工程大学工程师,主要研究方向为网络安全预警与防御决策。|张恒巍(1978-),男,河南洛阳人,博士,信息工程大学副教授,主要研究方向为网络安全与攻防对抗、信息安全风险评估。|王晋东(1966-),男,山西洪桐人,信息工程大学教授,主要研究方向为网络与信息安全、云资源管理。|窦睿彧(1981-),女,江苏江都人,信息工程大学讲师,主要研究方向为网络信息安全。
  • 基金资助:
    国家自然科学基金资助项目(61303074);国家自然科学基金资助项目(61309013);河南省科技攻关计划基金资助项目(182102210144);信息保障技术重点实验室开放基金资助项目(KJ-15-110)

Network security threat warning method based on qualitative differential game

Shirui HUANG1,Hengwei ZHANG1,2(),Jindong WANG1,Ruiyu DOU1   

  1. 1 The Third Institute,Information Engineering University,Zhengzhou 450001,China
    2 Science and Technology on Information Assurance Laboratory,Beijing 100093,China
  • Revised:2018-07-17 Online:2018-08-01 Published:2018-09-13
  • Supported by:
    The National Natural Science Foundation of China(61303074);The National Natural Science Foundation of China(61309013);The Science and Technology Research Project of Henan Province(182102210144);The Opening Foundation of Sciense and Technology on Information Assurance Laboratory(KJ-15-110)

摘要:

目前,基于博弈理论的网络安全研究大多采用静态博弈或多阶段动态博弈模型,不符合实际网络攻防连续对抗、实时变化的特点,为了更加贴近攻防实际进行安全威胁预警,借鉴传染病动力学模型分析安全威胁传播过程,基于定性微分博弈理论构建网络攻防博弈模型,推演安全威胁动态变化趋势。在此基础上,提出攻防定性微分博弈求解方法,构造攻防界栅以及捕获区和躲避区;引入多维欧氏距离,度量不同安全状态的威胁严重程度;进而设计预警算法,实现对网络安全威胁的动态预警,且具有更好的准确性和时效性。仿真实验结果表明,所提模型和算法有效且可行。

关键词: 网络安全威胁, 网络攻防, 威胁预警, 定性微分博弈, 预警算法

Abstract:

Most current network security research based on game theory adopts the static game or multi-stage dynamic game model,which does not accord with the real-time change and continuity of the actual network attack-defense process.To make security threats warning more consistent with the attack-defense process,the threat propagation process was analyzed referring to the epidemic model.Then the network attack-defense game model was constructed based on the qualitative differential game theory,by which the evolution of the network security state could be predicted.Based on the model,the qualitative differential game solution method was designed to construct the attack-defense barrier and divide the capture area.Furthermore,the threat severity in different security states were evaluated by introducing multidimensional Euclidean distance.By designing the warning algorithm,the dynamic warning of the network security threat was realized,which had better accuracy and timeliness.Finally,simulation results verify the effectiveness of the proposed algorithm and model.

Key words: network security threat, network attack and defense, threat warning, qualitative differential game, warning algorithm

中图分类号: 

  • TP309