Yuanzhuo Wang,Jingyuan Li,Kun Meng,Chuang Lin,Xueqi Cheng

DOI: https://doi.org/10.1002/sec.535

IF: 1.968

2012-04-17

Security and Communication Networks

Abstract:In this paper, we propose a novel modeling method attack–defense stochastic game Petri nets (or ADSGN) to model and analyze the security issues in enterprise network. We firstly give the definition and modeling method algorithm of ADSGN and then propose the algorithm of the strategy. The proposed ADSGN method is successfully applied to describe the attack and defense courses in the enterprise network. Finally, we analyze the mean time to first security breach and the mean time to security breach in the enterprise network quantifiably, and proved that our method can also be applied to other areas with respect to game issues. Copyright © 2012 John Wiley & Sons, Ltd. According to the characteristics of the network attack and defense actions, we extend the previous work by proposing attack‐defense stochastic game Petri nets (or ADSGNs), which can be used to model and analyze the competitive game issues by using classical methods from stochastic Petri nets. ADSGN are suitable to investigate the complex and dynamic game‐related issues in network attack. In this paper, we use ADSGN to model and analyze the enterprise network attacks, compute the Nash equilibrium to deduce the best‐response strategies to defend the attacks. We believe that ADSGN can open a new avenue to handle the game‐related issues in network security.

computer science, information systems,telecommunications

Yuanjie LI,Jie SUN,Qiying CAO

2014-01-01

Abstract:The attack actions analysis for Ad Hoc networks can provide a reference for the design security mechanisms. This paper presents an analysis method of security of Ad Hoc networks based on Stochastic Game Nets (SGN). This method can establish a SGN model of Ad Hoc networks and calculate to get the Nash equilibrium strategy. After transforming the SGN model into a continuous-time Markov Chain (CTMC), the security of Ad Hoc networks can be evaluated and analyzed quantitatively by calculating the stationary probability of CTMC. Finally, the Matlab simulation results show that the probability of successful attack is related to the attack intensity and expected payoffs, but not attack rate.

Wei Jiang,Bin-xing Fang,Hong-li Zhang,Zhi-hong Tian,Xin-fang Song

DOI: https://doi.org/10.1109/itng.2009.300

2009-01-01

Abstract:For assessing the security and optimal strengthening of large enterprise networks, this paper proposes a new approach uses configuration information on firewalls and vulnerability information on all network devices to build defense graphs that show the attack and defense strategy. Some models including a defense graph model, attack-defense taxonomy and cost quantitative model, and Attack-Defense Game (ADG) model. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite strategic game and formulate the ADG model for the game. An algorithm for optimal strengthening strategy selection based on those models is proposed. Optimal strengthening strategies with minimizing costs are used to defend the attack and strengthening the network in advance. And finally, we perform empirical experiments to verify the effectiveness of the model experiment results indicate that our models and methods are effective and efficient.

He Wei,Chunhe Xia,Haiquan Wang,Zhang Cheng,Ji Yi

DOI: https://doi.org/10.1109/csse.2008.1651

2008-01-01

Abstract:How to quantify the threat probability in network security risk assessment is an important problem to be solved. Most of the existing methods tend to consider the attacker and defender separately. However, the decision to perform the attack is a trade-off between the gain from a successful attack and the possible consequences of detection; meanwhile, the defender’s security strategy depends mostly on the knowledge of the intentions of the attacker. Therefore, ignoring the connections between the attacker and defender’s decisions does not correspond to reality. Game theory is the study of the ways in which strategic interactions among rational players produce outcomes with respect to the utilities of those players. In this paper, a novel Game Theoretical Attack-Defense Model (GTADM) which quantifies the probability of threats is proposed in order to construct a risk assessment framework. According to the cost-benefit analysis, we define the method of formulating the payoff matrix; the equilibrium of the model is also analyzed. In the end, a simple scenario is presented to illustrate the usage of GTADM in the risk assessment framework to show its efficiency.

Binbin Liu

DOI: https://doi.org/10.1088/1742-6596/2037/1/012126

2021-09-01

Journal of Physics: Conference Series

Abstract:At present, network security is a problem that needs to be solved urgently in the current network era. In order to reduce the loss caused by network security threats, and also use limited computer resources to select the best defense strategy, a set of network attack and defense game models are designed to identify the situation of network security threats. Aiming at the unstable problem of the security quantification process of traditional network node information, a network security threat situation identification based on the offensive and defensive game model is proposed. First, build an offensive and defensive game model, design the corresponding situation identification strategy, and calculate the overall utility and expected output of both offensive and defensive parties while clarifying the changes in the authority of both sides during the offensive and defensive process. This paper takes the offensive and defensive game model as the theoretical basis of the research, uses the algorithm as the auxiliary research, and integrates its important content to analyze and research the optimization of the algorithm to improve the network security threat situation identification. This paper uses the classic offensive and defensive game model as the research object to identify the threat situation of network security. In the process of selecting the offensive and defensive game model, it is necessary to have a better grasp of the relevant algorithms. This article introduces the offensive and defensive game model into the network security threat situation identification, and on this basis, it deeply discusses the applicability and effectiveness of the offensive and defensive game model in the complex network security threat situation identification, and provides better for the establishment of future network security systems. Reference. The experimental results show that this study is effective and feasible in the offensive and defensive game model in the network security threat situation identification. It should be noted that in the defense process, the probability of success and the degree of damage of the attack path must be grasped to ensure that the optimal offensive and defensive decision-making meets the actual needs of network security.

Wei Jiang,Zhi-Hong Tian,Hong-Li Zhang,Xin-fang Song

DOI: https://doi.org/10.1109/ICNSC.2008.4525297

2008-01-01

Abstract:This paper presents a stochastic game theoretic approach to analyzing attack prediction and the active defense of computer networks. A Markov chain for privilege (MCP) model to predict attacker's behavior and strategies is proposed. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite stochastic game and formulate an attack-defense stochastic game (ADSG) model for the game. An attack strategies prediction and optimal active defense strategy decision algorithm is developed using the ADSG and cost-sensitive model. Optimal defense strategies with minimizing costs are used to defend the attack and harden the network in advance. Finally, a simple example of an attack against a network is modeled and analyzed.

Gang Liu,Hong Zhang,Qianmu Li

DOI: https://doi.org/10.3969/j.issn.1005-9830.2014.01.003

2014-01-01

Abstract:To effectively implement the network security risk management and reduce the security risk loss,based on the game theory,this paper designs a network security optimal attack and defense decision-making method through the analysis of interactions between the attacker and the defender. According to the network's topology information,reachable relationship of nodes and vulnerability in-formation,the proposed method generates the network state attack-defense graph( SADG) ,calculates the successful probability and hazard index of each atomic attack in the SADG and gets the successful probability and hazard index of all possible attack paths. The method calculates the utility matrix of different strategies taken by the attacker and the defender at the different network security states. According to the SADG and based on the non-cooperative non-zero-sum game model, this paper proposes an optimal attack and defense decision-making algorithm, and generates optimal attack and defense strategies with the prevention and control measures of vulnerability. This paper analyzes the application of the proposed method in the network security risk management through a typical network example. The experimental results show that this method can effectively generate the optimal offensive and defensive decision.

Zenan Wu,Liqin Tian,Yi Zhang,Yan Wang,Yuquan Du

DOI: https://doi.org/10.1155/2021/4005877

IF: 1.968

2021-11-13

Security and Communication Networks

Abstract:At present, most network security analysis theory assumes that the players are completely rational. However, this is not consistent with the actual situation. In this paper, based on the effectiveness constraints on both sides with network attack and defense, with the help of stochastic Petri net and evolutionary game theory, the Petri net model of network attack and defense stochastic evolutionary game is reconstructed, the specific definition of the model is given, and the modeling method is given through the network connection relationship and attack and defense strategy set. Using this model, a quantitative analysis of network attack events is carried out to solve a series of indicators related to system security, namely, attack success rate, average attack time, and average system repair time. Finally, the proposed model and analysis method are applied to a classic network attack and defense process for experimental analysis, and the results verify the rationality and accuracy of the model and analysis method.

computer science, information systems,telecommunications

Liang Ying,Li Bingyang,Wang Huiqiang

2010-01-01

Abstract:Stochastic game theory is proposed to apply in the research on network security situational awareness (NSSA), which is a research focus in network security field at present. A novel dynamic awareness method of network security situation (NSS) based on analyses of network service states is proposed in this paper. Realizing situation awareness is a dynamic process, and the diverse states of network services are just direct mirrors of the whole network security situation. Network security situation reflects what is happening in the network, including both the offense and defense behaviors in it. Stochastic game model of network security system is constructed in this paper, and network security situation is quantified by the game mathematical formulation, costs or rewards of attackers and defenders are established, and finally non-linear programming is used to compute the Nash equilibrium points, at which point both of the two sides get a balance between their benefits. Network security situation can then be dynamically achieved by visualizing the diverse metrics information of network services at Nash equilibrium during the operating of network system.

Wang Chunlei,Miao Qing,Dai Yiqi

DOI: https://doi.org/10.1109/MINES.2012.147

2012-01-01

Abstract:With the increase of network complexity and continuous development of network attack techniques, it is unrealistic to prevent network from attacks or intrusion threats absolutely, a large number of critical network services require that they can provide adequate qualities of services in the face of suffering intrusions or even certain parts of network system be destroyed. Therefore, network survivability technologies in open environment are becoming a research focus in network security field. This paper proposes network threat evolution model based on threat evolutionary behaviors and threat propagations. Then, network survivability is abstracted as a dynamic game process among network attacker, network defender and normal user, thereafter network survivability stochastic game model is established and network survivability analysis algorithm is proposed based on the game model. Finally, the proposed network survivability analysis model and approach are experimented in a typical network environment. The results show that the analysis model and approach proposed are feasible and effective.

ZHANG Yong,TAN Xiao-Bin,CUI Xiao-Lin,XI Hong-Sheng

DOI: https://doi.org/10.3724/sp.j.1001.2011.03751

2011-01-01

Abstract:To accurately evaluate security situation states,this paper proposes an approach to network security situation awareness(NSSA) based on Hidden Markov Model(HMM).It gains standardized data of network structure information,assets,threats and vulnerabilities via fusing variety system security data collected by multi-sensors.For every asset,this paper associates its suffered threats with its vulnerabilities to analyze the sequence of its security incidents,establishes HMMs to analyze security situation factors of confidentiality,integrity and availability.Using sliding window mechanism it trains segmented sequence of security incidents and it gains the parameters of HMM's through update algorithm with forgetting factor.According to the HMMs and security incidents sequence it evaluates security situation factors of one asset's and entire network.Depending on the application background it evaluates security situation states of different network system.The investigation of evaluation to a specific network indicates that the approach is suitable for actual network environment and the evaluation result is precise and efficient.

Jun'e Li,Jiaqi Liang,Quanying Liu,Donglian Qi,Jianliang Zhang,Yangrong Chen

DOI: https://doi.org/10.3389/fenrg.2022.971725

IF: 3.4

2022-01-01

Frontiers in Energy Research

Abstract:With the rapid development of integrated energy system, the large-scale and high-permeability access of distributed generations (DGs) is making the distribution networks develop into active distribution networks (ADNs). The increased complexity of ADNs also increases the vulnerabilities for cyberattacks. It is a new challenge how to evaluate the situation of an ADN so as to support the decision-making of grid control policies in the condition of cyberattacks probably occur. Hence, in this paper, we proposed a method of situation assessment for ADNs considering cyberattacks. This method is aggregated by two parts. 1) An index system is presented, which includes the indexes of DGs stability, the indexes of security risk considering cyberattacks along with the traditional safety indexes. 2) The entropy weight method is used to assign weights to each index, and taking the normal operation status of ADNs as the reference scenario, an operating situation assessment method for ADNs is proposed based on grey correlation analysis method. Finally, in order to verify the effectiveness of the proposed index system and assessment method, 12 attack scenarios are established from three categories: attacks on DGs, attacks on controllable loads and attacks on both of them, and the situation of the ADN, a case based on IEEE 33-node standard distribution system, is evaluated under each scenario.

姜伟,方滨兴,田志宏,张宏莉

DOI: https://doi.org/10.3724/sp.j.1016.2009.00817

2009-01-01

Chinese Journal of Computers

Abstract:To evaluate the security of network information systems and perform active defense,this paper presents some models including defense graph model,attack-defense taxonomy and cost quantitative method,and Attack-Defense Game(ADG) model.Algorithms for selecting optimizing active defense strategy based on those models are proposed and analyzed in a representative network example.Results indicate that the models and methods are effective and efficient.

Su Yang,Yuqing Zhang,Chensi Wu

DOI: https://doi.org/10.48550/arxiv.1902.10439

2019-01-01

Abstract:With the developing of the attack and defense technology, the cyber environment has been more and more sophisticated. We failed to give an accurate evaluation of network security situation, as we lack a more accurate quantitative evaluation of attack-defense behaviors. In response to this situation, we proposed an attack-defense stochastic game model (ADSGM), analyzed the different security property of distinct defense mechanism, and put forward a corresponding utility calculation coping with the distinct defense mechanism. Through a case study, we showed the impact of active defense and the risk of attack exposure, demonstrated the effectiveness of our methods on attack-defense behavior quantification. This paper filled with the gap in the quantitative assessment of defensive measures, to make the quantitative evaluation of attack-defense more comprehensive and accurate.

Chuang Lin,Yuanzhuo Wang,Yang Wang,Haiyi Zhu

2008-01-01

Abstract:In this paper, we propose a novel modeling method, Stochastic Game Nets(SGN). SGN is an good method to model and deal with the game issues, which takes advantages of both stochastic game theory and Stochastic Petri Nets. The SGN could inherit the efficient and flexible modeling approach of Stochastic Petri Nets, and also make well use of the game-theoretical framework from game theory. Meanwhile, we apply the SGN method to model and analyze the network attacks, compute the Nash equilibrium and best-response strategies to defend the attacks. We believe that the SGN opens a new avenue to deal with the game issues in computer networks.

Zhen Ni,Qianmu Li,Gang Liu

DOI: https://doi.org/10.1109/mc.2018.2141032

2018-01-01

Computer

Abstract:Network security decisions must consider how to balance information security risk and output in light of limited resources. Using game theory, the authors propose an optimum attack-defense decision-making algorithm that considers the interaction between attackers and defenders.

Zhihong Tian

2012-01-01

Abstract:At present,in order to deal with various network attack,there appears many kinds corresponding defense measures.But these traditional safety technologies most belong to the static,one-sided passive safety defense,which lag behind the attacks.At the same time,because many sorts of technologies are used isolated,the function effect is not good.Facing the two problems,this study comprehensive uses a variety of defensive measures,and uses the game theory and the optimal decision method to get the optimal forecasting of the network attack,therefore does some defense preparation.This research first analyzes the weaknesses information of current network,captures sthe current attacks,and then gets the next most possible attack weakness set.After that,this study further establishes system state transition game tree,and uses the game theory to establish the matrix game model.In the end,the knowledge in linear programming is used to solve the game model,and achieves the probability distribution of possible attack behaviors and the optimal probability distribution of corresponding defensive measures,which reaches the purpose of the network active defense.

Zhao Jin-long,Man Da-peng,Yang Wu

DOI: https://doi.org/10.1109/iscram.2011.6184094

2011-01-01

Abstract:To solve the network security response problem, a novel network response decision-making method based on the two-matrix game model was present. We analyzed the attackers and system administrators' different strategies, and then constructed the dual-benefit matrix of the attackers and defenders. On the basis of this, the two-matrix network security game model was proposed. At last, the optimal defense strategy decision-making algorithm was proposed. Using this algorithm, we could analyze benefits of both offensive and defensive, and solved the Nash Equilibrium Point which balanced the both and gave the optimal response decision-making strategy. The proposed method could make accurate response decision and had a high efficiency. Also, it occupied a lower memory which could reduce the interference to normal user when administrators manage the network.

Yan Mi,Hengwei Zhang,Hao Hu,Jinglei Tan,Jindong Wang

DOI: https://doi.org/10.1155/2021/5594697

IF: 1.968

2021-08-21

Security and Communication Networks

Abstract:In a real-world network confrontation process, attack and defense actions change rapidly and continuously. The network environment is complex and dynamically random. Therefore, attack and defense strategies are inevitably subject to random disturbances during their execution, and the transition of the network security state is affected accordingly. In this paper, we construct a network security state transition model by referring to the epidemic evolution process, use Gaussian noise to describe random effects during the strategy execution, and introduce a random disturbance intensity factor to describe the degree of random effects. On this basis, we establish an attack-defense stochastic differential game model, propose a saddle point equilibrium solution method, and provide an algorithm to select the optimal defense strategy. Our method achieves real-time defense decision-making in network attack-defense scenarios with random disturbances and has better real-time performance and practicality than current methods. Results of a simulation experiment show that our model and algorithm are effective and feasible.

computer science, information systems,telecommunications

Xiaotong Xu,Gaocai Wang,Jintian Hu,Yuting Lu

DOI: https://doi.org/10.1155/2020/3417039

IF: 1.968

2020-06-08

Security and Communication Networks

Abstract:In recent years, evolutionary game theory has been gradually applied to analyze and predict network attack and defense for maintaining cybersecurity. The traditional deterministic game model cannot accurately describe the process of actual network attack and defense due to changing in the set of attack-defense strategies and external factors (such as the operating environment of the system). In this paper, we construct a stochastic evolutionary game model by the stochastic differential equation with Markov property. The evolutionary equilibrium solution of the model is found and the stability of the model is proved according to the knowledge of the stochastic differential equation. And we apply the explicit Euler numerical method to analyze the evolution of the strategy selection of the players for different problem situations. The simulation results show that the stochastic evolutionary game model proposed in this paper can get a steady state and obtain the optimal defense strategy under the action of the stochastic disturbance factor. In addition, compared with other kinds of literature, we can conclude that the return on security investment of this model is better, and the strategy selection of the attackers and defenders in our model is more suitable for actual network attack and defense.

computer science, information systems,telecommunications