Zhen Ni,Qianmu Li,Gang Liu

DOI: https://doi.org/10.1109/mc.2018.2141032

2018-01-01

Computer

Abstract:Network security decisions must consider how to balance information security risk and output in light of limited resources. Using game theory, the authors propose an optimum attack-defense decision-making algorithm that considers the interaction between attackers and defenders.

Wei Jiang,Bin-xing Fang,Hong-li Zhang,Zhi-hong Tian,Xin-fang Song

DOI: https://doi.org/10.1109/itng.2009.300

2009-01-01

Abstract:For assessing the security and optimal strengthening of large enterprise networks, this paper proposes a new approach uses configuration information on firewalls and vulnerability information on all network devices to build defense graphs that show the attack and defense strategy. Some models including a defense graph model, attack-defense taxonomy and cost quantitative model, and Attack-Defense Game (ADG) model. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite strategic game and formulate the ADG model for the game. An algorithm for optimal strengthening strategy selection based on those models is proposed. Optimal strengthening strategies with minimizing costs are used to defend the attack and strengthening the network in advance. And finally, we perform empirical experiments to verify the effectiveness of the model experiment results indicate that our models and methods are effective and efficient.

Zhao Jin-long,Man Da-peng,Yang Wu

DOI: https://doi.org/10.1109/iscram.2011.6184094

2011-01-01

Abstract:To solve the network security response problem, a novel network response decision-making method based on the two-matrix game model was present. We analyzed the attackers and system administrators' different strategies, and then constructed the dual-benefit matrix of the attackers and defenders. On the basis of this, the two-matrix network security game model was proposed. At last, the optimal defense strategy decision-making algorithm was proposed. Using this algorithm, we could analyze benefits of both offensive and defensive, and solved the Nash Equilibrium Point which balanced the both and gave the optimal response decision-making strategy. The proposed method could make accurate response decision and had a high efficiency. Also, it occupied a lower memory which could reduce the interference to normal user when administrators manage the network.

LIU Gang,LI Qianmu,ZHANG Hong

2013-01-01

Journal of Computer Applications

Abstract:In order to reduce the network security risk,the authors designed a defense strategy generation method for network security based on State Attack-Defense Graph(SADG) in the view of the attacker and the defender to meet the requirements of risk management of network attack aspect.Firstly,according to the network' s vulnerability information,the proposed method generated the network SADG,calculated the successful probability and impact index of each atomic attack and got the successful probability and impact index of all possible attack paths.And then,the method generated defense strategy with the prevention and control measures of vulnerability.Finally,the proposed method was applied into a typical network scenario which adopted the active defense for network security,and verified the feasibility and effectiveness of the proposed method.

Yan Mi,Hengwei Zhang,Hao Hu,Jinglei Tan,Jindong Wang

DOI: https://doi.org/10.1155/2021/5594697

IF: 1.968

2021-08-21

Security and Communication Networks

Abstract:In a real-world network confrontation process, attack and defense actions change rapidly and continuously. The network environment is complex and dynamically random. Therefore, attack and defense strategies are inevitably subject to random disturbances during their execution, and the transition of the network security state is affected accordingly. In this paper, we construct a network security state transition model by referring to the epidemic evolution process, use Gaussian noise to describe random effects during the strategy execution, and introduce a random disturbance intensity factor to describe the degree of random effects. On this basis, we establish an attack-defense stochastic differential game model, propose a saddle point equilibrium solution method, and provide an algorithm to select the optimal defense strategy. Our method achieves real-time defense decision-making in network attack-defense scenarios with random disturbances and has better real-time performance and practicality than current methods. Results of a simulation experiment show that our model and algorithm are effective and feasible.

computer science, information systems,telecommunications

Zhihong Tian

2012-01-01

Abstract:At present,in order to deal with various network attack,there appears many kinds corresponding defense measures.But these traditional safety technologies most belong to the static,one-sided passive safety defense,which lag behind the attacks.At the same time,because many sorts of technologies are used isolated,the function effect is not good.Facing the two problems,this study comprehensive uses a variety of defensive measures,and uses the game theory and the optimal decision method to get the optimal forecasting of the network attack,therefore does some defense preparation.This research first analyzes the weaknesses information of current network,captures sthe current attacks,and then gets the next most possible attack weakness set.After that,this study further establishes system state transition game tree,and uses the game theory to establish the matrix game model.In the end,the knowledge in linear programming is used to solve the game model,and achieves the probability distribution of possible attack behaviors and the optimal probability distribution of corresponding defensive measures,which reaches the purpose of the network active defense.

Binbin Liu

DOI: https://doi.org/10.1088/1742-6596/2037/1/012126

2021-09-01

Journal of Physics: Conference Series

Abstract:At present, network security is a problem that needs to be solved urgently in the current network era. In order to reduce the loss caused by network security threats, and also use limited computer resources to select the best defense strategy, a set of network attack and defense game models are designed to identify the situation of network security threats. Aiming at the unstable problem of the security quantification process of traditional network node information, a network security threat situation identification based on the offensive and defensive game model is proposed. First, build an offensive and defensive game model, design the corresponding situation identification strategy, and calculate the overall utility and expected output of both offensive and defensive parties while clarifying the changes in the authority of both sides during the offensive and defensive process. This paper takes the offensive and defensive game model as the theoretical basis of the research, uses the algorithm as the auxiliary research, and integrates its important content to analyze and research the optimization of the algorithm to improve the network security threat situation identification. This paper uses the classic offensive and defensive game model as the research object to identify the threat situation of network security. In the process of selecting the offensive and defensive game model, it is necessary to have a better grasp of the relevant algorithms. This article introduces the offensive and defensive game model into the network security threat situation identification, and on this basis, it deeply discusses the applicability and effectiveness of the offensive and defensive game model in the complex network security threat situation identification, and provides better for the establishment of future network security systems. Reference. The experimental results show that this study is effective and feasible in the offensive and defensive game model in the network security threat situation identification. It should be noted that in the defense process, the probability of success and the degree of damage of the attack path must be grasped to ensure that the optimal offensive and defensive decision-making meets the actual needs of network security.

姜伟,方滨兴,田志宏,张宏莉

DOI: https://doi.org/10.3724/sp.j.1016.2009.00817

2009-01-01

Chinese Journal of Computers

Abstract:To evaluate the security of network information systems and perform active defense,this paper presents some models including defense graph model,attack-defense taxonomy and cost quantitative method,and Attack-Defense Game(ADG) model.Algorithms for selecting optimizing active defense strategy based on those models are proposed and analyzed in a representative network example.Results indicate that the models and methods are effective and efficient.

He Wei,Chunhe Xia,Haiquan Wang,Zhang Cheng,Ji Yi

DOI: https://doi.org/10.1109/csse.2008.1651

2008-01-01

Abstract:How to quantify the threat probability in network security risk assessment is an important problem to be solved. Most of the existing methods tend to consider the attacker and defender separately. However, the decision to perform the attack is a trade-off between the gain from a successful attack and the possible consequences of detection; meanwhile, the defender’s security strategy depends mostly on the knowledge of the intentions of the attacker. Therefore, ignoring the connections between the attacker and defender’s decisions does not correspond to reality. Game theory is the study of the ways in which strategic interactions among rational players produce outcomes with respect to the utilities of those players. In this paper, a novel Game Theoretical Attack-Defense Model (GTADM) which quantifies the probability of threats is proposed in order to construct a risk assessment framework. According to the cost-benefit analysis, we define the method of formulating the payoff matrix; the equilibrium of the model is also analyzed. In the end, a simple scenario is presented to illustrate the usage of GTADM in the risk assessment framework to show its efficiency.

Jianyi Liu,Fangyu Weng,Ru Zhang,Yunbiao Guo

DOI: https://doi.org/10.1007/978-3-030-00012-7_15

2018-01-01

Abstract:To analyze the influence of threat propagation on network system and accurately evaluate system security, this paper proposes an approach to improve the awareness of network security, based on Attack-Defense Stochastic Game Model (ADSGM). The variety of network security elements collected by multi-sensors are fused into a standard dataset such as assets, threats and vulnerabilities. For every threat, it builds a threat propagation network and propagation rule. By using the game theory to analyze the network offensive and defensive process, it establishes the ADSGM. The ADSGM can dynamically evaluate network security situation and provide the best reinforcement schema. Experimental results on a specific network indicate that the approach is more precise and more suitable for a real network environment. The reinforcement schema can effectively prevent the propagation of threats and reduce security risks.

Zengguang Wang,Yu Lu,Xi Li,Wei Nie

DOI: https://doi.org/10.1504/ijsn.2020.106830

2020-01-01

International Journal of Security and Networks

Abstract:Existing passive defence methods cannot effectively guarantee network security; to solve this problem, a novel method is proposed that selects the optimal defence strategy. The network attack-defence process is modelled based on the Bayesian game. The payoff is quantified from the impact value of the attack-defence actions. The optimal defence strategy is selected that takes defence effectiveness as the criterion. The rationality and feasibility of the method are verified through a representative example, and the general rules of network defence are summarised. Compared to the classic strategy selection methods based on game theory, the proposed method can select the optimal strategy in the form of pure strategy by quantifying defence effectiveness, which was proven to perform better.

Yang Sun,Wei Xiong,Zhonghua Yao,Krishna Moniz,Ahmed Zahir

DOI: https://doi.org/10.3390/electronics7030036

IF: 2.9

2018-01-01

Electronics

Abstract:Improving network security is a difficult problem that requires balancing several goals, such as defense cost and need for network efficiency, to achieve proper results. Modeling the network as a game and using optimization problems to select the best move in such a game can assist network administrators in determining an ideal defense strategy. However, most approaches for determining optimal game solutions tend to focus on either single objective games or merely scalarize the multiple objectives to a single of objective. In this paper, we devise a method for modeling network attacks in a zero-sum multi-objective game without scalarizing the objectives. We use Pareto Fronts to determine the most harmful attacks and Pareto Optimization to find the best defense against those attacks. By determining the optimal solutions through those means, we allow network administrators to make the final defense decision from a much smaller set of defense options. The included experiment uses minimum distance as selection method and compares the results with a minimax algorithm for the determination of the Nash Equilibrium. The proposed algorithm should help network administrators in search of a hands-on method of improving network security.

Yuanjie LI,Jie SUN,Qiying CAO

2014-01-01

Abstract:The attack actions analysis for Ad Hoc networks can provide a reference for the design security mechanisms. This paper presents an analysis method of security of Ad Hoc networks based on Stochastic Game Nets (SGN). This method can establish a SGN model of Ad Hoc networks and calculate to get the Nash equilibrium strategy. After transforming the SGN model into a continuous-time Markov Chain (CTMC), the security of Ad Hoc networks can be evaluated and analyzed quantitatively by calculating the stationary probability of CTMC. Finally, the Matlab simulation results show that the probability of successful attack is related to the attack intensity and expected payoffs, but not attack rate.

Wei Jiang,Zhi-Hong Tian,Hong-Li Zhang,Xin-fang Song

DOI: https://doi.org/10.1109/ICNSC.2008.4525297

2008-01-01

Abstract:This paper presents a stochastic game theoretic approach to analyzing attack prediction and the active defense of computer networks. A Markov chain for privilege (MCP) model to predict attacker's behavior and strategies is proposed. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite stochastic game and formulate an attack-defense stochastic game (ADSG) model for the game. An attack strategies prediction and optimal active defense strategy decision algorithm is developed using the ADSG and cost-sensitive model. Optimal defense strategies with minimizing costs are used to defend the attack and harden the network in advance. Finally, a simple example of an attack against a network is modeled and analyzed.

Yanbin Qiu,Yanhua Liu,Shijin Li

DOI: https://doi.org/10.1145/3290480.3290504

2018-01-01

Abstract:For the occurrence of network attacks, the most important thing for network security managers is how to conduct attack security defenses under low-risk control. And in the attack risk control, the first and most important step is to choose the defense node of risk control. In this paper, aiming to solve the problem of network attack security risk control under complex networks, we propose a game attack risk control node selection method based on game theory. The method utilizes the relationship between the vulnerabilities and analyzes the vulnerability intent information of the complex network to construct an attack risk diffusion network. In order to truly reflect the different meanings of each node in the attack risk diffusion network for attack and defense, this paper uses the host vulnerability attack and defense income evaluation calculation to give each node in the network its offensive and defensive income. According to the above-mentioned attack risk spread network of offensive and defensive gains, this paper combines game theory and maximum benefit ideas to select the best Top defense node information. In this paper, The method proposed in this paper can be used to select network security risk control nodes on complex networks, which can help network security managers to play a good auxiliary role in cyber attack defense.

Wang Yang,Liu Dong,Wang Dong,Xu Chun

DOI: https://doi.org/10.13052/dgaej2156-3306.3635

2021-07-13

Abstract:Aiming at the problem that the current generation method of power networksecurity defense strategy ignores the dependency relationship between nodes,resulting in closed-loop attack graph, which makes the defense strategy notgenerate attack path, resulting in poor defense effect and long generationresponse time of power network security defense strategy, a generationmethod of power network security defense strategy based on Markov decisionprocess is proposed. Based on the generation of network attack and defensediagram, the paper describes the state change of attack network by usingMarkov decision-making process correlation principle, introduces discountfactor, calculates the income value of attack and defense game process,constructs the evolutionary game model of attack and defense, solves theobjective function according to the dynamic programming theory, obtains theoptimal strategy set and outputs the final results, and generates the powernetwork security defense strategy. The experimental results show that the proposed method has good defense effect and can effectively shorten thegeneration response time of power network security defense strategy.

English Else

Zenan Wu,Liqin Tian,Yan Wang,Jianfei Xie,Yuquan Du,Yi Zhang

DOI: https://doi.org/10.1155/2021/2283786

IF: 1.968

2021-12-16

Security and Communication Networks

Abstract:Aiming at the existing network attack and defense stochastic game models, most of them are based on the assumption of complete information, which causes the problem of poor applicability of the model. Based on the actual modeling requirements of the network attack and defense process, a network defense decision-making model combining incomplete information stochastic game and deep reinforcement learning is proposed. This model regards the incomplete information of the attacker and the defender as the defender’s uncertainty about the attacker’s type and uses the Double Deep Q-Network algorithm to solve the problem of the difficulty of determining the network state transition probability, so that the network system can dynamically adjust the defense strategy. Finally, a simulation experiment was performed on the proposed model. The results show that, under the same experimental conditions, the proposed method in this paper has a better convergence speed than other methods in solving the defense equilibrium strategy. This model is a fusion of traditional methods and artificial intelligence technology and provides new research ideas for the application of artificial intelligence in the field of cyberspace security.

computer science, information systems,telecommunications

Zhang Hengwei,Li Tao,Wang Jindong,Han Jihong

2015-01-01

China Communications

Abstract:Nowadays, security defence of network uses the game theory, which mostly applies complete information game model or even the static game model. To get closer to the actual network and defend actively, we propose a network attack-defence game model by using signalling game, which is modelled in the way of dynamic and incomplete information. We improve the traditional attack-defence strategies quantization method to meet the needs of the network signalling game model. Moreover, we give the calculation of the game equilibrium and analyse the optimal defence scheme. Finally, we analyse and verify effectiveness of the model and method through a simulation experiment.

Liang Liu,Cheng Huang,Yong Fang,Zhenxue Wang

DOI: https://doi.org/10.3837/tiis.2019.10.024

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:In the process of constructing the traditional offensive and defensive game theory model, these are some shortages for considering the dynamic change of security risk problem. By analysing the critical indicators of the incomplete information game theory model, incomplete information attack and defense game theory model and the mathematical engineering method for solving Bayes-Nash equilibrium, the risk-averse income function for information assets is summarized as the problem of maximising the return of the equilibrium point. To obtain the functional relationship between the optimal strategy combination of the offense and defense and the information asset security probability and risk probability. At the same time, the offensive and defensive examples are used to visually analyse and demonstrate the incomplete information game and the Harsanyi conversion method. First, the incomplete information game and the Harsanyi conversion problem is discussed through the attack and defense examples and using the game tree. Then the strategy expression of incomplete information static game and the engineering mathematics method of Bayes-Nash equilibrium are given. After that, it focuses on the offensive and defensive game problem of unsafe information network based on risk aversion. The problem of attack and defense is obtained by the issue of maximizing utility, and then the Bayes-Nash equilibrium of offense and defense game is carried out around the security risk of assets. Finally, the application model in network security penetration and defense is analyzed by designing a simulation example of attack and defense penetration. The analysis results show that the constructed income function model is feasible and practical.

Rui Peng,Di Wu,Mengyao Sun,Shaomin Wu

DOI: https://doi.org/10.1080/01605682.2020.1784048

IF: 3.6

2020-01-01

Journal of the Operational Research Society

Abstract:This paper analyzes the optimal strategies for an attacker and a defender in an attack-defense game on a network consisting of interdependent subnetworks. The defender moves first and allocates its resource to protect the network nodes. The attacker then moves and allocates its resources to attack the network nodes. The binary decision diagram is employed to obtain all potential states of the network system after attack. Considering each of its opponent's strategies, the game player tries to maximize its own cumulative prospect value. The backward induction method is employed to obtain the game players' optimal strategies, respectively. Different resource relationships are analyzed to testify the robustness of the main conclusions and players' risk attitudes are also investigated. Numerical examples are used to illustrate the analysis.