Gang Liu,Hong Zhang,Qianmu Li

DOI: https://doi.org/10.3969/j.issn.1005-9830.2014.01.003

2014-01-01

Abstract:To effectively implement the network security risk management and reduce the security risk loss,based on the game theory,this paper designs a network security optimal attack and defense decision-making method through the analysis of interactions between the attacker and the defender. According to the network's topology information,reachable relationship of nodes and vulnerability in-formation,the proposed method generates the network state attack-defense graph( SADG) ,calculates the successful probability and hazard index of each atomic attack in the SADG and gets the successful probability and hazard index of all possible attack paths. The method calculates the utility matrix of different strategies taken by the attacker and the defender at the different network security states. According to the SADG and based on the non-cooperative non-zero-sum game model, this paper proposes an optimal attack and defense decision-making algorithm, and generates optimal attack and defense strategies with the prevention and control measures of vulnerability. This paper analyzes the application of the proposed method in the network security risk management through a typical network example. The experimental results show that this method can effectively generate the optimal offensive and defensive decision.

Zhao Jin-long,Man Da-peng,Yang Wu

DOI: https://doi.org/10.1109/iscram.2011.6184094

2011-01-01

Abstract:To solve the network security response problem, a novel network response decision-making method based on the two-matrix game model was present. We analyzed the attackers and system administrators' different strategies, and then constructed the dual-benefit matrix of the attackers and defenders. On the basis of this, the two-matrix network security game model was proposed. At last, the optimal defense strategy decision-making algorithm was proposed. Using this algorithm, we could analyze benefits of both offensive and defensive, and solved the Nash Equilibrium Point which balanced the both and gave the optimal response decision-making strategy. The proposed method could make accurate response decision and had a high efficiency. Also, it occupied a lower memory which could reduce the interference to normal user when administrators manage the network.

Wei Jiang,Bin-xing Fang,Hong-li Zhang,Zhi-hong Tian,Xin-fang Song

DOI: https://doi.org/10.1109/itng.2009.300

2009-01-01

Abstract:For assessing the security and optimal strengthening of large enterprise networks, this paper proposes a new approach uses configuration information on firewalls and vulnerability information on all network devices to build defense graphs that show the attack and defense strategy. Some models including a defense graph model, attack-defense taxonomy and cost quantitative model, and Attack-Defense Game (ADG) model. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite strategic game and formulate the ADG model for the game. An algorithm for optimal strengthening strategy selection based on those models is proposed. Optimal strengthening strategies with minimizing costs are used to defend the attack and strengthening the network in advance. And finally, we perform empirical experiments to verify the effectiveness of the model experiment results indicate that our models and methods are effective and efficient.

姜伟,方滨兴,田志宏,张宏莉

DOI: https://doi.org/10.3724/sp.j.1016.2009.00817

2009-01-01

Chinese Journal of Computers

Abstract:To evaluate the security of network information systems and perform active defense,this paper presents some models including defense graph model,attack-defense taxonomy and cost quantitative method,and Attack-Defense Game(ADG) model.Algorithms for selecting optimizing active defense strategy based on those models are proposed and analyzed in a representative network example.Results indicate that the models and methods are effective and efficient.

Binbin Liu

DOI: https://doi.org/10.1088/1742-6596/2037/1/012126

2021-09-01

Journal of Physics: Conference Series

Abstract:At present, network security is a problem that needs to be solved urgently in the current network era. In order to reduce the loss caused by network security threats, and also use limited computer resources to select the best defense strategy, a set of network attack and defense game models are designed to identify the situation of network security threats. Aiming at the unstable problem of the security quantification process of traditional network node information, a network security threat situation identification based on the offensive and defensive game model is proposed. First, build an offensive and defensive game model, design the corresponding situation identification strategy, and calculate the overall utility and expected output of both offensive and defensive parties while clarifying the changes in the authority of both sides during the offensive and defensive process. This paper takes the offensive and defensive game model as the theoretical basis of the research, uses the algorithm as the auxiliary research, and integrates its important content to analyze and research the optimization of the algorithm to improve the network security threat situation identification. This paper uses the classic offensive and defensive game model as the research object to identify the threat situation of network security. In the process of selecting the offensive and defensive game model, it is necessary to have a better grasp of the relevant algorithms. This article introduces the offensive and defensive game model into the network security threat situation identification, and on this basis, it deeply discusses the applicability and effectiveness of the offensive and defensive game model in the complex network security threat situation identification, and provides better for the establishment of future network security systems. Reference. The experimental results show that this study is effective and feasible in the offensive and defensive game model in the network security threat situation identification. It should be noted that in the defense process, the probability of success and the degree of damage of the attack path must be grasped to ensure that the optimal offensive and defensive decision-making meets the actual needs of network security.

Liang Liu,Cheng Huang,Yong Fang,Zhenxue Wang

DOI: https://doi.org/10.3837/tiis.2019.10.024

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:In the process of constructing the traditional offensive and defensive game theory model, these are some shortages for considering the dynamic change of security risk problem. By analysing the critical indicators of the incomplete information game theory model, incomplete information attack and defense game theory model and the mathematical engineering method for solving Bayes-Nash equilibrium, the risk-averse income function for information assets is summarized as the problem of maximising the return of the equilibrium point. To obtain the functional relationship between the optimal strategy combination of the offense and defense and the information asset security probability and risk probability. At the same time, the offensive and defensive examples are used to visually analyse and demonstrate the incomplete information game and the Harsanyi conversion method. First, the incomplete information game and the Harsanyi conversion problem is discussed through the attack and defense examples and using the game tree. Then the strategy expression of incomplete information static game and the engineering mathematics method of Bayes-Nash equilibrium are given. After that, it focuses on the offensive and defensive game problem of unsafe information network based on risk aversion. The problem of attack and defense is obtained by the issue of maximizing utility, and then the Bayes-Nash equilibrium of offense and defense game is carried out around the security risk of assets. Finally, the application model in network security penetration and defense is analyzed by designing a simulation example of attack and defense penetration. The analysis results show that the constructed income function model is feasible and practical.

He Wei,Chunhe Xia,Haiquan Wang,Zhang Cheng,Ji Yi

DOI: https://doi.org/10.1109/csse.2008.1651

2008-01-01

Abstract:How to quantify the threat probability in network security risk assessment is an important problem to be solved. Most of the existing methods tend to consider the attacker and defender separately. However, the decision to perform the attack is a trade-off between the gain from a successful attack and the possible consequences of detection; meanwhile, the defender’s security strategy depends mostly on the knowledge of the intentions of the attacker. Therefore, ignoring the connections between the attacker and defender’s decisions does not correspond to reality. Game theory is the study of the ways in which strategic interactions among rational players produce outcomes with respect to the utilities of those players. In this paper, a novel Game Theoretical Attack-Defense Model (GTADM) which quantifies the probability of threats is proposed in order to construct a risk assessment framework. According to the cost-benefit analysis, we define the method of formulating the payoff matrix; the equilibrium of the model is also analyzed. In the end, a simple scenario is presented to illustrate the usage of GTADM in the risk assessment framework to show its efficiency.

Zhen Ni,Qianmu Li,Gang Liu

DOI: https://doi.org/10.1109/mc.2018.2141032

2018-01-01

Computer

Abstract:Network security decisions must consider how to balance information security risk and output in light of limited resources. Using game theory, the authors propose an optimum attack-defense decision-making algorithm that considers the interaction between attackers and defenders.

Yanbin Qiu,Yanhua Liu,Shijin Li

DOI: https://doi.org/10.1145/3290480.3290504

2018-01-01

Abstract:For the occurrence of network attacks, the most important thing for network security managers is how to conduct attack security defenses under low-risk control. And in the attack risk control, the first and most important step is to choose the defense node of risk control. In this paper, aiming to solve the problem of network attack security risk control under complex networks, we propose a game attack risk control node selection method based on game theory. The method utilizes the relationship between the vulnerabilities and analyzes the vulnerability intent information of the complex network to construct an attack risk diffusion network. In order to truly reflect the different meanings of each node in the attack risk diffusion network for attack and defense, this paper uses the host vulnerability attack and defense income evaluation calculation to give each node in the network its offensive and defensive income. According to the above-mentioned attack risk spread network of offensive and defensive gains, this paper combines game theory and maximum benefit ideas to select the best Top defense node information. In this paper, The method proposed in this paper can be used to select network security risk control nodes on complex networks, which can help network security managers to play a good auxiliary role in cyber attack defense.

Zhang Hengwei,Li Tao,Wang Jindong,Han Jihong

2015-01-01

China Communications

Abstract:Nowadays, security defence of network uses the game theory, which mostly applies complete information game model or even the static game model. To get closer to the actual network and defend actively, we propose a network attack-defence game model by using signalling game, which is modelled in the way of dynamic and incomplete information. We improve the traditional attack-defence strategies quantization method to meet the needs of the network signalling game model. Moreover, we give the calculation of the game equilibrium and analyse the optimal defence scheme. Finally, we analyse and verify effectiveness of the model and method through a simulation experiment.

Wei Jiang,Zhi-Hong Tian,Hong-Li Zhang,Xin-fang Song

DOI: https://doi.org/10.1109/ICNSC.2008.4525297

2008-01-01

Abstract:This paper presents a stochastic game theoretic approach to analyzing attack prediction and the active defense of computer networks. A Markov chain for privilege (MCP) model to predict attacker's behavior and strategies is proposed. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite stochastic game and formulate an attack-defense stochastic game (ADSG) model for the game. An attack strategies prediction and optimal active defense strategy decision algorithm is developed using the ADSG and cost-sensitive model. Optimal defense strategies with minimizing costs are used to defend the attack and harden the network in advance. Finally, a simple example of an attack against a network is modeled and analyzed.

Hao Wu,Wei Wang,Changyun Wen,Zhengguo Li

DOI: https://doi.org/10.1016/j.ins.2018.04.051

IF: 8.1

2018-01-01

Information Sciences

Abstract:In this paper, a game theoretical analysis method is presented to provide the optimal security detection strategies for heterogeneous networked systems. A two-stage game model is firstly established, in which the attacker and defender are considered as two players. In the first stage, the two players make decisions on whether to execute the attack/monitoring actions or to keep silence for each network unit. In the second stage, two important strategic varibles, i.e. the attack intensity and detection threshold, are cautiously determined. The necessary and sufficient conditions to ensure the existence of the Nash equilibriums for the game with complete information are rigorously analyzed. The results reflect that with limited resources and capacities, the defender (attacker) tends to perform defense (attack) actions and further allocate more defense (less attack) resources to the units with larger assets. Besides, Bayesian and robust Nash equilibrium analysis is provided for the game with incomplete information. Finally, a sampling based Nash equilibrium verification and calculation approach is proposed for the game model with continuous kernels. Thus the convexity restrictions can be relaxed and the computational complexity is effectively reduced, with comparison to the existing recursive calculation methods. Numerical examples are given to validate our theoretical results.

Zenan Wu,Liqin Tian,Yi Zhang,Yan Wang,Yuquan Du

DOI: https://doi.org/10.1155/2021/4005877

IF: 1.968

2021-11-13

Security and Communication Networks

Abstract:At present, most network security analysis theory assumes that the players are completely rational. However, this is not consistent with the actual situation. In this paper, based on the effectiveness constraints on both sides with network attack and defense, with the help of stochastic Petri net and evolutionary game theory, the Petri net model of network attack and defense stochastic evolutionary game is reconstructed, the specific definition of the model is given, and the modeling method is given through the network connection relationship and attack and defense strategy set. Using this model, a quantitative analysis of network attack events is carried out to solve a series of indicators related to system security, namely, attack success rate, average attack time, and average system repair time. Finally, the proposed model and analysis method are applied to a classic network attack and defense process for experimental analysis, and the results verify the rationality and accuracy of the model and analysis method.

computer science, information systems,telecommunications

Rui Peng,Di Wu,Mengyao Sun,Shaomin Wu

DOI: https://doi.org/10.1080/01605682.2020.1784048

IF: 3.6

2020-01-01

Journal of the Operational Research Society

Abstract:This paper analyzes the optimal strategies for an attacker and a defender in an attack-defense game on a network consisting of interdependent subnetworks. The defender moves first and allocates its resource to protect the network nodes. The attacker then moves and allocates its resources to attack the network nodes. The binary decision diagram is employed to obtain all potential states of the network system after attack. Considering each of its opponent's strategies, the game player tries to maximize its own cumulative prospect value. The backward induction method is employed to obtain the game players' optimal strategies, respectively. Different resource relationships are analyzed to testify the robustness of the main conclusions and players' risk attitudes are also investigated. Numerical examples are used to illustrate the analysis.

Zengguang Wang,Yu Lu,Xi Li,Wei Nie

DOI: https://doi.org/10.1504/ijsn.2020.106830

2020-01-01

International Journal of Security and Networks

Abstract:Existing passive defence methods cannot effectively guarantee network security; to solve this problem, a novel method is proposed that selects the optimal defence strategy. The network attack-defence process is modelled based on the Bayesian game. The payoff is quantified from the impact value of the attack-defence actions. The optimal defence strategy is selected that takes defence effectiveness as the criterion. The rationality and feasibility of the method are verified through a representative example, and the general rules of network defence are summarised. Compared to the classic strategy selection methods based on game theory, the proposed method can select the optimal strategy in the form of pure strategy by quantifying defence effectiveness, which was proven to perform better.

Xiaotong Xu,Gaocai Wang,Jintian Hu,Yuting Lu

DOI: https://doi.org/10.1155/2020/3417039

IF: 1.968

2020-06-08

Security and Communication Networks

Abstract:In recent years, evolutionary game theory has been gradually applied to analyze and predict network attack and defense for maintaining cybersecurity. The traditional deterministic game model cannot accurately describe the process of actual network attack and defense due to changing in the set of attack-defense strategies and external factors (such as the operating environment of the system). In this paper, we construct a stochastic evolutionary game model by the stochastic differential equation with Markov property. The evolutionary equilibrium solution of the model is found and the stability of the model is proved according to the knowledge of the stochastic differential equation. And we apply the explicit Euler numerical method to analyze the evolution of the strategy selection of the players for different problem situations. The simulation results show that the stochastic evolutionary game model proposed in this paper can get a steady state and obtain the optimal defense strategy under the action of the stochastic disturbance factor. In addition, compared with other kinds of literature, we can conclude that the return on security investment of this model is better, and the strategy selection of the attackers and defenders in our model is more suitable for actual network attack and defense.

computer science, information systems,telecommunications

Liang Liu,Chuhao Tang,Lei Zhang,Shan Liao

DOI: https://doi.org/10.1016/j.ins.2024.120875

IF: 8.1

2024-01-01

Information Sciences

Abstract:The generation of optimal defense strategies in dynamic adversarial environments is crucial for cybersecurity. Recently, defense approaches based on evolutionary game theory have gained significant achievements. However, they would fail when facing complex networks and sophisticated attack strategies, due to the fatal drawbacks of defense strategy generation considering atomic attacks only. To relieve this issue, a generic approach for generating defense strategies using evolutionary game theory is proposed in this paper. Initially, a novel payoff quantification method for network attack-defense games based on attack graphs is designed. Innovatively, two factors concerning the decision-maker's degree of irrationality (DI) and the level of environmental security (LES) are introduced into the replicator dynamics equation to model the impacts on equilibrium solutions. Noting that Active Directory (AD) domain service is one of the most used and representative information security management system in Windows domains, from which attack graphs and paths can be plainly extracted and analyzed. Therefore, it is necessary and imperative to anchor AD to unfold the theoretical analyses and experiments validation based on a real environment. Case studies on a real-world AD network demonstrate that the proposed approach is effective and can generate stable and efficient defense strategies.

Kun Lv,Yun Chen,Changzhen Hu

DOI: https://doi.org/10.1016/j.inffus.2019.01.001

IF: 18.6

2019-01-01

Information Fusion

Abstract:Advanced persistent threats (APTs) pose a grave threat in cyberspace because of their long latency and concealment. In this paper, we propose a hybrid strategy game-based dynamic defense model to optimally allocate constrained secure resources for the target network. In addition, values of profits of players in this game are computed by a novel data-fusion method called NetF. Based on network protocols and log documents, the NetF deciphers data packets collected from different networks to natural language to make them comparable. Using this algorithm, data observed from the Internet and wireless sensor networks (WSNs) can be fused to calculate the comprehensive payoff of every node precisely. The Nash equilibrium can be computed using the value to detect the possibility of a node being a malicious node. Using this method, the dynamic optimal defense strategy can be allocated to every node at different times, which enhances the security of the target network obviously. In experiments, we illustrate the obtained results via case studies of a cluster of heterogeneous networks. The results guide planning of optimal defense strategies for different kinds of nodes at different times.

Yalong LI,Qin CHEN,Min ZHANG

DOI: https://doi.org/10.3778/j.issn.1002-8331.1808-0070

2019-01-01

Abstract:At present, most of the network security defenses based on game theory use the full information static game or the incomplete information dynamic game theory to establish the offensive and defensive model. However, the use of the full information static game is limited and its practicality is not strong. Therefore, using the incomplete information dynamic game to establish the offensive and defensive model is closer to the actual situation, but the attack and defense model established by the incomplete information dynamic game in the past believes that the observed attack strategy is true, which in fact is likely to have errors. The attack strategy without considering the observed attack strategy is likely to have errors. To this end, this paper introduces the idea of Bayesian decision making with minimum risk. When the defense system misjudges the attack strategy, the risks brought to the system arising from the adopted defense strategy will be taken into account. Then, this paper establishes the game’s moving target optimal defense strategy model based on incom-plete information dynamic game. By analyzing the risk of the defense decision, this model makes the defense strategy revenue more accurate and comprehensive. It uses the refined Bayesian equilibrium of the incomplete information dynamic game to select the optimal defense strategy. Finally, an example is analyzed to verify the validity of the model.

Jianyi Liu,Fangyu Weng,Ru Zhang,Yunbiao Guo

DOI: https://doi.org/10.1007/978-3-030-00012-7_15

2018-01-01

Abstract:To analyze the influence of threat propagation on network system and accurately evaluate system security, this paper proposes an approach to improve the awareness of network security, based on Attack-Defense Stochastic Game Model (ADSGM). The variety of network security elements collected by multi-sensors are fused into a standard dataset such as assets, threats and vulnerabilities. For every threat, it builds a threat propagation network and propagation rule. By using the game theory to analyze the network offensive and defensive process, it establishes the ADSGM. The ADSGM can dynamically evaluate network security situation and provide the best reinforcement schema. Experimental results on a specific network indicate that the approach is more precise and more suitable for a real network environment. The reinforcement schema can effectively prevent the propagation of threats and reduce security risks.