CN113114492A - Security situation perception algorithm based on Markov differential game block chain model - Google Patents
Security situation perception algorithm based on Markov differential game block chain model Download PDFInfo
- Publication number
- CN113114492A CN113114492A CN202110359051.3A CN202110359051A CN113114492A CN 113114492 A CN113114492 A CN 113114492A CN 202110359051 A CN202110359051 A CN 202110359051A CN 113114492 A CN113114492 A CN 113114492A
- Authority
- CN
- China
- Prior art keywords
- attack
- block chain
- game
- defense
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000008447 perception Effects 0.000 title claims abstract description 16
- 230000007123 defense Effects 0.000 claims abstract description 51
- 230000006870 function Effects 0.000 claims abstract description 34
- 238000000034 method Methods 0.000 claims abstract description 22
- 231100000279 safety data Toxicity 0.000 claims abstract description 4
- 208000015181 infectious disease Diseases 0.000 claims description 12
- 230000007704 transition Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 9
- 238000007596 consolidation process Methods 0.000 claims description 8
- 230000006378 damage Effects 0.000 claims description 7
- 230000008901 benefit Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 4
- 230000036039 immunity Effects 0.000 claims description 4
- 238000005065 mining Methods 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 230000001010 compromised effect Effects 0.000 claims description 2
- 230000001066 destructive effect Effects 0.000 claims description 2
- 230000002045 lasting effect Effects 0.000 claims description 2
- 238000004088 simulation Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1042—Peer-to-peer [P2P] networks using topology management mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a security situation perception algorithm based on a Markov differential game block chain model, and belongs to the field of network space security. The method comprises the steps of establishing a corresponding Markov differential game attack graph model through analyzing safety data generated by the eclipse attack; and classifying the attack and defense strengths of both attack and defense parties, and comprehensively evaluating the real-time safety state of the system by combining the safety level of each node of the block chain system and the final objective function value of both game parties through a multi-stage attack and defense game. Simulation experiment results show that the model and the algorithm not only can effectively evaluate the overall safety of the block chain network, but also have feasibility in predicting the future safety state.
Description
Technical Field
The invention discloses a security situation perception algorithm based on a Markov differential game block chain model, and belongs to the field of network space security.
Background
Since 2008, the smart provides a decentralized point-to-point transaction platform bitcoin, the underlying technical block chain is concerned, and any two parties who reach an agreement can directly carry out transaction without participation of a third party due to the characteristics of decentralized and distrusted, so that the information transmission efficiency is effectively improved, and the interaction cost is reduced in the block chain. The blockchain technology utilizes an encrypted chain blockstructure to verify and store data, and utilizes P2P network technology and a consensus mechanism to realize verification, communication and establishment of a trust relationship of distributed nodes. Bitcoin is a product of block chain, becomes a current widely circulated digital virtual currency, and the transaction value of a single bitcoin reaches 10 ten thousand yuan. Therefore, the security privacy problem of blockchains and bitcoins is getting worse and important to detect and prove the security.
Although the research results of scholars at home and abroad have certain advancement on resisting block chain attacks. On one hand, however, the blocks have many nodes, are widely distributed, have many attack types, and cannot detect the security condition of each node in real time. On the other hand, the real-time strategy selection of the attacker and the defender is complex and has no constant rule, and the real block chain attack and defense conditions cannot be reflected. Therefore, the invention provides a security situation perception algorithm based on a Markov differential game block chain model, and the security situation of a block chain network is evaluated in real time.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the defects of the prior art, the invention provides a security situation perception algorithm based on a Markov differential game block chain model.
In order to achieve the purpose, the invention adopts the technical scheme that: in order to achieve the purpose, the invention adopts the technical scheme that: a security situation perception algorithm based on a Markov differential game block chain model comprises the following steps:
(1) threat analysis is carried out on safety data generated by the eclipse attack through an intrusion detection system, and block chain network topology and node connectivity are established;
(2) combining a block chain network topological structure under the eclipse attack, dividing nodes of the whole network into four levels: normal grade G, infection grade B, consolidation grade C, destruction grade H; and classifying the attack and defense strengths of both game parties
Respectively, the attack strengths of the aggressors, wherein,
for defensive strength of defender
It is shown that, among others,
(3) based on a differential game theory and a Markov decision method, an attack graph MAG is constructed, a block chain network attack and defense confrontation in a certain time is converted into a continuous attack and defense process with multiple stages and short duration time of each stage, and situation perception is constructed on the block chain based on a Markov differential game model;
(4) and judging the safety states of the current and future block chain systems by utilizing the number of the nodes of each safety level of the current network, the objective function values (attack and defense benefits) of the aggressor and the defensive party and the objective function difference.
Preferably, in the step (1), the network is divided into a main block, an ore mining block, an attack block, a broadcast block and a defense block according to a blockchain network structure, and a blockchain network topology and node connectivity are established by combining the characteristics of the eclipse attack.
Preferably, in step (2), a security level of a blockchain node is defined, where L ═ G, B, C, and H, respectively expressed as: normal grade G, infection grade B, consolidation grade C, destruction grade H. G → B, the defense strategy selected by the defense party fails, the block chain node jumps from the security level to the infection level, the current attack is in a latent state, and the attacker can continuously attack the adjacent nodes by using the infection node. G → C, success of defense strategy selected by defender, the block chain node has immunity ability to resist attack. B → C, the defense strategy made again by the defender succeeds, the current infected node jumps from the infection level to the consolidation level, and the node has the immunity capability of defending against the attack. B → H, failure of defense strategy developed by defender again, and destructive effect. And classifying the attack and defense strengths of both game parties
Attack with separate representation of aggressorsThe impact strength, wherein,
for defensive strength of defender
It is shown that, among others,
preferably, in the step (3), constructing the attack graph MAG. Factors determining the attack graph include a security state set Z, a game two-party set S, a directed edge set E, a game phase number K and a state transition probability K, and are specifically defined as follows:
(3.1) set of security states: security state usage of all nodes in blockchain nodes
Is shown in which
For initial state of blockchain node, use { Z1,...Zk,...ZKIndicates the ending state of the blockchain node.
Zk∈Z;
(3.2) gaming parties: set for both parties of game (S ═ S)D,SA) Represents an attacker SAThe goal of (1) is to attack the normal block link nodes so that the normal block nodes are either infected nodes or corrupted nodes. Defending person SDThe goal is to detect and enforce a defense policy so that infected or compromised nodes become normal nodes.
And (3.3) E represents a set of directed edges and a set of attack paths of an attacker.
And (3.4) the number of game stages. The number of stages of the games of the two sides of the multi-stage game is represented by K, the game of one stage is represented by M (K), K is {1,2,. multidot.K }, and the game duration of each stage is [ tstart,tend]A multi-stage gaming process M (K) having K stages each lasting for a gaming time T, the time Tk,tk+T]And is and
and (3.5) state transition probability. P for state transition probability of four security level nodesijIs represented by the formula, wherein Pij=(Zj|Zi) Indicating the current state of the system from ZiJump to Zj。
Preferably, in the step (4), an objective function R is set, and a discount factor μ is introduced into the function to obtain an objective function of an attacker
And the objective function of the defender
Using difference of objective function
And comprehensively evaluating the whole security situation of the block chain according to the security level change of each node.
Has the advantages that: compared with the prior art, the technical scheme of the invention has the following beneficial technical effects: aiming at the problem that multi-stage continuous real-time randomness is difficult to meet in the current block chain network attack and defense process, the block chain network security situation sensing method based on the Markov differential game model is provided for analyzing the influence of the eclipse attack on the block chain network and comprehensively and accurately evaluating the security of the current system. In the method, the number of the block chain link points is large and wide in distribution, and the safety change of the nodes is not easy to perceive, so that the nodes are divided into 4 grades: normal grade G, infection grade B, consolidation grade C, destruction grade H. Therefore, the whole safety condition of the block chain network can be detected in real time. (2) According to the method, a eclipse attack is taken as a unique attack mode, a differential game theory and a Markov decision method are taken as bases, an attack graph MAG is constructed, a block chain network attack and defense confrontation within a certain time is converted into a multi-stage continuous attack and defense process with short duration of each stage, and situation perception is conducted on a block chain based on a Markov differential game model; the method can resist multi-stage continuous real-time random attacks, and experiments show that the method can effectively evaluate the effectiveness of the defense scheme in various defense scenes and provide a basis for formulating a reasonable and feasible defense scheme.
Drawings
FIG. 1 is a diagram of the present invention attack pattern eclipse attack.
FIG. 2 is a block chain situation aware prediction model framework diagram implemented in accordance with the present invention.
FIG. 3 is a block-chain network topology structure diagram according to the present invention.
Fig. 4 is a diagram of the Markov differential game of the present invention.
FIG. 5 attack graph MAG of the present invention.
FIG. 6 is a diagram of strategy selection trajectories for both parties in each stage of the game.
FIG. 7 is a comparison graph of objective function values of both parties in the game of the present invention.
FIG. 8 is a block chain security posture diagram of the present invention.
Detailed Description
The present invention is further described below in conjunction with the appended drawings to enable one skilled in the art to practice the invention with reference to the description.
The technical scheme adopted by the invention is as follows: a security situation perception algorithm based on a Markov differential game block chain model comprises the following steps:
(1) threat analysis is carried out on safety data generated by the eclipse attack through an intrusion detection system, and block chain network topology and node connectivity are established;
(2) combining a block chain network topological structure under the eclipse attack, dividing nodes of the whole network into four levels: normal grade G, infection grade B, consolidation grade C, destruction grade H;
(3) based on a differential game theory and a Markov decision method, an attack graph MAG is constructed, a block chain network attack and defense confrontation in a certain time is converted into a continuous attack and defense process with multiple stages and short duration time of each stage, and situation perception is constructed on the block chain based on a Markov differential game model;
(4) and judging the safety states of the current and future block chain systems by utilizing the number of the nodes of each safety level of the current network, the objective function values (attack and defense benefits) of the aggressor and the defensive party and the objective function difference.
The invention is further described in detail with reference to the accompanying drawings, and provides a security situation perception algorithm based on a Markov differential game block chain model, wherein a eclipse attack mode is shown in FIG. 1;
the eclipse attack is also called eclipseAttack, belongs to one of network layer attacks, and in the bitcoin P2P network structure, the bitcoin information is issued by adopting broadcasting among nodes. Each block chain node has 117 information input connections and 8 information output connections, and an attacker 'strategically' controls the receiving and sending of all information of the victim node, so that the number of inbound connections of the victim node reaches an upper limit, and connection requests of other normal nodes are prevented. The eclipse attack mainly aims at a victim with a common IP, and the attacker fills the IP address of the puppet node into the tried table of the victim node by controlling a plurality of puppet nodes and sending a large number of persistent TCP incoming connections to the victim node. The puppet node continues to send an ADDR message ("garbage" IP address) to the victim node, which stores the "garbage" IP address in the new table. The attacker continues to transmit a large number of TCP connections and add messages until the victim node reboots, so that the victim node will most likely establish all 8 outgoing connections with the attacker's address, thereby eventually occupying all 117 incoming nodes of the victim. After the eclipse attack succeeds, the attack node Z monopolizes the incoming connection and the outgoing connection of the victim node, and at the moment, the attack node Z can send any information to the victim node and intercept the real information broadcasted to the attack node by the remaining block chain network.
The block chain situation awareness prediction model frame diagram is shown in FIG. 2; the basic idea is to acquire the running condition of a block chain system, the connectivity of input connection and output connection of block chain nodes and the asset information of a block chain in real time, establish attack graphs of both attacking and defending parties by analyzing the state of the current block chain system, and dynamically select a control strategy according to the reward function of the attacking and defending parties by combining a Markov differential game model. And finally, evaluating the harmfulness situation of the attacker to the block chain system according to the objective function, and giving an optimal reinforcement scheme by the defender according to the objective function.
The block chain network topology is shown in fig. 3; a blockchain model is built, and the model mainly comprises five blocks: main block, mining block, attack block, broadcast block and defense block. The nodes in the five blocks are connected to the network through the internet. Each PC in the network starts 1-30 unequal nodes, each node can use 1-100 different addresses to simulate a maximum of 1500 different nodes, 150000 different addresses and configure a network bandwidth of 20Mbps for each node, in order to simulate the most real network situation, 300 nodes are built in the network, 200ms transmission delay is set for each node in the transmission process, and each node is connected with 125 other nodes at most. In the test, all the victim nodes attacked by the attacker are on the attack block virtual machine, and the victim nodes run in the common bitcoin network (broadcast block, main block, mining block). The attacker block can read all data packets from the victim node on the common chain and can therefore forge TCP connections from arbitrary IP addresses.
The Markov differential gaming process is shown in fig. 4; the method comprises the steps that an attack and defense party continuously makes decisions and dynamically games from an initial state, the game party dynamically selects game behaviors of the game party according to the current state of a system and a reward function of the game party, the security condition of the system changes along with the dynamic change of the dynamic games of the game party, and the system jumps from one state to another state according to the probability P.
(1) The first stage is as follows: the attack and defense parties are in the initial state
Starting the game, after the game is finished, the system state jumps to the stage finishing state Z1The first stage game ends and the system is in state a.
(2) And a second stage: on the one hand, defense formulated by the defense partyStrategy success, system with P1xJumps to state B. The attack and defense parties are in the initial state
Playing the game, after the game is finished, the system state jumps to the stage finishing state Zx. On the other hand, the defense strategy formulated by the defense party fails, and the system is expressed as P1yJumps to state C. The attack and defense parties are in the initial state
Playing the game, after the game is finished, the system state jumps to the stage finishing state Zy。
(3) The k stage that the attacking and defending parties are in the initial state
Starting the game, after the game is finished, the system state jumps to the stage finishing state ZkThe first stage game ends and the system is in state K.
Attack graph MAG (partially shown) is shown in FIG. 5; the invention assumes that the state transition probability among different stages is fixed, sets specific transition probability according to historical data and expert experience, simplifies the game process of both game parties, and establishes an attack graph MAG and a state transition probability table shown in Table 1.
TABLE 1 State transition probability Table
And selecting a main attack path to carry out game experiments. The attack path is:
first stage
The attacker is beginning to focus on low-intensity attack strategies, taking care of imperceptibility and infectivity. The defense party adopts a middle-high-strength defense strategy due to the insufficient concealment and attack perception of the early attack party. In the later period, as the attack intensity of an attacker is increased, the attacker mainly takes a medium-high-intensity attack strategy as a main part, and the defending party defends with a high-intensity defending strategy. At the end of this phase, the node state is from Z2With P25Probability of 0.3 jumps to state
Second stage
The method comprises the steps that both attacking and defending parties adopt a high-strength attacking and defending strategy in the early stage, along with the beginning of game of both the attacking and defending parties, the attacking party selects an attacking strategy with medium and low strength in consideration of the cost of the attacking and defending parties in strategy execution, and a defender adopts a defending strategy with medium and low strength. At the end of this phase, the node state is from Z5With P57Probability of 0.3 jumps to state
The third stage
In the early stage, the attacking and defending parties adopt a high-strength game strategy for confrontation, in the later stage, as the attacker continuously establishes TCP connection and sends ADDR messages to the victim node, the attacker continues to adopt the high-strength attack strategy, the defender keeps high vigilance, and the high-strength defense strategy is continuously and probably adopted. At the end of this phase, the node state is from Z7With P79Probability of 0.3 jumps to state
Fourth stage
Attack sideThe final purpose of the method is to enable all incoming connections and outgoing connections of the victim node to be controlled by the attacker, so that the whole block chain network is dominated by the attacker, and the probability of the attack strategy with medium and high intensity is kept above 0.7. The final purpose of the defender is to enable the victim node not to be controlled by the attack node, and the probability of adopting a high-strength defense strategy is more than 0.5.
A game two-party objective function value pair such as shown in figure 7; through the attacking and defending game of the attacking party and the defending party in four stages, the attacking and defending party selects the optimal attacking and defending strategy to enable the attacking and defending party to obtain the maximum attacking and defending income, namely the maximum objective function value of the attacking and defending party. The maximum objective function value of the attacking and defending parties in the first stage is as follows: 19.2 and 10.8. The maximum objective function value of the attack and defense parties in the second stage is as follows: 25.9 and 14.1. The maximum objective function value of the attacking and defending parties in the third stage is as follows: 32.6, 17.1. The maximum objective function value of the attacking and defending parties in the fourth stage is as follows: 39.3, 23.3. The maximum objective function difference value of the attacking party and the defending party is as follows: 8.4, 11.8, 15.5, 16.
The blockchain network security posture is shown in fig. 8; and performing overall evaluation on all the states of the current block chain network by using the target function difference value in combination with the target function value and the target function difference value of each stage of the attacking party and the defending party of all the paths obtained by the attack graph MAG. In the early stage, due to the fact that an attacker pays attention to the concealment and the defending party has insufficient perception on the attack, the target function difference value
Smaller, the damage value to the system is smaller. In the middle period, the attacker concentrates the calculation force attack to cause the difference value of the objective function
Larger, causes greater losses to the blockchain system. In the later stage, the defender implements high-intensity defense, the objective function value of the attacker is reduced, the objective function value of the defender is increased, and the objective function value is reduced and tends to be stable.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may include only a single embodiment, and such description is for clarity only, and those skilled in the art will be able to make the description as a whole, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (5)
1. A security situation perception algorithm based on a Markov differential game block chain model comprises the following steps:
(1) threat analysis is carried out on safety data generated by the eclipse attack through an intrusion detection system, and block chain network topology and node connectivity are established;
(2) combining a block chain network topological structure under the eclipse attack, dividing nodes of the whole network into four levels: normal grade G, infection grade B, consolidation grade C, destruction grade H; and classifying the attack and defense strengths of both game parties
Respectively, the attack strengths of the aggressors, wherein,
for defensive strength of defender
It is shown that, among others,
(3) based on a differential game theory and a Markov decision method, an attack graph MAG is constructed, a block chain network attack and defense confrontation in a certain time is converted into a continuous attack and defense process with multiple stages and short duration time of each stage, and situation perception is constructed on the block chain based on a Markov differential game model;
(4) and judging the safety states of the current and future block chain systems by utilizing the number of the nodes of each safety level of the current network, the objective function values (attack and defense benefits) of the aggressor and the defensive party and the objective function difference.
2. A security situation awareness algorithm based on a Markov differential gaming blockchain model as described in claim 1, wherein: in the step (1), according to the block chain network structure, the network is divided into a main block, an ore mining block, an attack block, a broadcast block and a defense block, and the block chain network topology and the node connectivity are established by combining the characteristics of the eclipse attack.
3. A security situation awareness algorithm based on a Markov differential gaming blockchain model as described in claim 1, wherein: in the described step (2), the security level of its blockchain node is defined, where L ═ G, B, C, H, respectively expressed as: normal grade G, infection grade B, consolidation grade C, destruction grade H. G → B, the defense strategy selected by the defense party fails, the block chain node jumps from the security level to the infection level, the current attack is in a latent state, and the attacker can continuously attack the adjacent nodes by using the infection node. G → C, success of defense strategy selected by defender, the block chain node has immunity ability to resist attack. B → C, the defense strategy made again by the defender succeeds, the current infected node jumps from the infection level to the consolidation level, and the node has the immunity capability of defending against the attack. B → H, failure of defense strategy developed by defender again, and destructive effect.
4. A security situation awareness algorithm based on the Markov differential gaming block-chain model as described in claim 1, wherein in the step (3) described, the attack graph MAG is constructed. Factors determining the attack graph include a security state set Z, a game two-party set S, a directed edge set E, a game phase number K and a state transition probability K, and are specifically defined as follows:
(3.1) set of security states: security state usage of all nodes in blockchain nodes
Is shown in which
For initial state of blockchain node, use { Z1,...Zk,...ZKIndicates the ending state of the blockchain node.
(3.2) gaming parties: set for both parties of game (S ═ S)D,SA) Represents an attacker SAThe goal of (1) is to attack the normal block link nodes so that the normal block nodes are either infected nodes or corrupted nodes. Defending person SDThe goal is to detect and enforce a defense policy so that infected or compromised nodes become normal nodes.
And (3.3) E represents a set of directed edges and a set of attack paths of an attacker.
And (3.4) the number of game stages. The number of stages of the games of the two sides of the multi-stage game is represented by K, the game of one stage is represented by M (K), K is {1,2,. multidot.K }, and the game duration of each stage is [ tstart,tend]A multi-stage gaming process M (K) having K stages each lasting for a gaming time T, the time Tk,tk+T]And is and
and (3.5) state transition probability. P for state transition probability of four security level nodesijIs represented by the formula, wherein Pij=(Zj|Zi) Indicating the current state of the system from ZiJump to Zj。
5. The security situation awareness algorithm based on the Markov differential game block chain model as claimed in claim 1, wherein in the step (4) described, the objective function R is set, and the discount factor μ is introduced into the function to obtain the objective function of the aggressor
And the objective function of the defender
Using difference of objective function
And comprehensively evaluating the whole security situation of the block chain according to the security level change of each node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110359051.3A CN113114492A (en) | 2021-04-01 | 2021-04-01 | Security situation perception algorithm based on Markov differential game block chain model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110359051.3A CN113114492A (en) | 2021-04-01 | 2021-04-01 | Security situation perception algorithm based on Markov differential game block chain model |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113114492A true CN113114492A (en) | 2021-07-13 |
Family
ID=76713452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110359051.3A Pending CN113114492A (en) | 2021-04-01 | 2021-04-01 | Security situation perception algorithm based on Markov differential game block chain model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113114492A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114548409A (en) * | 2022-01-30 | 2022-05-27 | 清华大学 | Unmanned vehicle task allocation game method and device based on state potential field |
| CN115941291A (en) * | 2022-11-16 | 2023-04-07 | 西南科技大学 | Analysis system and method for security situation awareness of DPoS (distributed denial of service) block chain network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210014065A1 (en) * | 2019-07-11 | 2021-01-14 | Battelle Memorial Institute | Blockchain cybersecurity solutions |
| CN112232844A (en) * | 2019-07-14 | 2021-01-15 | 湖南科技学院 | Block chaining coin mine pool multi-miner cooperative evolution method based on time sequence difference algorithm |
-
2021
- 2021-04-01 CN CN202110359051.3A patent/CN113114492A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210014065A1 (en) * | 2019-07-11 | 2021-01-14 | Battelle Memorial Institute | Blockchain cybersecurity solutions |
| CN112232844A (en) * | 2019-07-14 | 2021-01-15 | 湖南科技学院 | Block chaining coin mine pool multi-miner cooperative evolution method based on time sequence difference algorithm |
Non-Patent Citations (2)
| Title |
|---|
| 叶聪聪;李国强;蔡鸿明;顾永跟;: "区块链的安全检测模型" * |
| 徐?;吴慧慈;陶小峰;: "5G网络空间安全对抗博弈" * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114548409A (en) * | 2022-01-30 | 2022-05-27 | 清华大学 | Unmanned vehicle task allocation game method and device based on state potential field |
| CN114548409B (en) * | 2022-01-30 | 2023-01-10 | 清华大学 | Unmanned vehicle task allocation game method and device based on state potential field |
| CN115941291A (en) * | 2022-11-16 | 2023-04-07 | 西南科技大学 | Analysis system and method for security situation awareness of DPoS (distributed denial of service) block chain network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tian et al. | Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory | |
| Eyal et al. | Majority is not enough: Bitcoin mining is vulnerable | |
| Nayak et al. | Stubborn mining: Generalizing selfish mining and combining with an eclipse attack | |
| Shamshirband et al. | Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks | |
| CN110035066B (en) | Attack and defense behavior quantitative evaluation method and system based on game theory | |
| CN113114492A (en) | Security situation perception algorithm based on Markov differential game block chain model | |
| Motlagh et al. | The impact of selfish mining on bitcoin network performance | |
| CN111064702B (en) | Active defense strategy selection method and device based on bidirectional signal game | |
| Li et al. | Mining blocks in a row: A statistical study of fairness in Bitcoin mining | |
| Vijayalakshmi et al. | Hybrid defense mechanism against malicious packet dropping attack for MANET using game theory | |
| Casey et al. | Cyber security via signaling games: Toward a science of cyber security | |
| Li et al. | Proof-of-work cryptocurrency mining: a statistical approach to fairness | |
| Ebazadeh et al. | A reliable and secure method for network‐layer attack discovery and elimination in mobile ad‐hoc networks based on a probabilistic threshold | |
| Liu et al. | Network defense decision-making based on a stochastic game system and a deep recurrent Q-network | |
| Zhang et al. | Analysing the benefit of selfish mining with multiple players | |
| Schwarz-Schilling et al. | Agent-based modelling of strategic behavior in pow protocols | |
| Mairaj et al. | Game theoretic solution for an Unmanned Aerial Vehicle network host under DDoS attack | |
| Amiri-Zarandi et al. | SIDS: A federated learning approach for intrusion detection in IoT using Social Internet of Things | |
| Gojka et al. | Security in distributed ledger technology: An analysis of vulnerabilities and attack vectors | |
| CN107454069B (en) | Inter-domain routing system mimicry protection method based on AS security alliance | |
| Miller | Distributed virtual environment scalability and security | |
| Webb et al. | A survey on network game cheats and P2P solutions | |
| Gao et al. | A cyber deception defense method based on signal game to deal with network intrusion | |
| Feng et al. | Security analysis of block withholding attacks in blockchain | |
| Ersoy et al. | Information propagation on permissionless blockchains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210713 |