CN106789906A - Betting data analysis method and device - Google Patents
Betting data analysis method and device Download PDFInfo
- Publication number
- CN106789906A CN106789906A CN201611046138.0A CN201611046138A CN106789906A CN 106789906 A CN106789906 A CN 106789906A CN 201611046138 A CN201611046138 A CN 201611046138A CN 106789906 A CN106789906 A CN 106789906A
- Authority
- CN
- China
- Prior art keywords
- present node
- game
- action
- income
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A kind of betting data analysis method and device, wherein, methods described includes:Obtain the game avail data of a upper node;Obtain the action and identity of the game participant of present node;The action and identity of the game participant according to present node determine the current action income of present node game participant;Game avail data and current action income according to a upper node obtain the game avail data of present node.So as to provide game quantized data for present node game, provide objective data foundation can then to the Analysis of Policy Making of safety management.Additionally, obtaining the game avail data of present node according to the game avail data of a upper node such that it is able to reduce the amount of analysis of present node income determination, analysis efficiency is improved.
Description
Technical field
The present invention relates to network data security field, and in particular to a kind of betting data analysis method and device.
Background technology
Intelligent grid is that modern power network is improved remote control using computer and Internet technology and automated to client
Power generating facilities and power grids equipment is provided.Protect power network from network attack, ensure its reliable and secure operation, it has also become power grid security is studied
One of top priority.And the critical workflow of intelligent grid is to be monitored by intelligent grid and data monitoring control
(Supervisory Control and Data Acquisition, SCADA) system is controlled and managed.SCADA system is very
Various types of network attacks are easily subject to, cause production destruction, even economic loss, human injury.Therefore, intelligent grid
The security of SCADA system is most important.
Current SCADA system is accessed by facility employee, client or third-party vendor and interconnected to reduce cost
Net comes shared service information or issue metering data.Even if isolating SCADA network systems by the policy of company, but not just
True computer network installs configuration mode can still make SCADA system and its critical workflow face destructive network attack
Risk.SCADA system lacks intrinsic security, makes it easier to turn into the target of network attack.Used different from others
The system that digital signature comes monitoring data flow and alarm known attack signature, SCADA system is easier to be subjected to zero-day attack.
Research at present has focused largely on the reaction of system after attacking intrusion detection and attacking, although these researchs have risen very big
Effect, but the attack of attacker is complicated and changeable, attacker can at any time change attack strategies.Therefore,
The necessary method for taking system, the behavior of attacker is included the Analysis of Policy Making of safety management, this it is critical that, because
Their technology, or even the safe practice for leading system can be updated for attacker.
Therefore, how in the gambling process of attack defending, turn into urgently for safety officer provides game quantized data
The technical problem of solution.
The content of the invention
The technical problem to be solved in the present invention is that game quantized data how is provided during network attack.
Therefore, according in a first aspect, the embodiment of the invention discloses a kind of betting data analysis method, including:
Obtain the game avail data of a upper node;Obtain the action and identity of the game participant of present node;
The action and identity of the game participant according to present node determine the current action income of present node game participant;
Game avail data and current action income according to a upper node obtain the game avail data of present node.
Alternatively, the game avail data and current action income according to a upper node obtain the game income of present node
Data include:Game avail data and current action income summation to a upper node obtains the game income number of present node
According to.
Alternatively, the action and identity of the game participant according to present node determines present node game participant
Current action income include:The action and identity of the game participant according to present node obtain the influence of present node
The factor, factor of influence is the parameter obtained according to sample data study;Factor of influence according to present node determines present node
The current action income of game participant.
Alternatively, the factor of influence of present node is obtained using equation below:Impact (a)=wCC(a)+wIC(a)+wAC
(a), wherein, a is the action of present node game participant, and Impact (a) is the factor of influence of present node, wC、wIAnd wAPoint
It is not the weight coefficient of the confidentiality relevant with current action, integrality and availability, C (a) is the default of present node action
Value.
Alternatively, the factor of influence according to present node determines the current action income bag of present node game participant
Include:When the action of present node game participant is to attack:If the identity of present node game participant is attack
Person, then income of the attacker under current action is d × Impact (a), wherein, d is constant coefficient, and Impact (a) is to work as prosthomere
The factor of influence of point;If the identity of present node game participant is defender, defender is under current action
Income is-Impact (a)d;When the action of present node game participant is for defence:If present node game participant's
Identity is attacker, then income of the attacker under current action is 0;If the identity mark of present node game participant
It is defender to know, then income of the defender under current action is Impact (a).
According to second aspect, the embodiment of the invention discloses a kind of betting data analytical equipment, including:
First acquisition module, the game avail data for obtaining a upper node;Second acquisition module, it is current for obtaining
The action and identity of the game participant of node;Action income module, for the game participant's according to present node
Action and identity determine the current action income of present node game participant;Current income module, for according to upper one
The game avail data and current action income of node obtain the game avail data of present node.
Alternatively, current income module is used to obtain game avail data and current action the income summation of a upper node
The game avail data of present node.
Alternatively, action income module includes:The factor obtains unit, for the dynamic of the game participant according to present node
Work and identity obtain the factor of influence of present node, and factor of influence is the parameter obtained according to sample data study;Income
Determining unit, the current action income for determining present node game participant according to the factor of influence of present node.
Alternatively, the factor obtains the factor of influence that unit obtains present node using equation below:Impact (a)=wCC
(a)+wIC(a)+wAC (a), wherein, a for present node game participant action, Impact (a) for present node influence because
Son, wC、wIAnd wAThe weight coefficient of confidentiality, integrality and availability respectively relevant with current action, C (a) is to work as prosthomere
The default value of point action.
Alternatively, income determining unit includes:First subelement, for being to attack when the action of present node game participant
When hitting:If the identity of present node game participant be attacker, income of the attacker under current action be d ×
Impact (a), wherein, d is constant coefficient, and Impact (a) is the factor of influence of present node;If present node game participant
Identity be defender, then income of the defender under current action be-Impact (a)d;Second subelement, for working as
When the action of present node game participant is for defence:If the identity of present node game participant is attacker,
Income of the attacker under current action is 0;If the identity of present node game participant is defender, defender
Income under current action is Impact (a).
Technical solution of the present invention, has the following advantages that:
Betting data analysis method provided in an embodiment of the present invention and device, due to the game participant according to present node
Action and identity determine the current action income of present node game participant, then, according to the game of a upper node
Avail data and current action income obtain the game avail data of present node such that it is able to for present node game provides rich
Quantized data is played chess, provides objective data foundation can then to the Analysis of Policy Making of safety management.Additionally, according to a upper node
Game avail data obtains the game avail data of present node such that it is able to reduce the amount of analysis of present node income determination,
Improve analysis efficiency.
Brief description of the drawings
In order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art, below will be to specific
The accompanying drawing to be used needed for implementation method or description of the prior art is briefly described, it should be apparent that, in describing below
Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid
Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of betting data analysis method flow chart in the embodiment of the present invention;
Fig. 2 is betting model tree example schematic diagram in the embodiment of the present invention;
Fig. 3 is a kind of betting data analytical equipment structural representation in the embodiment of the present invention.
Specific embodiment
Technical scheme is clearly and completely described below in conjunction with accompanying drawing, it is clear that described implementation
Example is a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill
The every other embodiment that personnel are obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", D score, "left", "right", " vertical ",
The orientation or position relationship of the instruction such as " level ", " interior ", " outward " be based on orientation shown in the drawings or position relationship, merely to
Be easy to the description present invention and simplify describe, rather than indicate imply signified device or element must have specific orientation,
With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.Additionally, term " first ", " second ",
" the 3rd " is only used for describing purpose, and it is not intended that indicating or implying relative importance.
In the description of the invention, it is necessary to illustrate, unless otherwise clearly defined and limited, term " installation ", " phase
Company ", " connection " should be interpreted broadly, for example, it may be being fixedly connected, or being detachably connected, or be integrally connected;Can
Being to mechanically connect, or electrically connect;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, can be with
It is two connections of element internal, can is wireless connection, or wired connection.For one of ordinary skill in the art
For, above-mentioned term concrete meaning in the present invention can be understood with concrete condition.
As long as additionally, technical characteristic involved in invention described below different embodiments non-structure each other
Can just be combined with each other into conflict.
In order to provide game quantized data during network attack, present embodiment discloses a kind of betting data analysis side
Method, refer to Fig. 1, be the betting data analysis method flow chart, and the method comprises the following steps:
Step S100, obtains the game avail data U of a upper noded-1, wherein, d is the integer more than or equal to 1.In tool
In body embodiment, according to actual needs, game of the game both sides (attacker and defender) in a upper node can be respectively obtained
Avail data Ud-1To analyze the game income of current game both sides respectively;The game income of a node in an acquisition can also be selected
Data Ud-1To analyze the game income of current a certain participant.It should be noted that in a particular embodiment, as d=1, on
One node be root node, generally at root node (d-1=0), game both sides do not act, can the income zero setting of two participants,
Game avail data i.e. in root node both sides is 0.
Step S200, obtains the action and identity of the game participant of present node.In a particular embodiment, due to
In action, the income of the applying side of game action can increase any one party of game both sides, the receipts of the contra of game action
Benefit can be reduced.Therefore, in order to realize the income of present node game both sides, it is necessary to obtain work and the identity mark of game participant
Know, in the present embodiment, alleged identity is used to distinguish the attacker and defender of game both sides.
Step S300, the action and identity of the game participant according to present node determine that present node game is participated in
The current action income B of person.In a particular embodiment, the identity of current game participant, and the participant are being obtained
After performed action, can determine that current action gives game both sides institute band according to the identity of participant and the attribute of action
The action income B for coming.Specifically, can rule of thumb determine the brought action income B of each action, obtain participant's
After action and identity, corresponding action income B can be directly extracted.
Step S400, the game avail data U according to a upper noded-1The rich of present node is obtained with current action income B
Play chess avail data Ud.In a particular embodiment, can be to the game avail data U of a upper noded-1Asked with current action income B
With the game avail data U for obtaining present noded.Specifically, the rich of present node can be calculated using equation below
Play chess avail data Ud:
Ud(p, a)=Ud-1(p,a')+B(p,a,d) (1)
Wherein, Ud(p, a) is the income of present node, and d is the node depth of present node, and p is identified for participant, and a is
The action of participant, B (p, a, d) is the current action income produced by participant p present node depth d implementations action a.According to
Knowable to formula (1), a node game avail data U in acquisitiond-1Afterwards, it may not be necessary to know that upper node participant carries out dynamic
Make the action income of a ', i.e.,:The game avail data U of present noded(p, a) with the game avail data U of a upper noded-1(p,
A') and present node current action income B (p, a, d) it is relevant.For root node, due to game, both sides do not act, can
With by the game avail data zero setting of game both sides, i.e. U0=0.
In an alternate embodiment of the invention, when step S300 is performed, the action of the game participant according to present node and body
Part mark determines that the current action income B of present node game participant can include:Game participant according to present node
Action and identity obtain the factor of influence of present node, factor of influence is the parameter obtained according to sample data study;
Factor of influence according to present node determines the current action income B of present node game participant.
In a particular embodiment, produced shadow when can be calculated present node execution action a using equation below
Ring factor Impact (a):
Impact (a)=wCC(a)+wIC(a)+wAC(a) (2)
Wherein, a is the action of present node game participant, and Impact (a) is the factor of influence of present node, generally may be used
Beforehand through the data produced by each action to each participant to carry out offline or on-line study, to obtain different action institutes right
The factor of influence size answered, wC、wIAnd wAThe weighting system of confidentiality, integrality and availability respectively relevant with current action
Number, C (a) is the default value of present node action.In a particular embodiment, preset value C (a) can with empirically determined,
Specifically, history samples data can be analyzed and is obtained, it can be [0,10] for example to preset value C (a) span.Make
It is example, it is assumed that intelligent grid SCADA sensor networks are a given shielded assets, intelligent grid SCADA system
Used as sensor network, its main function is to send and receive data in sensor communication, therefore, in three secure contexts
Data integrity is mostly important, next to that availability, is again confidentiality, because data are ravesdropping does not necessarily represent number
According to loss.Here, we can be according to three importance of aspect come to the grade and correspondingly quantization parameter for dividing weight, i.e.,
wI> wA> wC, for example, can make wI=0.6, wA=0.3, wC=0.1.
In a particular embodiment, the factor of influence according to present node determines the current action of present node game participant
Income B can include:
When the action of present node game participant is to attack A (a is the action of A):
If the identity of present node game participant is attacker, income B of the attacker under current action
It is d × Impact (a), wherein, d is constant coefficient, and Impact (a) is the factor of influence of present node;If present node game
The identity of participant is defender, then income B of the defender under current action is-Impact (a)d;
When the action of present node game participant is for defence D (a is the action of D):
If the identity of present node game participant is attacker, income B of the attacker under current action
It is 0;If the identity of present node game participant is defender, income B of the defender under current action is
Impact(a)。
Specifically, refer to following table:
Table 1
| B(p,a,d) | A is the action of A | A is the action of D |
| Attacker | d×Impact(a) | 0 |
| Defender | -Impact(a)d | Impact(a) |
In sum, game both sides participant p (attacker and defender) present node depth can be respectively obtained by table 1
Current action income B (p, a, d) produced by degree d implementation actions a.
For ease of it will be appreciated by those skilled in the art that being illustrated with specific example below:
The sensor network of SCADA system is supplied comprising perception with the sensor of gathered data and for data processing, electric power
Should be with the modules of communication.All RTUs (Remote Terminal Unit, RTU) by SCADA system
The data that module is detected all can be by convergence in real time.The most common threat of intelligent grid SCADA sensor networks mainly has
Four types (attack A):Sybil is attacked, node is compromised, eavesdrop, data are injected, and might as well set these attacks A difference
It is aS、aNC、aeAnd aDI。
For these attacks, betting model is built, define the action of attacker A and defender D:
Sybil is attacked and node is compromised enters sensor network by destroying sensor node, and eavesdrops and data
Injection is only the final purpose of attacker, i.e. the action of A includes that mentioned immediately above four kinds are attacked (if do not produce action to be acting
anil)。
And the defence on the practical significance of SCADA sensor networks is the detection and control of RTU.RTU is not only managed and passed
The energy and broadcast control information of sensor node but also the sensor of abnormal behaviour can be removed, safeguard global routing table,
Submit detection data to and send an alert to MTU (Maximum Transmission Unit, MTU) in case SCADA
Broken down between sensor network and RTU networks, sensor network agency mainly takes following three points to act (defence to attacking
Action D):(1)reCompletely cut off the energy of sensor;(2)raIt is to send alarm to MTU;(3)rmMajor corrections data and effective node.
Because using arriving all in each step, individually how influence attacker does not take his attack next time to move for these actions
Make, we can be considered as these actions one defense reaction motor unit of game<re, ra, rm>, defender D do not produce
R is used during actionnilRepresent.
Next, the shadow that the information assets based on it to three secure contexts (integrality, availability and confidentiality) is produced
Ring to quantify the influence of each action.With reference to the weight that formula (2) is mentioned, the influence of each action can be drawn, obtain working as prosthomere
Factor of influence Impact (a) of the action of point, as shown in table 2:
Table 2
| Action a | Description | wCC(a) | wIC(a) | wAC(a) | Impact(a) |
| <re, ra, rm> | Defence | 6 | 6 | 1 | 4.5 |
| aS | Sybil is attacked | 6 | 1 | 1 | 1.5 |
| aNC | Node is compromised | 6 | 1 | 1 | 1.5 |
| ae | Eavesdropping | 8 | 1 | 1 | 1.7 |
| aDI | Data are injected | 1 | 8 | 6 | 6.7 |
Data display shows in table 2, and for attacker, completeness and availability make data inject with highest shadow
Value is rung, is 6.7.
Next the analysis to game theory:
Fig. 2 is refer to, is this example betting model tree, each node of game theory has the corresponding income form of expression
(A ' s payoff, D ' s payoff), wherein, A ' s payoff represent the income of present node attacker A, D ' s payoff tables
Show the income of present node defender D.Income can be by formula (1) and formula (2) and the behavioral implications shown in Tables 1 and 2
To calculate.It should be noted that the numerical value of " () " is the income example of present node game both sides in accompanying drawing 2.
From root node pay for (0,0) as attacker A decision node, and attacker A can only carry out node compromise or
Sybil is attacked and is gone to destroy SCADA sensor networks, and the second layer is then the reaction of defender D, but it can not be by action<re, ra,
rm>Or other any modes are defendd.No matter A root node select be what act, if defender D is not defendd, attack
The person of hitting A just can continue to be eavesdropped or data injection.
Assuming that in root node, after defender D has made the alarm that defence sends malicious node to RMU, attacker A hairs
Go out Sybil attacks, even if Sybil nodes attempt injecting data, but the controller of RTU can abandon abnormal data, note data
It is invalid to enter.Sybil nodes can make it possible eavesdropping as tie point.If additionally, attacker A carries out node in root node
Compromise and attack, defender D is defendd by eliminating compromise node, then A will be unable to further be attacked.
The present embodiment also discloses a kind of betting data analytical equipment, refer to Fig. 3, is the betting data analytical equipment knot
Structure schematic diagram, the betting data analytical equipment includes:First acquisition module 100, the second acquisition module 200, action income module
300 and current income module 400, wherein:
First acquisition module 100 is used to obtain the game avail data U of a noded-1, wherein, d is more than or equal to 1
Integer;Second acquisition module 200 is used for the action and identity of the game participant for obtaining present node;Action income mould
The action and identity that block 300 is used for the game participant according to present node determine that present node game participant's is current
Action income B;Current income module 400 is used for the game avail data U according to a upper noded-1Obtained with current action income B
The game avail data U of present noded。
In an alternate embodiment of the invention, current income module is used for the game avail data U to a upper noded-1It is dynamic with current
Make the game avail data U that income B summations obtain present noded。
In an alternate embodiment of the invention, action income module includes:The factor obtains unit, for the game according to present node
The action and identity of participant obtain the factor of influence of present node;Income determining unit, for according to present node
Factor of influence determines the current action income B of present node game participant.
In an alternate embodiment of the invention, the factor obtains the factor of influence that unit obtains present node using equation below:
Impact (a)=wCC(a)+wIC(a)+wAC (a), wherein, a is the action of present node game participant, and Impact (a) is to work as
The factor of influence of front nodal point, wC、wIAnd wAThe weighting system of confidentiality, integrality and availability respectively relevant with current action
Number, C (a) is the default value of present node action.
In an alternate embodiment of the invention, income determining unit includes:First subelement, for as present node game participant
Action for attack when:If the identity of present node game participant is attacker, attacker is under current action
Income B be d × Impact (a), wherein, d is constant coefficient, and Impact (a) is the factor of influence of present node;If working as prosthomere
The identity of point game participant is defender, then income B of the defender under current action is-Impact (a)d;Second
Subelement, for when the action of present node game participant is for defence:If the identity mark of present node game participant
It is attacker to know, then income B of the attacker under current action is 0;If the identity of present node game participant is
Defender, then income B of the defender under current action is Impact (a).
Betting data analysis method provided in an embodiment of the present invention and device, due to the game participant according to present node
Action and identity determine the current action income of present node game participant, then, according to the game of a upper node
Avail data and current action income obtain the game avail data of present node such that it is able to for present node game provides rich
Quantized data is played chess, provides objective data foundation can then to the Analysis of Policy Making of safety management.Additionally, according to a upper node
Game avail data obtains the game avail data of present node such that it is able to reduce the amount of analysis of present node income determination,
Improve analysis efficiency.
Depended in terms of intelligent grid compared to game theory in the prior art and use the security model of subjective parameters, this reality
Apply betting data analysis method and device disclosed in example, it is intended to formulate player's payment by objective utility function to alleviate this
Problem, the objective utility function can describe player behavior, they act generation influence and they on
Cost.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.And, the present invention can be used and wherein include the computer of computer usable program code at one or more
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) is produced
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that every first-class during flow chart and/or block diagram can be realized by computer program instructions
The combination of flow and/or square frame in journey and/or square frame and flow chart and/or block diagram.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices
The device of the function of being specified in present one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy
In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger
Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Obviously, above-described embodiment is only intended to clearly illustrate example, and not to the restriction of implementation method.It is right
For those of ordinary skill in the art, can also make on the basis of the above description other multi-forms change or
Change.There is no need and unable to be exhaustive to all of implementation method.And the obvious change thus extended out or
Among changing still in the protection domain of the invention.
Claims (10)
1. a kind of betting data analysis method, it is characterised in that comprise the following steps:
Obtain the game avail data (U of a upper noded-1), wherein, d is the integer more than or equal to 1;
Obtain the action and identity of the game participant of present node;
The action and identity of the game participant according to present node determine the current action of present node game participant
Income (B);
According to the game avail data (U of a upper noded-1) and the current action income (B) obtain the present node
Game avail data (Ud)。
2. betting data analysis method as claimed in claim 1, it is characterised in that the game according to a upper node
Avail data (Ud-1) and the current action income (B) obtain the game avail data (U of the present noded) include:To institute
State the game avail data (U of a noded-1) and the current action income (B) summation obtain the game of the present node
Avail data (Ud)。
3. betting data analysis method as claimed in claim 1 or 2, it is characterised in that the game according to present node
The action and identity of participant determine that the current action income (B) of present node game participant includes:
The action and identity of the game participant according to present node obtain the factor of influence of present node, the influence because
Son is the parameter obtained according to sample data study;
Factor of influence according to the present node determines the current action income (B) of present node game participant.
4. betting data analysis method as claimed in claim 3, it is characterised in that present node is obtained using equation below
Factor of influence:
Impact (a)=wCC(a)+wIC(a)+wAC (a),
Wherein, a is the action of present node game participant, and Impact (a) is the factor of influence of present node, wC、wIAnd wAPoint
It is not the weight coefficient of the confidentiality relevant with current action, integrality and availability, C (a) is the default of present node action
Value.
5. the betting data analysis method as described in claim 3 or 4, it is characterised in that described according to the present node
Factor of influence determines that the current action income (B) of present node game participant includes:
When the action of present node game participant is to attack:If the identity of present node game participant is attack
Person, then income (B) of the attacker under current action is d × Impact (a), wherein, d is constant coefficient, and Impact (a) is current
The factor of influence of node;If the identity of present node game participant is defender, defender is under current action
Income (B) be-Impact (a)d;
When the action of present node game participant is for defence:If the identity of present node game participant is attack
Person, then income (B) of the attacker under current action is 0;If the identity of present node game participant is defender,
Then income (B) of the defender under current action is Impact (a).
6. a kind of betting data analytical equipment, it is characterised in that including:
First acquisition module, the game avail data (U for obtaining a upper noded-1), wherein, d is whole more than or equal to 1
Number;
Second acquisition module, the action and identity of the game participant for obtaining present node;
Action income module, action and identity for the game participant according to present node determine present node game
The current action income (B) of participant;
Current income module, for the game avail data (U according to a upper noded-1) and the current action income (B)
Obtain the game avail data (U of the present noded)。
7. betting data analytical equipment as claimed in claim 6, it is characterised in that the current income module is used for described
Game avail data (the U of a upper noded-1) and the current action income (B) summation obtain the present node game receive
Beneficial data (Ud)。
8. betting data analytical equipment as claimed in claims 6 or 7, it is characterised in that the action income module includes:
The factor obtains unit, and the action and identity for the game participant according to present node obtain the shadow of present node
The factor is rung, the factor of influence is the parameter obtained according to sample data study;
Income determining unit, for determining that present node game participant's is current dynamic according to the factor of influence of the present node
Make income (B).
9. betting data analytical equipment as claimed in claim 8, it is characterised in that the factor obtains unit using following public
Formula obtains the factor of influence of present node:
Impact (a)=wCC(a)+wIC(a)+wAC (a),
Wherein, a is the action of present node game participant, and Impact (a) is the factor of influence of present node, wC、wIAnd wAPoint
It is not the weight coefficient of the confidentiality relevant with current action, integrality and availability, C (a) is the default of present node action
Value.
10. betting data analytical equipment as claimed in claim 8 or 9, it is characterised in that the income determining unit includes:
First subelement, for when the action of present node game participant is to attack:If present node game participant
Identity be attacker, then income (B) of the attacker under current action be d × Impact (a), wherein, d for often system
Number, Impact (a) is the factor of influence of present node;If the identity of present node game participant is defender,
Income (B) of the defender under current action is-Impact (a)d;
Second subelement, for when the action of present node game participant is for defence:If present node game participant
Identity be attacker, then income (B) of the attacker under current action be 0;If present node game participant's
Identity is defender, then income (B) of the defender under current action is Impact (a).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611046138.0A CN106789906A (en) | 2016-11-22 | 2016-11-22 | Betting data analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611046138.0A CN106789906A (en) | 2016-11-22 | 2016-11-22 | Betting data analysis method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106789906A true CN106789906A (en) | 2017-05-31 |
Family
ID=58974384
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611046138.0A Pending CN106789906A (en) | 2016-11-22 | 2016-11-22 | Betting data analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789906A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070956A (en) * | 2017-06-16 | 2017-08-18 | 福建中信网安信息科技有限公司 | APT Attack Prediction methods based on dynamic bayesian game |
| CN108810030A (en) * | 2018-07-24 | 2018-11-13 | 中国计量大学 | Node property recognition methods based on distributed system |
| CN111464501A (en) * | 2020-03-09 | 2020-07-28 | 南京邮电大学 | Data service-oriented adaptive intrusion response gaming method and system thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101808020A (en) * | 2010-04-19 | 2010-08-18 | 吉林大学 | Intrusion response decision-making method based on incomplete information dynamic game |
| CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
| CN103618731A (en) * | 2013-12-05 | 2014-03-05 | 北京工业大学 | Access control method based on dynamic game |
| CN104581738A (en) * | 2015-01-30 | 2015-04-29 | 厦门大学 | Cognitive radio hostile interference resisting method based on Q learning |
| CN106100893A (en) * | 2016-07-05 | 2016-11-09 | 合肥工业大学 | Service opening and the security control appraisal procedure of cloud service environment based on dynamic game |
-
2016
- 2016-11-22 CN CN201611046138.0A patent/CN106789906A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101808020A (en) * | 2010-04-19 | 2010-08-18 | 吉林大学 | Intrusion response decision-making method based on incomplete information dynamic game |
| CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
| CN103618731A (en) * | 2013-12-05 | 2014-03-05 | 北京工业大学 | Access control method based on dynamic game |
| CN104581738A (en) * | 2015-01-30 | 2015-04-29 | 厦门大学 | Cognitive radio hostile interference resisting method based on Q learning |
| CN106100893A (en) * | 2016-07-05 | 2016-11-09 | 合肥工业大学 | Service opening and the security control appraisal procedure of cloud service environment based on dynamic game |
Non-Patent Citations (5)
| Title |
|---|
| RATTIKORN HEWETT等: ""Cyber-Security Analysis of Smart Grid SCADA Systems"", 《2014 9TH CYBER AND INFORMATION SECURITY RESEARCH CONFERENCE》 * |
| RATTIKORN HEWETT等: ""Smart Grid Security: Deriving Informed Decisions"", 《2014 IEEE INTERNATIONAL CONFERENCE ON SMART GRID COMMUNICATIONS》 * |
| YI LUO等: ""A Game Theory Based Risk and Impact Analysis"", 《2009 IEEE/ACS INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS》 * |
| YULIA CHERDANTSEVA等: ""A Review of Cyber Security Risk Assessment Methods for SCADA Systems"", 《COMPUTERS & SECURITY》 * |
| 倪明等: ""电力系统防恶意信息攻击的思考"", 《电力系统自动化》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070956A (en) * | 2017-06-16 | 2017-08-18 | 福建中信网安信息科技有限公司 | APT Attack Prediction methods based on dynamic bayesian game |
| CN107070956B (en) * | 2017-06-16 | 2019-11-08 | 福建中信网安信息科技有限公司 | APT Attack Prediction method based on dynamic bayesian game |
| CN108810030A (en) * | 2018-07-24 | 2018-11-13 | 中国计量大学 | Node property recognition methods based on distributed system |
| CN108810030B (en) * | 2018-07-24 | 2020-09-25 | 中国计量大学 | Node property identification method based on distributed system |
| CN111464501A (en) * | 2020-03-09 | 2020-07-28 | 南京邮电大学 | Data service-oriented adaptive intrusion response gaming method and system thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang et al. | Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks | |
| CN109302380B (en) | Intelligent decision-making method and system for linkage defense strategy of safety protection equipment | |
| CN108769062B (en) | Defense method for multi-stage network attack of power information physical system | |
| Hu et al. | Optimal network defense strategy selection based on incomplete information evolutionary game | |
| CN103634296B (en) | Intelligent electricity network attack detection method based on physical system and information network abnormal data merging | |
| Hewett et al. | Cyber-security analysis of smart grid SCADA systems with game models | |
| Ji et al. | Attack-defense trees based cyber security analysis for CPSs | |
| CN106789906A (en) | Betting data analysis method and device | |
| Cai et al. | Review of cyber-attacks and defense research on cyber physical power system | |
| CN110276200A (en) | A kind of determination method of power information system state transition probability | |
| CN108183897A (en) | A kind of information physical emerging system safety risk estimating method | |
| Wei et al. | Defending mechanisms for protecting power systems against intelligent attacks | |
| CN103401838A (en) | Method for preventing botnet based on botnet program propagation behaviors | |
| Fan et al. | A method for identifying critical elements of a cyber-physical system under data attack | |
| CN105391066B (en) | A kind of intelligent grid the simulative running system | |
| CN110378115B (en) | Data layer system of information security attack and defense platform | |
| Singh et al. | Mathematical model of cyber intrusion in smart grid | |
| de Sá et al. | Bio-inspired active attack for identification of networked control systems | |
| Hewett et al. | Smart Grid security: Deriving informed decisions from cyber attack game analysis | |
| CN115953044A (en) | Power grid state stability evaluation method based on federal learning and block chain technology | |
| TianYu et al. | Research on security threat assessment for power iot terminal based on knowledge graph | |
| Ge et al. | Security analysis of energy internet with robust control approaches and defense design | |
| CN105306487B (en) | Power scheduling SCADA intrusion detection method based on virtual component proactive deceiving strategy | |
| CN110311915B (en) | False data injection attack cost evaluation method and system | |
| Chen et al. | Power Grid Bad Data Injection Attack Modeling in PRESTIGE. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 102209 Beijing City, the future of science and Technology City Binhe Road, No. 18, No. Applicant after: Global energy Internet Institute, Inc. Applicant after: State Grid Corporation of China Applicant after: State Grid Hebei Electric Power Company Address before: 102211 Beijing city Changping District Xiaotangshan town big East Village Road No. 270 Applicant before: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Applicant before: State Grid Corporation of China Applicant before: State Grid Hebei Electric Power Company |
|
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant after: Global energy Internet Institute, Inc. Applicant after: State Grid Corporation of China Applicant after: State Grid Hebei Electric Power Company Address before: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant before: Global energy Internet Institute, Inc. Applicant before: State Grid Corporation of China Applicant before: State Grid Hebei Electric Power Company |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |