CN107483486A - Cyber-defence strategy choosing method based on random evolution betting model - Google Patents

Cyber-defence strategy choosing method based on random evolution betting model Download PDF

Info

Publication number
CN107483486A
CN107483486A CN201710827946.9A CN201710827946A CN107483486A CN 107483486 A CN107483486 A CN 107483486A CN 201710827946 A CN201710827946 A CN 201710827946A CN 107483486 A CN107483486 A CN 107483486A
Authority
CN
China
Prior art keywords
defense
random
attack
strategy
evolution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710827946.9A
Other languages
Chinese (zh)
Other versions
CN107483486B (en
Inventor
黄健明
张恒巍
王衡军
王晋东
王娜
寇广
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201710827946.9A priority Critical patent/CN107483486B/en
Publication of CN107483486A publication Critical patent/CN107483486A/en
Application granted granted Critical
Publication of CN107483486B publication Critical patent/CN107483486B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to technical field of network security, more particularly to a kind of cyber-defence strategy choosing method based on random evolution betting model, comprising:Based on Random Dynamical Systems, asymmetrical network attacking and defending random evolution betting model is built;And white Gaussian noise is used for reference, network-combination yarn random evolution game playing system is obtained using It ó stochastic differential equations;Numerical solution is carried out to network-combination yarn random evolution game playing system using Milstein methods, obtains the equilibrium solution that attacking and defending is developed;The equilibrium solution to develop for attacking and defending, stability analysis is carried out to the tactful selection state of attacking and defending both sides according to the stability theorem of Solution of stochastic Differential Equation, and export the network security defence policies in equilibrium solution.The present invention solves tradition and determines that betting model is applied to cyber-defence strategy and chooses the problems such as not accurate enough, the stochastic and dynamic evolutionary process between the attacking and defending policymaker of bounded rationality can more accurately be analyzed, strengthen the practicality that Prevention-Security strategy is chosen, there is great importance to network security defense technique.

Description

Network defense strategy selection method based on random evolution game model
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network defense strategy selection method based on a random evolution game model.
Background
At present, network attack means are increasingly complicated, intelligent and diversified, and the attack purpose of an attacker is also continuously driven by economic benefits. Many challenges in the field of straight-side network space security, enhancing network security defense capability, and ensuring network space security have become urgent issues to be solved urgently. The game theory is a decision theory for researching the direct interaction of behaviors among decision-making main bodies, and has the characteristics of target oppositivity, relationship non-cooperation, strategy dependency and the like which are all consistent with the basic characteristics of network attack and defense. Therefore, applying the game theory to the modeling and analysis of the network defense and attack process becomes a research hotspot in recent years. However, the existing research results have a common characteristic that all models and methods are established under a deterministic attack and defense condition. In the actual attack and defense process, the selection of an attack means, the change of the system operation environment, the interference of other external factors and the like have certain randomness, so the effectiveness and the accuracy of the model and the method can be improved by considering the random factors.
The essence of network security lies in the attack and defense confrontation, so from the perspective of the attack and defense confrontation, the research and exploration of a network security analysis method and a defense technical system have important practical significance. The game theory is a decision theory for researching the direct interaction of behaviors among decision-making main bodies, and has the characteristics of target oppositivity, relationship non-cooperation, strategy dependency and the like which are all consistent with the basic characteristics of network attack and defense. Therefore, applying the game theory to the modeling and analysis of the network defense and attack process becomes a research hotspot in recent years. Because the traditional game model is mostly established on the premise that the behavior is completely rational and is not consistent with the actual situation, the evolutionary game theory based on the incompleteness is more in line with the reality of attack and defense confrontation, but the most used replication dynamic learning mechanism does not consider various random interference factors existing in the attack and defense process at presentDue to the influence of the factor, the determined game model reduces the practical application value of the game model. The network Attack and Defense evolution Game Model ADEGM (Attack-Defense evolution Game Model) is represented as a 4-tuple, and ADEGM = (N, S, P, U), wherein N = (N, S, P, U) D ,N A ) Is the participant space of the evolving game. Wherein N is D For defense, N A Is an attacker. S = (DS, AS) is the game policy space. Wherein DS = { DS = { DS 1 ,DS 2 ,…DS n Denotes an optional set of policies for defenders, AS = { AS = } 1 ,AS 2 ,…AS m Represents an attacker's optional set of policies. P = (P, q) is a game belief set. Wherein p is i Representing an attacker to select an attack policy AS i Probability of (q) of j Presentation defender selection defense strategy DS j The probability of (c). U = (U) D ,U A ) The method is a profit function set which represents the game profits of the participants and is determined by the strategies of all the participants. The traditional game theory applied to the selection of the network security defense strategy has the following defects: (1) The assumption of completely rational precondition for the behavior in the classic game model is not in accordance with the actual situation, but in reality, the decision-making ability of the person is limited, i.e. the decision-making person actually belongs to an incompletely rational individual. Neglecting the limited rational condition of the behavior person can have great influence on the final game result, so that the final game balance result is greatly different from the reality, and the effectiveness of the model and the method is reduced. (2) The traditional evolutionary game theory is based on a copy dynamic learning mechanism, and a decision maker adjusts a self strategy through learning to maximize the self income, but does not consider the interference problem of various random factors in the game process. In the actual attack and defense process, the selection of an attack means, the change of the system operation environment, the interference of other external factors and the like have certain randomness, so that the effectiveness and the accuracy of the model and the method are reduced by neglecting the consideration of the randomness.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a network defense strategy selection method based on a random evolution game model, which solves the problems that the traditional game model is determined to be applied to the network defense strategy selection and is not accurate enough, can more accurately analyze the random dynamic evolution process between the finite attack and defense decision makers, and enhances the practicability and the guiding significance of the security defense strategy selection.
According to the design scheme provided by the invention, the network defense strategy selection method based on the random evolution game model comprises the following steps:
constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the reference of Gaussian white noise, obtaining a network attack and defense random evolutionary game system by using an It and an random differential equation;
the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolutionary game system, and a balanced solution of attack and defense evolution is obtained;
aiming at the equilibrium solution of attack and defense evolution, the stability analysis is carried out on the strategy selection states of the attack and defense parties according to the stability theorem of the random differential equation solution, and the network security defense strategy in the equilibrium solution is output.
In the foregoing, the network attack and defense random evolution game model is represented by quintuple.
Preferably, the network attack and defense random evolution model ADEGM = (N, S, P, Δ, U), where N = (N) D ,N A ) Is the participant space of the evolving game, N D Representing a defensive party, N A Representing an attacker; s = (DS, AS) is a game policy space, DS denotes an optional policy set of defenders, AS denotes an optional policy set of attackers; p = (q, P) is a game belief set, q represents a probability set that a defender selects different defense strategies, and P represents a probability set that an attacker selects different attack strategies; Δ = { δ 12 Is the set of random interference strength coefficients, δ 1 Representing the strength factor, δ, of the effect of random disturbances on the defender 2 Representing the influence intensity coefficient of random interference on an attacker and satisfying delta 1 >0,δ 2 >0;U=(U D ,U A ) Is a set of game revenue functions, U D Expressing the game income of defenders, U A Representing the game income of the attacker, and the value of the attack and defense income is selected by an attack and defense decision makerAre determined jointly.
Preferably, the optional policy set DS = { DS ] of the defender 1 ,DS 2 In which DS is 1 Indicating that defender adopted Strong defense strategy, DS 2 Representing the defender to adopt a weak defense strategy; optional policy set AS = { AS for aggressor 1 ,AS 2 Where AS 1 Representing attackers implementing a strong attack strategy, AS 2 Representing an attacker implementing a weak attack strategy.
Preferably, the acquisition of the network attack and defense random evolution game system comprises the following contents:
a1 D = { D) type space set of construction defensive parties i I is more than or equal to 1}; constructing defender-selectable policy space set DS = { DS = j J is more than or equal to 1 and less than or equal to m, wherein m is the number of strategies selectable by an attacker decision maker;
a2 Selected attack strategy for the attacker with probability q) i Selection of defense strategies DS i Wherein, in the step (A),1≤i≤m;
a3 Computing average profit for defensive partyConstructing an attack and defense random interference intensity coefficient set delta = { delta = 12 In which is δ 1 >0,δ 2 >0;
A4 The random interference of the evolution game of the defense party and the attack party is described by using a random differential equation by taking the Gaussian white noise as a reference, so as to obtain a random copy dynamic differential equation of the defense party and the attack party;
a5 And) randomly copying a dynamic differential equation of the simultaneous defense party and the attacking party to obtain the network attack and defense random evolutionary game system.
Preferably, the average profit of the defensive party is calculated in A3)Comprises the following steps: obtaining game income moment by combining network attack and defense game treeArraying; calculating the average income of the attacking party and the defending party according to the game income matrix, wherein the average income of the defending party Expected yield for the defenders.
Preferably, in A5), the network attack and defense random evolution gaming system is represented as:
wherein, C d Representing the defense cost required by the defensive party when selecting the strong defense strategy; c a Representing the attack cost required by an attacker for selecting a strong attack strategy; v a When the defending party selects the weak defending strategy, the attacking party selects the attack return which can be obtained by the strong attacking strategy; v ad When representing that the defense Fang Xuanqu is a strong defense strategy, the attacker selects the attack return which can be obtained by the strong attack strategy and meets the requirement of V a >V ad (ii) a q (t) and 1-q (t) respectively represent the functions of the number of defenders selecting different defense strategies and the proportion of the number of the defenders selecting different defense strategies with respect to time; omega (t) belongs to one-dimensional standard Brown motion and describes the influence of random interference factors on game evolution in the network attack and defense process.
Preferably, the obtaining of the equilibrium solution of the attack and defense evolution specifically includes:
b1 Performing random Taylor expansion on the randomly evolved differential equations of both a defending party and an attacking party in the network attack and defense random evolution game system according to It Lou random differential equation;
b2 And) carrying out numerical solution on a differential equation in the network attack and defense random evolution game system by adopting a Milstein method to obtain a corresponding attack and defense evolution equilibrium solution.
Further, in B1), it is expressed as dx (t) = f (t, x (t)) dt + g (t, x (t)) d ω (t), where t ∈ [ t ]) 0 ,T],x(t 0 )=x 0 ,x 0 e.R, omega (T) belongs to one-dimensional standard Brown motion and obeys normal distribution N (0,t), d omega (T) obeys normal distribution N (0, delta T), wherein T represents the continuation of time dimension, and R is a real number.
The above method for analyzing stability of policy selection states of both attacking and defending parties and verifying the evolution stability policy of the network attacking and defending random evolution game system comprises the following steps: when it is satisfied withAnd C d ≥1,And C a -V ad When the network attack and defense random evolution game system is more than or equal to 1, a unique evolution stable strategy ESS (0,0) exists in the network attack and defense random evolution game system; when it is satisfied withAnd C d -V a +V ad +1≤0,And C a -V a When +1 is less than or equal to 0, the network attack and defense random evolution game system has a unique evolution stable strategy ESS (1,1).
The invention has the beneficial effects that:
aiming at the problem that various random interference factors exist in an attack and defense game system, in order to improve the effectiveness and the accuracy of the model, various random interferences such as system operation environment change, network topology structure change, attack and defense strategy change and the like in the attack and defense game process are described by using the concept of Gaussian white noise for reference, the traditional copy dynamic evolution game method is improved, a random network attack and defense evolution game model under an asymmetric condition is constructed by using a nonlinear It-Lo random differential equation and is used for describing a real-time random dynamic evolution process of network attack and defense confrontation; carrying out numerical solution on the attack and defense random differential equation, carrying out stability analysis on strategy selection states of both the attack and defense parties according to the random differential equation stability discrimination theorem, and determining a security defense strategy of the random attack and defense evolutionary game model; finally, the influence of random interference with different strengths on the evolution rate of attack and defense decisions is verified through simulation, and certain technical guidance can be provided for network attack behavior prediction and security defense strategy selection. Compared with the prior art, the method can more accurately analyze the random dynamic evolution process among the attack and defense decision makers with limited rationality, and the safety defense strategy selection has stronger practicability and guiding significance.
Description of the drawings:
FIG. 1 is a prior art basic network attack and defense game tree;
FIG. 2 is a schematic flow diagram of the process of the present invention;
FIG. 3 is a schematic diagram of a network attack and defense game tree in an embodiment;
FIG. 4 is a schematic diagram of an acquisition process of the network attack and defense random evolution game system in the embodiment;
FIG. 5 is a schematic diagram of an equalization solution acquisition process of attack and defense evolution in an embodiment;
FIG. 6 is a diagram of the evolution trend of the null solution stabilization strategy of the defender in the simulation example;
FIG. 7 is a diagram of the evolution trend of the zero solution stabilization strategy of an aggressor in a simulation example;
FIG. 8 is a diagram of evolution trend of a zero solution unstable strategy of a defender in a simulation example;
FIG. 9 is a diagram of evolution trend of a zero solution unstable strategy of an aggressor in a simulation example.
The specific implementation mode is as follows:
in order to make the objects, technical solutions and advantages of the present invention clearer and more obvious, the present invention is further described in detail below with reference to the accompanying drawings and technical solutions. The technical terms involved in the examples are as follows:
evolutionary Game Theory (Evolutionary Game Theory): the biological evolution theory originated from Darwin inherits the theoretical explanation of biology on species evolution, starts from individual limited rational condition, takes group behaviors as research objects, and explains the evolution game process of biological behaviors in the explanation of the development process and evolution selection of biological species. Through long-term trial and error, simulation and improvement, all game parties tend to a certain stable strategy which is possibly stabilized in group organizations for a long time, and the stable strategy balance is very similar to the evolutionary stable strategy of biological evolution so as to achieve a relatively harmonious game balance state. Dynamic of replication (Replicator Dynamic): in a group consisting of limited rational game parties, game players gradually adopt more game parties than a strategy with a good average level by continuously trial and error, learning and improving own strategies, so that the proportion of the game parties adopting various strategies in the group can be changed. Nash Equilibrium (Nash Equilibrium): in game G = { S = } 1 ,…,S n ;u 1 ,…,u n In the game, a certain strategy combination composed of one strategy of each game partyStrategy of any gambling party iIf the condition is satisfied:for arbitrary s ij ∈S i Are all true, then callIs a nash balance for game G. Limited rational (bound ratio): the behavior person finds the optimal strategy through game analysis in the game process, and the behavior person does not deviate from the optimal choice due to forgetting, errors, randomness and the like. In the traditional game theory, it is generally premised that the behavior is completely rational, that is, the judgment and selection ability of the behavior is limited, and the behavior can 'make a crime' in the decision processError ". Evolution Stable Strategy (ESS): the method is a strategy which cannot be invaded by the mutant under a definite definition, and is a balanced strategy with real stability and stronger prediction capability in the evolutionary game. The method is a robust balance concept which has stronger anti-interference capability and can still be recovered after interference in a biological evolution theory, and is the most core balance concept in the evolutionary game analysis.
An existing network Attack and Defense evolution Game Model ADEGM (attach-Defense evolution Game Model) can be represented as a 4-tuple, ADEGM = (N, S, P, U), where N = (N, S, P, U) D ,N A ) Is a participant space of an evolutionary game, where N D For defense, N A Is an attacker. S = (DS, AS) is the game policy space, DS = { DS 1 ,DS 2 ,…DS n Denotes a set of optional policies for defenders, AS = { AS = } 1 ,AS 2 ,…AS m Represents an attacker's optional set of policies. P = (P, q) is a set of game beliefs, P i Representing an attacker to select an attack policy AS i Probability of (a), q j Presentation defense selection defense strategy DS j The probability of (c). U = (U) D ,U A ) The game profit is a profit function set which represents game profits of the participants and is determined by strategies of all the participants. In the network attack and defense countermeasures, the decision makers of an attacker A and a defender D have a plurality of strategies to select, and the selectable strategy sets of the decision makers of the attacker A and the defender D are respectively assumed to be { AS 1 ,AS 2 …AS m }、{DS 1 ,DS 2 …DS n And (m, N belongs to N, and m, N is more than or equal to 2), the probability of the strategy adopted by an attack and defense decision maker is different at different stages of the game process, and the probability is continuously changed under the action of a learning mechanism along with the time, so that the attack and defense strategy selection forms a dynamic change process. The resulting attack and defense game tree is shown in fig. 1. p is a radical of i Representing a selective attack strategy AS i Probability of (a), q j Presentation selection defense strategy DS j The probability of (c). When different strategies are adopted for attack and defense countermeasures, corresponding attack and defense profit values can be generated. Wherein a is ij And b ij Respectively representing attackers and defenders to adopt AS i 、DS j The respective benefits. For a defender, the strategy selection has n possibilities, and a decision maker has different probabilities q i For each defense strategy DS i Selection is performed, but the conditions are met for the entire policy set: q. q.s 1 +q 2 +…+q n And =1. Similarly, the attacker can select m strategies according to the attack policy, and the decision maker has different probabilities p i Strategy AS for each attack i And selecting, wherein the whole strategy set meets the following requirements: p is a radical of 1 +p 2 +…+p m =1。
Based on the above conditions, expected benefits of different defense strategies of the defenders are calculatedAnd average profit
As the defending income lower person can learn to imitate the strategy selected by the high income person, aiming at the optional strategy { DS in the defending strategy set 1 ,DS 2 …DS n Selecting different strategies, the proportion of people will change along with the time, and adopting q i (t) represents wherein q i (t) denotes a selection defense strategy DS i The proportion of the number of people, and satisfies:DS for a particular defense policy i The proportion of the number of people selecting the strategy is a function of time, and the dynamic change rate can be expressed by a copy dynamic equation:
similarly, the optional strategy { AS) in strategy set aiming at the attack party 1 ,AS 2 …AS m Selecting the people number proportion of different strategies to dynamically change along with time, and respectively using p i (t) wherein p is i (t) satisfies:optional attack strategy AS for an attacker i The corresponding replication dynamical equation can be obtained:
simultaneous replication of the above two dynamic equations, toThrough solving, the network attack and defense evolution game equilibrium state point can be obtained, and the analysis and prediction of the security defense strategy selection can be realized. However, the evolutionary game theory is based on a duplicate dynamic learning mechanism, and a decision maker adjusts a self strategy through learning to maximize the self income, but does not consider the interference problem of various random factors in the game process. In the actual process of attack and defense, the selection of an attack means, the change of the system operation environment, the interference of other external factors and the like all have certain randomness, so that the effectiveness and the accuracy of the model and the method can be reduced by neglecting the consideration of the randomness. In view of this, an embodiment of the present invention provides a method for selecting a network defense strategy based on a random evolutionary game model, which is shown in fig. 2 and includes:
101. constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the white Gaussian noise as a reference, an It Lo random differential equation is adopted to obtain a network attack and defense random evolution game system;
102. the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolution game system, and equilibrium solution of attack and defense evolution is obtained;
103. aiming at the equilibrium solution of attack and defense evolution, the stability analysis is carried out on the strategy selection states of both the attack and defense parties according to the stability theorem of the random differential equation solution, and the network security defense strategy in the equilibrium solution is output.
The problem that the traditional determined game model is not accurate enough in network defense strategy selection is solved. In order to improve the effectiveness and the accuracy of the model, the invention describes various random interferences such as system operation environment change, network topology structure change, attack and defense strategy change and the like in the attack and defense game process by using the concept of Gaussian white noise. The method is used for describing a real-time random dynamic evolution process of network attack and defense confrontation by constructing a random network attack and defense evolution game model under an asymmetric condition. And (3) carrying out numerical solution on It and the random differential equation of the attacking and defending parties, and carrying out stability analysis on strategy selection states of the attacking and defending parties according to the random differential equation stability judgment theorem. The model and the method can more accurately describe the network attack and defense strategy selection dynamic change process.
Based on a random power system, the characteristics of network attack and defense are combined, and an asymmetric network attack and defense random evolution game model under the limited rational condition is constructed on the basis of an evolution game theory. In another embodiment of the invention, the network attack and defense random evolution game model is represented by quintuple. Further, the network attack and defense random evolution model ADEGM = (N, S, P, Δ, U), where N = (N) D ,N A ) Is the participant space of the evolving game, N D Representing the defensive party, N A Representing an attacker; s = (DS, AS) is a game policy space, DS represents an optional policy set for defenders, AS represents an optional policy set for attackers; p = (q, P) is a game belief set, q represents a probability set that a defender selects different defense strategies, and P represents a probability set that an attacker selects different attack strategies; Δ = { δ 12 Is the set of random interference strength coefficients, δ 1 Coefficient of influence, delta, representing random disturbance on a defender 2 Representing the influence intensity coefficient of random interference on an attacker and satisfying delta 1 >0,δ 2 >0;U=(U D ,U A ) Is a set of game revenue functions, U D Indicating player's game benefits, U A Representing the game income of the attacker, and determining the value of the attack and defense income by the attack and defenseThe strategies selected by the strategies are jointly determined.
Aiming at the network attack and defense countermeasure process, for convenient analysis, the defense strategies are divided into a strong defense strategy and a weak defense strategy according to the defense strength degree, and an optional strategy set DS = { DS of a defense party is constructed 1 ,DS 2 In which DS is 1 Indicating the defender to adopt a Strong defense strategy, DS 2 Indicating that the defender is adopting a weak defense strategy. Similarly, aiming at an attacker, the attack strategies are divided into a strong attack strategy and a weak attack strategy, and an optional strategy set AS = { AS } of the attacker is constructed 1 ,AS 2 In which AS 1 Representing attackers implementing a strong attack strategy, AS 2 Indicating that the attacker implements a weak attack strategy. In another embodiment of the present invention, as shown in fig. 4, the acquisition of the network attack and defense random evolutionary gaming system includes the following contents:
201 D = { D) type space set of construction defensive parties i I is more than or equal to 1}; constructing defender-selectable policy space set DS = { DS = j J is more than or equal to 1 and less than or equal to m, wherein m is the number of strategies selectable by an attacker decision maker;
202 ) for the attack, selecting an attack strategy for the attacker with a probability q i Selection of defense strategies DS i Wherein, in the step (A),1≤i≤m;
203 Computing average profit for defensive partyConstructing an attack and defense random interference intensity coefficient set delta = { delta = 12 In which is δ 1 >0,δ 2 >0;
204 The random interference of the evolution game of the defense party and the attack party is described by using a random differential equation by taking the Gaussian white noise as a reference, so as to obtain a random copy dynamic differential equation of the defense party and the attack party;
205 And) randomly copying a dynamic differential equation of the simultaneous defense party and the attacking party to obtain the network attack and defense random evolution game system.
In the network attack and defense confrontation process, the probabilities adopted by an attack and defense decision maker are different in different stages of the game process, and the probabilities are continuously changed under the action of a learning mechanism along with the time, so that the attack and defense strategy selection forms a dynamic change process. The corresponding network attack and defense game tree is shown in figure 3, wherein p represents that an attacker selects an attack strategy AS 1 1-p denotes the chosen attack strategy AS 2 And satisfies p ∈ [0,1]](ii) a q represents defensive person selection defense strategy DS 1 Probability of (1-q) denotes the choice of defense strategy DS 2 And satisfies q ∈ [0,1]]。d ij Representing a pair of attack and defense strategies (AS) i ,DS j ) The resulting defense profit value, a ij Representing a pair of attack and defense strategies (AS) i ,DS j ) The resulting attack profit values and the profit matrix for the game are shown in table 1.
TABLE 1 network attack and defense game income matrix
Wherein, V n Representing fixed benefits which can be brought by information assets owned by the defenders;
C d representing the defense cost required by the defensive party when selecting the strong defense strategy;
C a representing the attack cost required by an attacker for selecting a strong attack strategy;
V a when the defending party selects the weak defending strategy, the attacking party selects the attack return which can be obtained by the strong attacking strategy;
V ad when representing that the defense Fang Xuanqu is a strong defense strategy, the attacker selects the attack return which can be obtained by the strong attack strategy and meets the requirement of V a >V ad
In the game process, the cost of the weak attack and defense strategy is assumed to be 0 relative to the strong attack and defense strategy.
Based on this, expected benefits of the defensive parties are calculated respectivelyAnd average profit
In the process of attack and defense, different defense decision makers learn each other and adjust own strategies along with repeated game playing, so that the own strategies are optimal. Thus, the number of defenders selecting different defense strategies is in dynamic variation, and the proportion of the number of people selecting different defense strategies is a function of time and is respectively represented as q (t) and 1-q (t). Against a strong Defense Strategy (DS) 1 ) The following replication dynamic equation can be used to describe the dynamic evolution process:
as 1-q (t) is from [0,1], the evolution result selected by the defense strategy can be deduced not to be influenced, and therefore, the formula can be converted into the following form:
by analysis, the defense decision maker selects the strategy DS 1 Rate of change of the ratio of (A) with timeDifference amplitude between expected income of selected strong defense strategy and expected income of selected weak defense strategyIn positive correlation.
In order to describe the actual network attack and defense game process more accurately, the concept of Gaussian white noise is used for reference, random differential equations are adopted to describe various random interferences of a defense strategy, an information system environment, a network structure change and the like of a defense party in a game system, and then random copy dynamic differential equations of the defense party can be obtained
Similarly, aiming at the attacker, the expected gains of different attack strategies of the attacker can be obtainedAnd average profit
And further obtaining an evolutionary game replication dynamic equation of the attacker:
the same can be obtained, the random replication dynamic differential equation of the aggressor:
the random replication dynamic differential equation of the attacking and defending party is an It Lo random differential equation commonly used in the random analysis theory, and respectively represents the dynamic evolution process of the attacking and defending party, wherein omega (t) belongs to one-dimensional standard Brown motion, namely an irregular random fluctuation phenomenon, and can well describe how the game evolution is influenced by random interference factors in the network attacking and defending process. Given time t, ω (t) follows a normal distribution N (0,t); d ω (t) represents random interference when t&gt, 0 and step length h&0, the increment delta omega (t) = omega (t + h) -omega (t) obeys normal distributionδ i Represents the random interference strength of both the attack and defense, and satisfies delta i &gt, 0. Therefore, the evolution of p (t) and q (t) also becomes a random process, so that the random replication dynamic differential equations of both the attack and defense parties form a random attack and defense evolution system.
In the attack and defense game evolution process, a plurality of disturbance factors influencing the stability of the system exist, both external factors and internal factors exist, and each factor does not play a decisive role in the stability of the system.
Anddetermining the values of p (t) and q (t) in the interval [0,1]The practical meaning of the two is satisfied.
Andif and only if 1-q (t) =q (t) and 1-p (t) = p (t) satisfy the maximum value, i.e. the disturbance is maximum. When the proportion of the number of people selected by the two defense strategies is the same, the stability of the system is most easily disturbed, and conversely, if the proportion of the number of people is larger, the disturbance is smaller.
The network attack and defense random evolution game system can be obtained by combining the random replication dynamic differential equations of the attack and defense parties:
since the above-mentioned established random attack and defense evolution differential equation system is composed of non-linear It's random differential equation, it is not possible to directly solve the analytic solution of the equation, for this reason, in another embodiment of the present invention, referring to fig. 5, obtaining the equilibrium solution of attack and defense evolution specifically includes:
301 Performing random Taylor expansion on the randomly evolved differential equations of both a defending party and an attacking party in the network attack and defense random evolution game system according to It Lou random differential equation;
302 And) carrying out numerical solution on a differential equation in the network attack and defense random evolution game system by adopting a Milstein method to obtain a corresponding attack and defense evolution equilibrium solution.
And (3) combining a random Taylor expansion formula and an It Lolo random formula to expand and solve the random copy dynamic differential equations of the attack and defense parties.
For ItLo random differential equation: dx (t) = f (t, x (t)) dt + g (t, x (t)) d ω (t), where t ∈ [ t ] - [ t ] 0 ,T],x(t 0 )=x 0 ,x 0 e.R, the standard Brown motion in one dimension of ω (t) follows a normal distribution N (0,t), while d ω (t) follows a normal distribution N (0, Δ t). Let h = (T-T) 0 )/N,t n =t 0 + nh, performing It Lou random differential equation to perform random Taylor expansion to obtain
x(t n+1 )=x(t n )+K 0 f(x(t n ))dt+K 1 g(x(t n ))+K 11 M 1 g(x(t n ))+K 00 M 0 f(x(t n ))+R
Wherein R represents the remainder of the expansion, an
K 0 =h;K 1 =Δω n
On the basis, it Lo random differential equation can be expressed as
Therefore, random Taylor expansion is carried out on the random evolution differential equation of the defense party, and the random Taylor expansion can be obtained
Namely, it is
Similarly, aiming at the randomly evolved differential equation of the attack party, random Taylor expansion is carried out on the randomly evolved differential equation to obtain
Wherein R is 1 And R 2 Respectively, the remainders of the attack and defense differential expansion. The random taylor expansion is the basis of numerical solution of the random differential equation, and in the solution process, the model is generally numerically solved by adopting an Euler method and a Milstein method, and the solution processes of the Euler method and the Milstein method are both to intercept partial terms on the basis of the taylor expansionThus obtaining the compound. Aiming at the network attack and defense random evolution game model established by the invention, the Milstein method is adopted to carry out numerical solution on the attack and defense random differential equation, and the expression of the Milstein method is as follows:
according to the formula, numerical solution can be carried out on the network attack and defense random evolution differential equations (10) and (15) to obtain corresponding attack and defense evolution equilibrium solutions.
Aiming at equilibrium solution existing in a game system, stability analysis is carried out on strategy selection states of an attack party and a defense party according to a random differential equation stability discrimination theorem.
Given a random differential equation:
dx(t)=f(t,x(t))dt+g(t,x(t))dω(t),x(t 0 )=x 0
let x (t) = x (t, x) 0 ) Belonging to the solution of the above differential equation, for the sake of analysis, it is assumed that x (t), f (t, x (t)), g (t, x (t)) are scalar quantities. Let the presence function V (t, x) and the normal number c 1 ,c 2 Satisfy the requirement of
c 1 |x| p ≤V(t,x)≤c 2 |x| p ,t≥0.
(1) If a normal number γ is present, it satisfies:
LV(t,x)≤-γV(t,x),t≥0.
the zeroth-solution p-order moment of differential equation (21) is expected to be exponentially stable and true
E|x(t,x 0 )| p <(c 2 /c 1 )|x 0 | p e -γt ,t≥0.
(2) If the normal number gamma exists, the following conditions are satisfied:
LV(t,x)≥γV(t,x),t≥0.
the zero-solution p-order moment expectation index of differential equation (21) is unstable and holds
E|x(t,x 0 )| p ≥(c 2 /c 1 )|x 0 | p e -γt ,t≥0.
According to the content, the stability criterion of the random attack and defense evolution system can be obtained through analysis.
For the random evolution differential equation of the defender, let V (t, q (t)) = q (t), q (t) ∈ [0,1]],c 1 =c 2 1, p =1, γ =1, LV (t, q (t)) = f (t, q (t)), so that:
(1) When in useAnd C d When the value is more than or equal to 1, the zero solution expectation moment index of the random differential equation (10) is stable;
(2) When in useAnd C d -V a +V ad When +1 is equal to or less than 0, the zero solution expectation moment index of the random differential equation (10) is unstable.
The randomly evolving differential equation for the defender, known as c 1 =c 2 =1,p=1,γ=1,V(t,q(t))=q(t),q(t)∈[0,1],LV(t,q(t))=f(t,q(t))=q(t)[(V a -V ad )p(t)-C d ]To make the randomly evolving differential equation of the defending party satisfy the zero solution expectation moment index stability, it needs to satisfy
LV(t,q(t))≤-γV(t,q(t))
Namely, it is
q(t)[(V a -V ad )p(t)-C d ]≤-q(t)
Further can obtain
q(t)[(V a -V ad )p(t)-(C d -1)]≤0
As known from q (t) epsilon [0,1],
(V a -V ad )p(t)-(C d -1)≤0
and because of V a >V ad Is obtained by
And satisfy
Namely, it is
And C is d Not less than 1.
(2) To make the randomly evolving differential equation of the defending party satisfy the instability of the zero solution expectation moment index, it needs to satisfy
LV(t,q(t))≥γV(t,q(t))
Namely, it is
q(t)[(V a -V ad )p(t)-C d ]≥q(t)
Further can obtain
q(t)[(V a -V ad )p(t)-(C d +1)]≥0
From q (t) epsilon [0,1]
(V a -V ad )p(t)-(C d +1)≥0
According to V a >V ad Can obtain
And satisfy
Namely, it is
And C d -V a +V ad +1 is less than or equal to 0.
From the above, it can be seen that: when the condition is satisfiedAnd C is d When the attack and defense game is repeatedly carried out, the network defender finally selects a weak defense strategy to reach an evolution stable state(ii) a On the contrary, when the condition is satisfiedAnd C d -V a +V ad When the +1 is less than or equal to 0, the network defender tends to select a strong defense strategy along with the attack and defense game, and the weak defense strategy selector continuously adjusts the strategy and selects the strong defense strategy, so that the self income is maximized.
Let V (t, p (t)) = p (t), p (t) ∈ [0,1) for the randomly evolving differential equation of the aggressor],c 1 =c 2 1, p =1, γ =1, LV (t, p (t)) = f (t, p (t)), and then:
(1) When in useAnd C a -V ad When the value is more than or equal to 1, the zero solution expectation moment index of the random differential equation (15) is stable;
(2) When in useAnd C a -V a When +1 is less than or equal to 0, the zero solution expectation moment index of the random differential equation (15) is unstable.
Thus, it can be seen that: when the condition is satisfiedAnd C a -V ad When the attack and defense game is repeatedly carried out, a network attacker finally selects a weak attack strategy, and the game system reaches an evolution stable state; when the condition is satisfiedAnd C a -V a When +1 is less than or equal to 0, the attacker is profitable, at the moment, the attacker is more inclined to attack the strategy strongly, and the benefit is maximized by continuously learning the adjustment strategy.
Combining the above contents of the randomly evolved differential equations of both the attack and defense aspects, it can be known that when the conditions are satisfiedAnd C d ≥1,And C a -V ad When the network attack and defense game system is more than or equal to 1, a unique evolution stable strategy ESS (0,0) exists in the network attack and defense game system, namely, an attack party implements a weak attack strategy, and a defense party selects the weak defense strategy; when the condition is satisfiedAnd C d -V a +V ad +1≤0,And C a -V a When +1 is less than or equal to 0, the game system has a unique evolution stable strategy ESS (1,1), namely an attacker implements a strong attack strategy, and a defense Fang Xuanqu strong defense strategy, which is consistent with the continuous evolution and upgrade of actual network attack and defense countermeasures.
The basic idea of obtaining the security defense strategy is to perform evolution equilibrium solution on the game model on the basis of establishing an attack and defense random evolution game model, and select the security defense strategy on the basis of the solved evolution stable equilibrium solution. For a defender, the embodiment provides a security defense strategy selection algorithm based on a random evolutionary game theory, which is specifically shown as algorithm 1:
algorithm 1: security defense strategy selection algorithm based on random evolution game model
Input is network attack and defense game tree
Output security defense strategy
BEGIN
1.Initialize;
2. Constructing a type space set D = { D) of defenders i ,i≥1};
3. Constructing defender-selectable policy space set DS = { DS = j ,1≤j≤m};
4. Selecting an attack strategy for an attacker with a probability q i (i is more than or equal to 1 and less than or equal to m) reasonable defense strategy DS is selected i Wherein
5. Attack and defense strategy pair selected for attack and defense parties { AS i ,DS j Get its defense profit value b ij
6. Calculating expected revenue for each defense strategyWherein n represents the number of strategies of an attacker;
7. calculating average revenue for defenders
8. Constructing an attack and defense random interference intensity coefficient set delta = { delta = 12 In which is delta 1 >0,δ 2 >0;
9. Establishing a defense random copy dynamic evolution equation
10. The random evolution differential equation of the defending party is subjected to random Taylor expansion,
11. adopting a Milstein method to carry out numerical solution on an attack and defense random differential equation;
12. outputting a security defense strategy in the equilibrium solution;
END
the time complexity of the algorithm is mainly focused on solving a random differential equation, and the time complexity is O ((m + n) 2 ) (ii) a The space consumption of the algorithm is mainly focused on the storage of the income value and the intermediate result of the equilibrium solution, and the space complexity is O (nm).
For verificationThe effectiveness of the invention is further analyzed by specific simulation experiments as follows: aiming at the random attack and defense evolution game model and the solving and analyzing process, matlab 2014 is adopted for numerical simulation. Suppose that two optional strategies exist for both the attack and defense parties, AS = { strong attack strategy, weak attack strategy }, and DS = { strong defense strategy, weak defense strategy }. In the simulation process, a simulation step length h =0.01 is taken, and the strategy evolution process of the attacking and defending parties under different conditions is simulated. Assume that the policy chooses an initial state of q (0) =0.5, p (0) =0.5. Given the profit of the attack and defense game, the attack and defense random disturbance intensity coefficient delta is changed i Observe the intensity of random disturbance delta i Influence on game evolution of the attack and defense parties.
(1) In the process of attack and defense game, the attack cost is assumed to be C a =10, defense cost C d =10, defensive side asset return V n =20, attack return when defender selects weak defense strategy is V a =10, attack return when defending Fang Xuanqu strong defense strategy is V ad =5. At this time, the process of the present invention,aiming at the random evolution process of a defensive party, the zero-solution moment exponential stability condition of a random differential equation (10) is satisfiedAnd C d The network defense is more than or equal to 1, the network defense tends to select a weak defense strategy, and the defense is finally stabilized in an evolution state of q (t) =0 along with the game, namely all defense selects the weak defense strategy.
Aiming at the strategy evolution of a defense party, a Milstein method is adopted for numerical simulation, and the value delta of the random disturbance intensity coefficient is taken 1 =0.5,δ 1 =2,δ 1 And =5, for analyzing evolution laws of defense strategies under different random interferences. Fig. 6 is a zero solution stability strategy evolution trend diagram of the defense, wherein the abscissa N represents the sampling times, and the ordinate q (t) represents the proportion of the selected strong defense strategy.
As can be seen from FIG. 6, the defensive party strengthens the defense strategyThe slight selection presents certain fluctuation in the evolution process, which indicates that the random interference existing in the system has certain influence on the evolution of the defense strategy. Furthermore, with the interference intensity δ 1 The fewer number of simulations (delta) required to reach steady state evolution of defense strategies is reduced 1 When the value is =0.5, the defense strategy reaches a stable state after being simulated for 16 times; and delta 1 If =5, the steady state is reached 31 times by simulation), which shows that the smaller the interference intensity of the random factor is, the more the defender tends to choose the weak defense strategy.
Similarly, aiming at the random evolution process of the attacker,and C a -V ad =5, zero solution moment exponential settling condition of random differential equation (15) is satisfiedAnd C a -V ad The network attackers tend to choose to implement the weak attack strategy, and as the game progresses, the attackers will be stabilized in the evolution state of p (t) =0 finally, that is, all the attackers choose to implement the weak attack strategy.
Taking a value delta to the random disturbance intensity coefficient aiming at the strategy evolution of an attacker 2 =0.5,δ 2 =2,δ 2 And =5, configured to analyze an evolution law of the attack strategy under different random interferences. Fig. 7 is a zero solution stability strategy evolution trend of an aggressor, wherein an abscissa N represents sampling times, and an ordinate p (t) represents a proportion of selecting and implementing a strong attack strategy.
As can be seen from FIG. 7, with the interference intensity δ 2 The fewer times the aggressive attack strategy evolves to steady state (δ) 2 When the value is =0.5, the attack strategy reaches a stable state after being simulated for 16 times; and delta 2 If =5, the steady state is reached 29 times by simulation), which shows that the smaller the interference intensity of the random factor is, the more the attacker tends to choose to implement the weak attack strategy.
(2) In the process of attack and defense game, the attack cost is assumed to be C a =4, defense cost C d =5, defenseThe asset profit of the party is V n =20, attack return when defender chooses weak defense strategy is V a =15, attack return when defending Fang Xuanqu strong defense strategy is V ad And (2). At this time, the process of the present invention,and C d -V a +V ad +1= -7. Aiming at the random evolution process of a defense party, the condition of zero solution moment index instability of a random differential equation (10) is metAnd C d -V a +V ad And +1 is less than or equal to 0, the network defender tends to select a strong defense strategy, and the defender is stabilized in an evolution state of q (t) =1 finally along with the game, namely all the defenders select the strong defense strategy.
Based on the conditions, the Milstein method is adopted to carry out numerical simulation on the evolution of the strong defense strategy Fang Xuanqu in defense, and the value delta of the random disturbance intensity coefficient is taken 1 =0.5,δ 1 =2,δ 1 And =5, the method is used for analyzing the evolution law of the defense strategy under different random interference intensities. The evolution trend of the zero-solution unstable strategy of the defender is shown in figure 8.
As can be seen from fig. 8, the strong defense strategy selected by the defense party exhibits a certain volatility in the evolution process, which indicates that the random interference existing in the system has a certain influence on the evolution of the defense strategy. Furthermore, with the interference intensity δ 1 The more simulations the defensive strategy evolves to reach steady state (delta) the less 1 When the value is =0.5, the defense strategy reaches a stable state after being simulated for 39 times; and delta 1 If =5, the steady state is reached after 27 times of simulation), which shows that the smaller the interference intensity of the random factors is, the more the defender tends to choose a weak defending strategy.
In the same way, the method for preparing the composite material,and C a -V a +1= -10, random differential equation(s) is satisfied for the random evolution process of the aggressor15 Zero moment exponent instability condition of)And C a -V a +1&0, network attackers tend to choose and implement strong attack strategies, and as the game progresses, the attackers are finally stabilized in an evolution state that p (t) =1, namely all the attackers choose to implement strong network attacks.
Taking a value delta to the random disturbance intensity coefficient aiming at the strategy evolution of an attacker 2 =0.5,δ 2 =2,δ 2 And =5, configured to analyze an evolution law of the attack strategy under different random interferences. The evolution trend of the zero-solution unstable strategy of the attacker is shown in fig. 9.
From FIG. 9, it can be seen that the interference intensity is delta 2 The more times (delta) the aggressive attack strategy evolves to reach steady state 2 When the value is =0.5, the attack strategy reaches a stable state after being simulated for 37 times; and delta 2 If =5, the steady state is reached after 24 times of simulation), which shows that the smaller the interference intensity of the random factor is, the more the attacker tends to choose to implement the weak attack strategy.
In conclusion, different random interference strengths have different influences on the evolution rate of the attack and defense game system, and the greater the interference strength is, the defender is more inclined to select a strong defense strategy, and the attacker is more inclined to select a strong attack strategy, and the experimental result is consistent with the system pursuit stability in the random control theory. When random interference exists, the system prevents disturbance from damaging the stability of the system by strengthening attack and defense strength. Aiming at the problem of various random interference factors in an attack and defense game system, the invention describes various random interferences such as system operation environment change, network topology structure change, attack and defense strategy change and the like in the process of the attack and defense game by using the concept of Gaussian white noise for improving the effectiveness and the accuracy of the model, improves the traditional copy dynamic evolution game method, and utilizes a nonlinear It-Lo random differential equation to construct a random network attack and defense evolution game model under an asymmetric condition for describing the real-time random dynamic evolution process of network attack and defense confrontation. And (3) carrying out numerical solution on the attack and defense random differential equation, carrying out stability analysis on strategy selection states of the attack and defense parties according to a random differential equation stability discrimination theorem, and designing a safety defense strategy selection algorithm based on a random attack and defense evolution game model. The influence of random interference with different strengths on the evolution rate of attack and defense decisions is verified through simulation, and certain guidance can be provided for network attack behavior prediction and security defense strategy selection. Compared with the prior art, the method can more accurately analyze the random dynamic evolution process among the attack and defense decision makers with limited rationality, and the safety defense strategy selection has stronger practicability and guiding significance.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The elements of the various examples and method steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and the components and steps of the examples have been described in a functional generic sense in the foregoing description for clarity of hardware and software interchangeability. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Those skilled in the art will appreciate that all or part of the steps of the above methods can be implemented by a program instructing relevant hardware, and the program can be stored in a computer readable storage medium, such as: read-only memory, magnetic or optical disk, and the like. Alternatively, all or part of the steps of the foregoing embodiments may also be implemented by using one or more integrated circuits, and accordingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present invention is not limited to any specific form of combination of hardware and software.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A network defense strategy selection method based on a random evolutionary game model is characterized by comprising the following steps:
constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the reference of Gaussian white noise, obtaining a network attack and defense random evolutionary game system by using an It and an random differential equation;
the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolution game system, and equilibrium solution of attack and defense evolution is obtained;
aiming at the equilibrium solution of attack and defense evolution, the stability analysis is carried out on the strategy selection states of both the attack and defense parties according to the stability theorem of the random differential equation solution, and the network security defense strategy in the equilibrium solution is output.
2. The method for selecting the network defense strategy based on the random evolution game model as claimed in claim 1, wherein the network attack and defense random evolution game model is expressed by quintuple.
3. The method for choosing network defense strategy based on random evolution game model as claimed in claim 2, wherein the network attack and defense random evolution model ADEGM = (N, S, P, Δ, U), wherein N = (N) D ,N A ) Is the participant space of the evolving game, N D Representing a defensive party, N A Representing an attacker; s = (DS, AS) is a game policy space, DS denotes an optional policy set of defenders, AS denotes an optional policy set of attackers; p = (q, P) is a game belief set, q represents a probability set that a defender selects different defense strategies, and P represents a probability set that an attacker selects different attack strategies; Δ = { δ 12 Is the set of random interference strength coefficients, δ 1 Representing the strength factor, δ, of the effect of random disturbances on the defender 2 Representing the influence intensity coefficient of random interference on an attacker and satisfying delta 1 >0,δ 2 >0;U=(U D ,U A ) Is a set of game revenue functions, U D Expressing the game income of defenders, U A And the game income of the attackers is represented, and the value of the attack and defense income is jointly determined by the strategy selected by the attack and defense decision maker.
4. The method for choosing network defense strategies based on random evolution game model as claimed in claim 3, wherein the optional strategy set DS = { DS of defensive party 1 ,DS 2 In which DS is 1 Indicating that defender adopted Strong defense strategy, DS 2 Representing the defender to adopt a weak defense strategy; optional policy set AS = { AS for aggressor 1 ,AS 2 Where AS 1 Representing attackers implementing a strong attack strategy, AS 2 Representing an attacker implementing a weak attack strategy.
5. The method for selecting the network defense strategy based on the random evolutionary game model according to claim 4, wherein the obtaining of the network defense random evolutionary game system comprises the following contents:
a1 A (c), (c) constructing type space set D = { D) of defenders i I is more than or equal to 1}; constructing defender-selectable policy space set DS = { DS j J is more than or equal to 1 and less than or equal to m, wherein m is the number of strategies selectable by an attacker decision maker;
a2 Selected attack strategy for the attacker with probability q) i Selecting a defense strategy DS i Wherein, in the step (A),
a3 Computing average profit for defensive partyConstructing an attack and defense random interference intensity coefficient set delta = { delta = 12 In which is delta 1 >0,δ 2 >0;
A4 The Gaussian white noise is used for reference, random interference of evolutionary game of an attack party and a defense party is described by adopting a random differential equation, and a randomly copied dynamic differential equation of the defense party and the attack party is obtained;
a5 And) randomly copying a dynamic differential equation of the simultaneous defense party and the attacking party to obtain the network attack and defense random evolution game system.
6. The method for choosing network defense strategy based on random evolution game model as claimed in claim 5, wherein the average profit of the defenders is calculated in A3)Comprises the following steps: acquiring a game income matrix by combining a network attack and defense game tree; calculating the average income of the attacking party and the defending party according to the game income matrix, wherein the average income of the defending party Is the expected revenue for the defender.
7. The method for selecting the network defense strategy based on the random evolution game model according to claim 5, wherein in A5), the network attack and defense random evolution game system is represented as:
wherein, C d Representing the defense cost required by the defensive party when selecting the strong defense strategy; c a Representing the attack cost required by an attacker for selecting a strong attack strategy; v a When the defending party selects the weak defending strategy, the attacking party selects the attack return which can be obtained by the strong attacking strategy; v ad When representing that the defense Fang Xuanqu is a strong defense strategy, the attacker selects the attack return which can be obtained by the strong attack strategy and meets the requirement of V a >V ad (ii) a q (t) and 1-q (t) respectively represent the functions of the number of defenders selecting different defense strategies and the proportion of the number of the defenders selecting different defense strategies with respect to time; omega (t) belongs to one-dimensional standard Brown motion and describes the influence of random interference factors on game evolution in the network attack and defense process.
8. The method for selecting the network defense strategy based on the random evolution game model according to claim 1, wherein the step of obtaining a balanced solution of attack and defense evolution specifically comprises the following steps:
b1 Performing random Taylor expansion on the random evolution differential equation of both a defense party and an aggressor in the network attack and defense random evolution game system according to It and the random differential equation;
b2 And) carrying out numerical solution on a differential equation in the network attack and defense random evolution game system by adopting a Milstein method to obtain a corresponding attack and defense evolution equilibrium solution.
9. The method for choosing network defense strategy based on random evolutionary game model in claim 8, wherein in B1), it is expressed as dx (t) = f (t, x (t)) dt + g (t, x (t)) d ω (t), where t e [ t ], (r) ] 0 ,T],x(t 0 )=x 0 ,x 0 e.R, ω (T) belongs to a one-dimensional standard Brown motion, obeying a normal distribution N (0,t), d ω (T) obeys a normal distribution N (0, Δ T), where T represents the continuation of the time dimensionAnd R is a real number.
10. The method for selecting the network defense strategy based on the random evolutionary game model as claimed in claim 7, wherein the strategy selection states of both the attacking and defending parties are subjected to stability analysis to verify the evolutionary stable strategy of the network attacking and defending random evolutionary game system, comprising: when it satisfiesAnd C d ≥1,And C a -V ad When the network attack and defense random evolution game system is more than or equal to 1, a unique evolution stable strategy ESS (0,0) exists in the network attack and defense random evolution game system; when it is satisfied withAnd C d -V a +V ad +1≤0,And C a -V a When +1 is less than or equal to 0, the network attack and defense random evolution game system has a unique evolution stable strategy ESS (1,1).
CN201710827946.9A 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model Active CN107483486B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710827946.9A CN107483486B (en) 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710827946.9A CN107483486B (en) 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model

Publications (2)

Publication Number Publication Date
CN107483486A true CN107483486A (en) 2017-12-15
CN107483486B CN107483486B (en) 2020-04-03

Family

ID=60584445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710827946.9A Active CN107483486B (en) 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model

Country Status (1)

Country Link
CN (1) CN107483486B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108182536A (en) * 2017-12-28 2018-06-19 东北大学 A kind of power distribution network CPS safety defense methods based on bounded rationality
CN108322478A (en) * 2018-03-05 2018-07-24 西安邮电大学 A kind of website defence policies choosing method based on attacking and defending game
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack
CN108541071A (en) * 2018-04-10 2018-09-14 清华大学 Wireless communication system multi-user resource distribution system based on the double-deck game
CN108696534A (en) * 2018-06-26 2018-10-23 中国人民解放军战略支援部队信息工程大学 Real-time network security threat early warning analysis method and its device
CN108833401A (en) * 2018-06-11 2018-11-16 中国人民解放军战略支援部队信息工程大学 Network active defensive strategy choosing method and device based on Bayes's evolutionary Game
CN108898010A (en) * 2018-06-25 2018-11-27 北京计算机技术及应用研究所 A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending
CN110166437A (en) * 2019-04-19 2019-08-23 杭州电子科技大学 The method that mobile target defence optimal policy based on DS evidential reasoning is chosen
CN110602047A (en) * 2019-08-14 2019-12-20 中国人民解放军战略支援部队信息工程大学 Multi-step attack dynamic defense decision selection method and system for network attack and defense
CN111064702A (en) * 2019-11-16 2020-04-24 中国人民解放军战略支援部队信息工程大学 Active defense strategy selection method and device based on bidirectional signal game
CN111224966A (en) * 2019-12-31 2020-06-02 中国人民解放军战略支援部队信息工程大学 Optimal defense strategy selection method based on evolutionary network game
CN111245857A (en) * 2020-01-17 2020-06-05 安徽师范大学 Channel network steady state evolution game method in block link environment
CN111769903A (en) * 2020-06-09 2020-10-13 国家数字交换系统工程技术研究中心 Network security defense method applied to network security defense system and related device
CN112422552A (en) * 2020-11-17 2021-02-26 南京邮电大学 Attack and defense evolution method under DoS attack of uplink channel in micro-grid secondary control
CN113132398A (en) * 2021-04-23 2021-07-16 中国石油大学(华东) Array honeypot system defense strategy prediction method based on Q learning
CN115296830A (en) * 2022-05-27 2022-11-04 南京邮电大学 Network collaborative attack modeling and harm quantitative analysis method based on game theory

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
CN106550373A (en) * 2016-09-30 2017-03-29 天津大学 Wireless sensor network data fusion degree of accuracy model based on evolutionary Game
CN106936855A (en) * 2017-05-12 2017-07-07 中国人民解放军信息工程大学 Network security defence decision-making based on attacking and defending differential game determines method and its device
CN106953879A (en) * 2017-05-12 2017-07-14 中国人民解放军信息工程大学 The cyber-defence strategy choosing method of best response dynamics Evolutionary Game Model
CN107135224A (en) * 2017-05-12 2017-09-05 中国人民解放军信息工程大学 Cyber-defence strategy choosing method and its device based on Markov evolutionary Games

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
CN103152345B (en) * 2013-03-07 2015-09-16 南京理工大学常熟研究院有限公司 A kind of optimum attacking and defending decision-making technique of network security of attacking and defending game
CN106550373A (en) * 2016-09-30 2017-03-29 天津大学 Wireless sensor network data fusion degree of accuracy model based on evolutionary Game
CN106936855A (en) * 2017-05-12 2017-07-07 中国人民解放军信息工程大学 Network security defence decision-making based on attacking and defending differential game determines method and its device
CN106953879A (en) * 2017-05-12 2017-07-14 中国人民解放军信息工程大学 The cyber-defence strategy choosing method of best response dynamics Evolutionary Game Model
CN107135224A (en) * 2017-05-12 2017-09-05 中国人民解放军信息工程大学 Cyber-defence strategy choosing method and its device based on Markov evolutionary Games

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
付钰等: ""基于随机博弈模型的网络攻防策略选取"", 《北京邮电大学学报》 *
姜伟等: ""基于攻防随机博弈模型的防御策略选取研究"", 《计算机研究与发展》 *
张恒巍等: ""基于攻防信号博弈模型的防御策略选取方法"", 《通信学报》 *
朱建明等: ""基于系统动力学的网络安全攻防演化博弈模型"", 《通信学报》 *
陈永强等: ""基于非零和攻防博弈模型的主动防御策略选取方法"", 《计算机应用》 *
黄健明等: ""基于攻防演化博弈模型的防御策略选取方法"", 《通信学报》 *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108182536B (en) * 2017-12-28 2021-11-16 东北大学 CPS security defense method for power distribution network based on finiteness
CN108182536A (en) * 2017-12-28 2018-06-19 东北大学 A kind of power distribution network CPS safety defense methods based on bounded rationality
CN108322478B (en) * 2018-03-05 2020-09-04 西安邮电大学 Attack and defense game-based website defense strategy selection method
CN108322478A (en) * 2018-03-05 2018-07-24 西安邮电大学 A kind of website defence policies choosing method based on attacking and defending game
CN108541071A (en) * 2018-04-10 2018-09-14 清华大学 Wireless communication system multi-user resource distribution system based on the double-deck game
CN108541071B (en) * 2018-04-10 2019-03-01 清华大学 Wireless communication system multi-user resource distribution system based on the double-deck game
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack
CN108833401A (en) * 2018-06-11 2018-11-16 中国人民解放军战略支援部队信息工程大学 Network active defensive strategy choosing method and device based on Bayes's evolutionary Game
CN108898010A (en) * 2018-06-25 2018-11-27 北京计算机技术及应用研究所 A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending
CN108696534A (en) * 2018-06-26 2018-10-23 中国人民解放军战略支援部队信息工程大学 Real-time network security threat early warning analysis method and its device
CN108696534B (en) * 2018-06-26 2021-01-08 中国人民解放军战略支援部队信息工程大学 Real-time network security threat early warning analysis method and device
CN110166437A (en) * 2019-04-19 2019-08-23 杭州电子科技大学 The method that mobile target defence optimal policy based on DS evidential reasoning is chosen
CN110602047B (en) * 2019-08-14 2021-08-03 中国人民解放军战略支援部队信息工程大学 Multi-step attack dynamic defense decision selection method and system for network attack and defense
CN110602047A (en) * 2019-08-14 2019-12-20 中国人民解放军战略支援部队信息工程大学 Multi-step attack dynamic defense decision selection method and system for network attack and defense
CN111064702A (en) * 2019-11-16 2020-04-24 中国人民解放军战略支援部队信息工程大学 Active defense strategy selection method and device based on bidirectional signal game
CN111064702B (en) * 2019-11-16 2021-09-24 中国人民解放军战略支援部队信息工程大学 Active defense strategy selection method and device based on bidirectional signal game
CN111224966A (en) * 2019-12-31 2020-06-02 中国人民解放军战略支援部队信息工程大学 Optimal defense strategy selection method based on evolutionary network game
CN111224966B (en) * 2019-12-31 2021-11-02 中国人民解放军战略支援部队信息工程大学 Optimal defense strategy selection method based on evolutionary network game
CN111245857B (en) * 2020-01-17 2021-11-26 安徽师范大学 Channel network steady state evolution game method in block link environment
CN111245857A (en) * 2020-01-17 2020-06-05 安徽师范大学 Channel network steady state evolution game method in block link environment
CN111769903A (en) * 2020-06-09 2020-10-13 国家数字交换系统工程技术研究中心 Network security defense method applied to network security defense system and related device
CN112422552A (en) * 2020-11-17 2021-02-26 南京邮电大学 Attack and defense evolution method under DoS attack of uplink channel in micro-grid secondary control
CN113132398A (en) * 2021-04-23 2021-07-16 中国石油大学(华东) Array honeypot system defense strategy prediction method based on Q learning
CN113132398B (en) * 2021-04-23 2022-05-31 中国石油大学(华东) Array honeypot system defense strategy prediction method based on Q learning
CN115296830A (en) * 2022-05-27 2022-11-04 南京邮电大学 Network collaborative attack modeling and harm quantitative analysis method based on game theory
CN115296830B (en) * 2022-05-27 2024-02-13 南京邮电大学 Network collaborative attack modeling and hazard quantitative analysis method based on game theory

Also Published As

Publication number Publication date
CN107483486B (en) 2020-04-03

Similar Documents

Publication Publication Date Title
CN107483486B (en) Network defense strategy selection method based on random evolution game model
CN107566387B (en) Network defense action decision method based on attack and defense evolution game analysis
CN107135224B (en) Network defense strategy selection method and device based on Markov evolution game
CN110166428B (en) Intelligent defense decision-making method and device based on reinforcement learning and attack and defense game
CN108833401A (en) Network active defensive strategy choosing method and device based on Bayes&#39;s evolutionary Game
Subramanian et al. Designing safe, profitable automated stock trading agents using evolutionary algorithms
Bowling Multiagent learning in the presence of agents with limitations
WO2007050622A2 (en) Weighted pattern learning for neural networks
Lucas et al. When is model complexity too much? Illustrating the benefits of simple models with Hughes' salvo equations
CN113360917A (en) Deep reinforcement learning model security reinforcement method and device based on differential privacy
CN115481441A (en) Difference privacy protection method and device for federal learning
Das et al. Dynamic goals-based wealth management using reinforcement learning
CN116090549A (en) Knowledge-driven multi-agent reinforcement learning decision-making method, system and storage medium
Petty et al. Modeling cyberattacks with extended petri nets: Research program overview and status report
CN117077806A (en) Differential privacy federation learning method based on random election verification block chain
Marius et al. Combining scripted behavior with game tree search for stronger, more robust game AI
Vejandla et al. Evolving gaming strategies for attacker-defender in a simulated network environment
CN112801299B (en) Method, system and application for constructing game model of evolution of reward and punishment mechanism
Dahl The lagging anchor algorithm: Reinforcement learning in two-player zero-sum games with imperfect information
CN115174173A (en) Global security game decision method of industrial information physical system in cloud environment
CN117441168A (en) Method and apparatus for resistance attack in deep reinforcement learning
CN112115509A (en) Data generation method and device
Duong The design of computer simulation experiments of complex adaptive social systems for risk based analysis of intervention strategies
Liu et al. On emergent complex behaviour, self-organised criticality and phase transitions in multi-agent systems: autonomy oriented computing (AOC) perspectives
van der Zouwen The validation of sociocybernetic models

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant