CN108898010A - A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending - Google Patents
A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending Download PDFInfo
- Publication number
- CN108898010A CN108898010A CN201810661360.4A CN201810661360A CN108898010A CN 108898010 A CN108898010 A CN 108898010A CN 201810661360 A CN201810661360 A CN 201810661360A CN 108898010 A CN108898010 A CN 108898010A
- Authority
- CN
- China
- Prior art keywords
- defending
- attacking
- state
- defence
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of methods for establishing the attacking and defending Stochastic Game Model towards malicious code defending, including:Markov attacking and defending Stochastic Game Model is established, defence income and attack income are calculated, selection defence policies and the optimal defence policies of solution based on ADSG-M betting model.The method of the attacking and defending Stochastic Game Model of a kind of foundation of the invention towards malicious code defending, according to malware detection background.The thought of game theory is applied in malware defence by a kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending of the present invention, provides a kind of new method to solve the problems research such as network security attacking and defending contradiction and its optimal defence decision.
Description
Technical field
The invention belongs to technical field of network security, proposes a kind of attacking and defending of the foundation towards malicious code defending and win at random
The method for playing chess model.
Background technique
(1) Malware
Malware definition:With one or more hazardous acts, most by the combination or superposition of these hazardous acts
Reach destruction system eventually, steal system user information, monitor the software of the purpose of user action, such as computer virus, worm, wood
Horse, spyware, rogue software etc..
Malware behavior analysis method common at present has Static Analysis Method and dynamic analysing method.
(2) attacking and defending game
Under network-combination yarn environment, the function or service quality that attacker is desirable with Malware destruction goal systems is come
Obtain maximum gain;Defender wishes to keep while system availability for system to be reduced to by risk of attacks minimum.Attacking and defending pair
Anti- substantive characteristics is target antagonism, relationship Non-synergic, the tactful interdependence of attacking and defending both sides, and these features are exactly game
The essential characteristic of opinion.
Summary of the invention
The purpose of the present invention is to provide it is a kind of establish the attacking and defending Stochastic Game Model towards malicious code defending method,
For solving above-mentioned problem of the prior art.
A kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending of the present invention, wherein including:It establishes
Markov attacking and defending Stochastic Game Model, including:1ADSG-M betting model is defined, specially:ADSG-M={ N, S, Ad,Aa,P,
Rd,Ra, U }, ADSG-M betting model each element meaning is defined as follows:N={ attacker, defender } is attacking and defending game participant collection
It closes;S={ St| t ∈ [0, T] } it is attacking and defending Stochastic Game state set in ping-pong process, wherein state StIndicate the net of t moment
Network and information system state;It is defence set of actions, defender is in t moment StUnder state
Defence set of actions is denoted as It is attack set, attacker is in t moment StState
Under attack set be denoted asIt is attacking and defending Stochastic Game state transition probability letter
Number, as the movement of attacking and defending both sides selects, the state of system constantly changes, according to state St, attackDefence movement
And transition probability P, the state S after being shiftedt+1;It is the revenue function collection of defender
It closes, RdIt is set of real numbers, value is the financial value of defender;It is the revenue function collection of attacker
It closes, RaIt is set of real numbers, value is the financial value of attacker;U is objective criteria function, for judging the good of attacking and defending both sides' strategy
Bad, the target of attacking and defending both sides is all to maximize respective objective function;State transition probability seek include:If network and
Information system has n safe condition, indicates that the state transfer between each safe condition is general with a state-transition matrix P
Rate:
Wherein matrix element pijIndicate that attacking and defending game playing system is transferred to the probability of state j from state i;Meter
Defence income and attack income are calculated, including:Defend income RdIncluding system from infringement, defence at
Sheet and intrusion scene;Attack income RaFor:Wherein, α is that defence is efficient,It indicates to be directed to and attack
It hitsTake defence policies TjValidity;When preventing completely attack,When preventing attack invalid,In the case of other,CB is defence cost, is the cost for implementing defence policies;It is system by infringement cost, indicates attackCaused by system loss,It is that defender is dynamic using defence
MakeDefence cost,It is intrusion scene, indicates attacker's offensive attackRequired cost;It is based on
The selection defence policies of ADSG-M betting model, including:(1) defence policies are defined:T={ TA,TDBe attacking and defending both sides action plan
Slightly gather;|TA|=m indicates the attack strategies set of attacker,It indicates in shape
State SKWhen attacker use attack strategies, whereinAttack strategiesIt indicates in state SK
Lower attacker chooses attackProbability, it is right Attacker
Available attack is chosen in the form of probability, when attacker does not take attack, attack strategies are denoted as φ;|TD|=
N indicates the defence policies set of defender,It indicates in state SKWhen defender
The defence policies set of use, whereinDefence policiesIt indicates in state SKLower defender
Choose defence movementProbability, it is right Defender is with probability
Form choose available defence movement, when defender does not take defence to act, defence policies are denoted as φ;It is rich for ADSG-M
Play chess model { N, S, Ad,Aa,P,Rd,Ra, U }, when system is in state SkWhen, the strategy of attacking and defending both sides is respectively
It is a Nash Equilibrium, and if only ifIt is the optimal response strategy of attacking and defending both sides, that is, meets:For arbitrary
WithHave:It is one zero and attacking and defending Stochastic Game Model ADSG-M=given
{N,S,Ad,Aa,P,Rd,Ra, U }, if game state set S, attacking and defending behavior aggregate Ad, AaIt is finite aggregate, then certainly exists one
Stablize Nash Equilibrium;Optimal defence policies are solved, including:For given ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra,
U }, it is rightOptimal defence policies χ*It is that the functional value U that makes to set the goal reaches maximum solution, i.e., following discrete type Dynamic Programmings
Optimal value:
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, N=2 regards the merging of multiple Malwares as single attacker, attacks if having multiple Malwares while being attacked
Behavior is considered as distributed collaboration attack.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, objective criteria function U is defined using discount expectation criterion function, discount expectation criterion function U (S, Γ)=R (S,
Γ)+β∑s’P (S, Γ, S ') U (S '), wherein Γ is defence policies, R={ Rd,Ra, objective criteria function is that current attacking and defending is double
The financial value R (S, Γ) of side and the following discount financial value β ∑s’The sum of P (S, Γ, S ') U (S '), β is discount rate, will not by β
Carry out financial value to be folded in current state.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, using network and the safe condition of information system as attacking and defending Stochastic Game state set, safe condition transformation is by attacking and defending movement pairCause, attacking and defending Stochastic Game status and appearance is that registry entry modification/increase/deletion, file modification/increases/deletes
It removes, process opens or closes and service opens or closes.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, it includes closing certain service, closing certain access authority, malicious code is removed and shift malice that the defence that defender implements, which acts,
Software is to close net.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, attack set includes:The attack that malicious code is implemented, including:Modification, increase, the deletion of registry entry, file
Modification, creation and deletion, the network port are intercepted and captured, process malice opens or closes, API calls malice is called, keyboard section
It obtains, Mouse hook and service malice open or close.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, Decision Making Effect is shifted in the dynamic attacks face that state transition probability is set by defender, while also byAndThe probability of happening influence, whereinIt indicates in state
SiLower attacker issues attackProbability;Indicate attackSuccess attack is simultaneously transferred to state
SjProbability;It indicates in state SiLower defender issues defence movementProbability;Indicate defence movementSo that state is transferred to SjProbability.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, Ra+Rd=0, zero and attacking and defending Stochastic Game.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending,
In, it solves in optimal defence policies, under equilibrium state, attacker and defender defer to the Markov that discount rate is β and determine
Plan process, when the strategy of attacker has been fixed, the decision of defender is the maximum value strategy in markov decision process, i.e., dynamic
The optimal solution χ of state planning equation*, it is solved using iterative method, it is pre- as decision by the optimum defense strategy of each state
Case.
The present invention proposes a kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending, by attacking and defending game
Model is introduced into malicious code protection new scene, for given objective of defense network and information system, passes through the software in cloud
Behavioural analysis and the threat of local, which perceive, determines attack set, analyzes network and information system, attack, really
Determine defence policies.The present invention will construct the attacking and defending Stochastic Game mould towards malicious code defending according to malware detection background
Type, and study the optimal defence policies On The Choice based on this model.The thought of game theory is applied to Malware by the present invention
In defence, a kind of new method is provided to solve the problems research such as network security attacking and defending contradiction and its optimal defence decision.
Detailed description of the invention
Nothing
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, below with reference to embodiment, to specific reality of the invention
The mode of applying is described in further detail.
A kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending of the present invention, including:
1, Markov attacking and defending Stochastic Game Model is established, including:
1ADSG-M betting model is defined, specially:ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, each element meaning is such as
Under:
N={ attacker, defender } is attacking and defending game participant set.The present embodiment only considers the case where N=2, that is, attacks
The side of hitting and defender regard the merging of these softwares as single attacker, attack if having multiple Malwares while being attacked
Behavior is considered as distributed collaboration attack;
S={ St| t ∈ [0, T0] } it is attacking and defending Stochastic Game state set in ping-pong process, wherein state StWhen indicating t
The network and information system state at quarter;
It is defence set of actions, defender is in t moment StDefence movement under state
Set is denoted asSuch asHaveAnd
It is attack set, attacker is in t moment StAttack under state
Set is denoted asSuch asHaveAnd
P:S×Ad×Aa× S → [0,1] is attacking and defending Stochastic Game state transition probability function, with the movement of attacking and defending both sides
Selection, the state of system constantly changes, according to state St, attackDefence movementTransition probability P, available turn
State S after shiftingt+1;
It is the revenue function set of defender, RdIt is set of real numbers, value is defender
Financial value;
It is the revenue function set of attacker, RaIt is set of real numbers, value is attacker
Financial value;
U is objective criteria function, for judging the quality of attacking and defending both sides' strategy.The target of attacking and defending both sides be all make it is respective
Objective function maximizes.The present embodiment it is expected criterion function using discount to be defined, and discount it is expected criterion function U (S, Γ)
=R (S, Γ)+β ∑s’P (S, Γ, S ') U (S '), wherein Γ is defence policies, R={ Rd,Ra, objective criteria function is current
The financial value R (S, Γ) of attacking and defending both sides and the following discount financial value β ∑s’The sum of P (S, Γ, S ') U (S '), β is discount rate, currently
The pursuit-evasion strategy that state is taken will also result in influence to future, but when because of financial value and attack step between have much relations, therefore pass through β
Future profits value is folded in current state.
Wherein, the present embodiment is using network and the safe condition of information system as attacking and defending Stochastic Game state set.Network and
The safe condition of information system expresses the levels such as hardware bottom layer, operating system, software, network and data essential attribute, exposure
The resource etc. for being used to attack.Safe condition transformation is by attacking and defending movement pairCause, attacking and defending Stochastic Game state
Can show as registry entry modification/increase/deletion, file modification/increase/deletion, process opens or closes, service is opened or
Close etc..
The defence movement that defender implements such as closes certain service, closes certain access authority, malicious code removing, shifts and dislike
Anticipate software to honey net etc..
Attack set includes:The attack that malicious code is implemented, such as the modification, increase, deletion of registry entry, text
Part modification, is deleted at creation, and the network port is intercepted and captured, and process malice opens or closes, and API calls malice is called, and keyboard is cut
It obtains, the hook behavior such as Mouse hook, service malice opens or closes.
State transition probability seek include:It is that there is randomness caused by being acted as attacking and defending since game state shifts,
A possibility that state transfer is described with probability size.If network and information system have n safe condition, a shape can be used
State transfer matrix P indicates the state transition probability between each safe condition:
Wherein matrix element pijIndicate that attacking and defending game playing system is transferred to the probability of state j from state i.
On the whole, Decision Making Effect is shifted in the dynamic attacks face that state transition probability is mainly set by defender, simultaneously also
ByIt is influenced etc. a variety of probabilities of happening, whereinIt indicates
In state SiLower attacker issues attackProbability;Indicate attackSuccess attack simultaneously makes state
It is transferred to SjProbability;It indicates in state SiLower defender issues defence movementProbability;Indicate anti-
Imperial movementSo that state is transferred to SjProbability.
It calculates defence income and attack income includes:
Defend income (Rd), indicate defender take income obtained after defence policies, including system from infringement,
Defend cost, intrusion scene.
Attack income Ra, indicate that attacker's offensive attack acts obtained income.
Wherein α is that defence is efficient,It indicates for attackTake defence policies TjValidity.When complete
When full prevention attack,When preventing attack invalid, In the case of other,
CB is defence cost, is the cost for implementing defence policies.
It is system by infringement cost, indicates attackCaused by system loss,It is that defender adopts
It is acted with defenceDefence cost,It is intrusion scene, indicates attacker's offensive attackRequired cost.
Here, Ra+Rd=0, i.e., zero and attacking and defending Stochastic Game.In view of attacking and defending both sides' income is complementary, i.e. attacker
Income is defender's loss, so the present embodiment selection zero and attacking and defending game.
2, based on the selection defence policies of ADSG-M betting model
(1) defence policies are defined
T={ TA,TDBe attacking and defending both sides action strategy set.
|TA|=m indicates the attack strategies set of attacker, It indicates in shape
State SKWhen attacker use attack strategies, whereinAttack strategiesIt indicates in state SK
Lower attacker chooses attackProbability, it is rightAttacker
Available attack is chosen in the form of probability.When attacker does not take attack, attack strategies are denoted as φ.
|TD|=n indicates the defence policies set of defender, It indicates
State SKWhen defender use defence policies set, whereinDefence policiesIt indicates
State SKLower defender chooses defence movementProbability, it is right
Defender chooses available defence movement in the form of probability.When defender does not take defence to act, defence policies are denoted as φ.
For ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, when system is in state SkWhen, the plan of attacking and defending both sides
Slightly it is respectively
It is a Nash Equilibrium, and if only ifIt is the optimal response strategy of attacking and defending both sides, that is, meets:For arbitraryHave
Give one zero and attacking and defending Stochastic Game Model ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, if game state
Collect S, attacking and defending behavior aggregate Ad, AaIt is finite aggregate, then certainly exists a stable Nash Equilibrium.
(2) optimal defence policies are solved
Dynamic Programming is to solve a kind of mathematical method of optimization problem in multistage decision process.Multistage decision problem is
Finger requires to make decisions in each stage, so that it is best to achieve the effect that whole process, multistage decision process and time
Related, the selection of each stage decision does not arbitrarily determine, it depends on current state, and causes turning for state immediately
It moves, sequence of decisions generates in the dynamic change of state, therefore the method for processing multistage decision problem is called Dynamic Programming.
By above-mentioned Dynamic Programming concept it is found that ADSG-M model optimal policy On The Choice proposed by the present invention is an allusion quotation
The method solved with Dynamic Programming optimal value is acquired optimal defence plan by the discrete type dynamic programming problems of type, the present invention
Slightly.
Solving optimal defence policies includes:For given ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, it is rightOptimal defence policies χ*That the functional value U that makes to set the goal reaches maximum solution, i.e., following discrete type Dynamic Programmings it is optimal
Value.
χi(Td)≥0
Under equilibrium state, attacker and defender defer to the markov decision process that discount rate is β, so when attacking
The strategy for the person of hitting has been fixed, and the decision of defender is the maximum value strategy in markov decision process, i.e., above-mentioned Dynamic Programming
The optimal solution χ of equation*.Iterative method can be used to solve above formula.By the optimum defense strategy of each state, i.e. defence is dynamic
Make, such as<Certain port is closed, certain IP jump>, output is as decision prediction scheme.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations
Also it should be regarded as protection scope of the present invention.
Claims (9)
1. a kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending, including:
Markov attacking and defending Stochastic Game Model is established, including:
1ADSG-M betting model is defined, specially:ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, each member of ADSG-M betting model
Plain meaning is defined as follows:
N={ attacker, defender } is attacking and defending game participant set;
S={ St| t ∈ [0, T0] } it is attacking and defending Stochastic Game state set in ping-pong process, wherein state StIndicate t moment
Network and information system state;
It is defence set of actions, defender is in t moment StDefence set of actions under state
It is denoted as
It is attack set, attacker is in t moment StAttack set note under state
For
P:S×Ad×Aa× S → [0,1] is attacking and defending Stochastic Game state transition probability function, as the movement of attacking and defending both sides is selected
It selects, the state of system constantly changes, according to state St, attackDefence movementAnd transition probability P, it is shifted
State S afterwardst+1;
It is the revenue function set of defender, RdIt is set of real numbers, value is the receipts of defender
Benefit value;
It is the revenue function set of attacker, RaIt is set of real numbers, value is the receipts of attacker
Benefit value;
U is objective criteria function, for judging that the quality of attacking and defending both sides' strategy, the target of attacking and defending both sides are all to make respective target
Function maximization;
State transition probability seek include:If network and information system have n safe condition, with a state-transition matrix
P indicates the state transition probability between each safe condition:
Wherein matrix element pijIndicate that attacking and defending game playing system is transferred to the probability of state j from state i;
Defence income and attack income are calculated, including:Defend income RdIncluding system from infringement, defence cost and attack
Cost;
Attack income RaFor:
Wherein, α is that defence is efficient,It indicates for attackTake defence policies TjValidity;When complete resistance
When only attacking,When preventing attack invalid, In the case of other,CB
It is defence cost, is the cost for implementing defence policies;It is system by infringement cost, indicates attackCaused by be
System loss,It is that defender is acted using defenceDefence cost,It is intrusion scene, indicates attacker's hair
Dynamic attackRequired cost;
Selection defence policies based on ADSG-M betting model, including:
(1) defence policies are defined:
T={ TA,TDBe attacking and defending both sides action strategy set;
|TA|=m indicates the attack strategies set of attacker, It indicates in state Sk
When the attack strategies that use of attacker, wherein k=1,2 ..., K,Attack strategiesIt indicates in state SkUnder attack
The person of hitting chooses attackProbability, it is rightAttacker is with general
The form of rate chooses available attack, and when attacker does not take attack, attack strategies are denoted as φ;
|TD|=n indicates the defence policies set of defender, It indicates in state
SkWhen the defence policies set that uses of defender, wherein k=1,2 ..., K,Defence policiesIt indicates in state
SkLower defender chooses defence movementProbability, it is rightDefence
Person chooses available defence movement in the form of probability, and when defender does not take defence to act, defence policies are denoted as φ;
For ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, when system is in state SkWhen, the strategy point of attacking and defending both sides
It is not
It is a Nash Equilibrium, and if only ifIt is the optimal response strategy of attacking and defending both sides, that is, meets:For arbitrary
WithHave:
Give one zero and attacking and defending Stochastic Game Model ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, if game state set S,
Attacking and defending behavior aggregate Ad, AaIt is finite aggregate, then certainly exists a stable Nash Equilibrium;
Optimal defence policies are solved, including:
For given ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, it is rightOptimal defence policies χ*It is to make to determine
Target function value U reaches maximum solution, i.e., the optimal value of following discrete type Dynamic Programmings:
χi(Td)≥0;
2. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
In N=2 regards the merging of multiple Malwares as single attacker, attack if having multiple Malwares while being attacked
Behavior is considered as distributed collaboration attack.
3. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
In, objective criteria function U is defined using discount expectation criterion function, discount expectation criterion function U (S, Γ)=R (S,
Γ)+β∑S’P (S, Γ, S ') U (S '), wherein Γ is defence policies, R={ Rd,Ra, objective criteria function is that current attacking and defending is double
The financial value R (S, Γ) of side and the following discount financial value β ∑S’The sum of P (S, Γ, S ') U (S '), β is discount rate, will not by β
Carry out financial value to be folded in current state.
4. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
In using network and the safe condition of information system as attacking and defending Stochastic Game state set, safe condition transformation is by attacking and defending movement pairCause, attacking and defending Stochastic Game status and appearance is that registry entry modification/increase/deletion, file modification/increases/deletes
It removes, process opens or closes and service opens or closes.
5. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
In it includes closing certain service, closing certain access authority, malicious code is removed and shift malice that the defence that defender implements, which acts,
Software is to close net.
6. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
In attack set includes:The attack that malicious code is implemented, including:Modification, increase, the deletion of registry entry, file
Modification, creation and deletion, the network port are intercepted and captured, process malice opens or closes, API calls malice is called, keyboard section
It obtains, Mouse hook and service malice open or close.
7. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
Shift Decision Making Effect in the dynamic attacks face that, state transition probability is set by defender, at the same also byAndThe probability of happening influence, whereinIt indicates in state Si
Lower attacker issues attackProbability;Indicate attackSuccess attack simultaneously makes state be transferred to Sj
Probability;It indicates in state SiLower defender issues defence movementProbability;Indicate defence movementSo that state is transferred to SjProbability.
8. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
In Ra+Rd=0, zero and attacking and defending Stochastic Game.
9. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist
In solving in optimal defence policies, under equilibrium state, attacker and defender defer to the Markov that discount rate is β and determine
Plan process, when the strategy of attacker has been fixed, the decision of defender is the maximum value strategy in markov decision process, i.e., dynamic
The optimal solution χ of state planning equation*, it is solved using iterative method, it is pre- as decision by the optimum defense strategy of each state
Case.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810661360.4A CN108898010A (en) | 2018-06-25 | 2018-06-25 | A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810661360.4A CN108898010A (en) | 2018-06-25 | 2018-06-25 | A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108898010A true CN108898010A (en) | 2018-11-27 |
Family
ID=64346213
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810661360.4A Pending CN108898010A (en) | 2018-06-25 | 2018-06-25 | A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108898010A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714364A (en) * | 2019-02-20 | 2019-05-03 | 湖南大学 | A kind of network security defence method based on Bayes's improved model |
CN110300106A (en) * | 2019-06-24 | 2019-10-01 | 中国人民解放军战略支援部队信息工程大学 | Mobile target based on Markov time game defends decision choosing method, apparatus and system |
CN110784487A (en) * | 2019-11-07 | 2020-02-11 | 广东技术师范大学 | SDN node defense method based on data packet sampling inspection model |
CN110830462A (en) * | 2019-10-30 | 2020-02-21 | 南京理工大学 | Security analysis method for mimicry defense architecture |
CN112261016A (en) * | 2020-10-12 | 2021-01-22 | 国网甘肃省电力公司电力科学研究院 | Power grid protection method in attack scene |
CN112365099A (en) * | 2020-12-08 | 2021-02-12 | 南京大学 | Web server cluster expansion method based on non-deterministic separation |
CN112822682A (en) * | 2020-12-31 | 2021-05-18 | 广州大学 | WSN attack and defense game method based on non-cooperative game |
CN112969180A (en) * | 2021-03-31 | 2021-06-15 | 山东大学 | Wireless sensor network attack defense method and system under fuzzy environment |
CN114580009A (en) * | 2022-01-13 | 2022-06-03 | 吉林省元依科技有限公司 | Block chain data management method, system and storage medium based on federal learning |
CN115296850A (en) * | 2022-07-08 | 2022-11-04 | 中电信数智科技有限公司 | Network attack and defense exercise distributed learning method based on artificial intelligence |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413003A (en) * | 2010-09-20 | 2012-04-11 | 中国科学院计算技术研究所 | Method and system for detecting network security |
CN102821007A (en) * | 2012-08-06 | 2012-12-12 | 河南科技大学 | Network security situation awareness system based on self-discipline computing and processing method thereof |
CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
CN103401838A (en) * | 2013-07-02 | 2013-11-20 | 中北大学 | Method for preventing botnet based on botnet program propagation behaviors |
US20140274246A1 (en) * | 2013-03-15 | 2014-09-18 | University Of Southern California | Localized shortest-paths estimation of influence propagation for multiple influencers |
CN107135224A (en) * | 2017-05-12 | 2017-09-05 | 中国人民解放军信息工程大学 | Cyber-defence strategy choosing method and its device based on Markov evolutionary Games |
CN107483486A (en) * | 2017-09-14 | 2017-12-15 | 中国人民解放军信息工程大学 | Cyber-defence strategy choosing method based on random evolution betting model |
CN107623697A (en) * | 2017-10-11 | 2018-01-23 | 北京邮电大学 | A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model |
-
2018
- 2018-06-25 CN CN201810661360.4A patent/CN108898010A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413003A (en) * | 2010-09-20 | 2012-04-11 | 中国科学院计算技术研究所 | Method and system for detecting network security |
CN102821007A (en) * | 2012-08-06 | 2012-12-12 | 河南科技大学 | Network security situation awareness system based on self-discipline computing and processing method thereof |
CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
US20140274246A1 (en) * | 2013-03-15 | 2014-09-18 | University Of Southern California | Localized shortest-paths estimation of influence propagation for multiple influencers |
CN103401838A (en) * | 2013-07-02 | 2013-11-20 | 中北大学 | Method for preventing botnet based on botnet program propagation behaviors |
CN107135224A (en) * | 2017-05-12 | 2017-09-05 | 中国人民解放军信息工程大学 | Cyber-defence strategy choosing method and its device based on Markov evolutionary Games |
CN107483486A (en) * | 2017-09-14 | 2017-12-15 | 中国人民解放军信息工程大学 | Cyber-defence strategy choosing method based on random evolution betting model |
CN107623697A (en) * | 2017-10-11 | 2018-01-23 | 北京邮电大学 | A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model |
Non-Patent Citations (1)
Title |
---|
姜伟: "基于攻防博弈模型的主动防御关键技术研究", 《中国博士学位论文全文数据库》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714364A (en) * | 2019-02-20 | 2019-05-03 | 湖南大学 | A kind of network security defence method based on Bayes's improved model |
CN110300106B (en) * | 2019-06-24 | 2021-11-23 | 中国人民解放军战略支援部队信息工程大学 | Moving target defense decision selection method, device and system based on Markov time game |
CN110300106A (en) * | 2019-06-24 | 2019-10-01 | 中国人民解放军战略支援部队信息工程大学 | Mobile target based on Markov time game defends decision choosing method, apparatus and system |
CN110830462A (en) * | 2019-10-30 | 2020-02-21 | 南京理工大学 | Security analysis method for mimicry defense architecture |
CN110784487A (en) * | 2019-11-07 | 2020-02-11 | 广东技术师范大学 | SDN node defense method based on data packet sampling inspection model |
CN112261016A (en) * | 2020-10-12 | 2021-01-22 | 国网甘肃省电力公司电力科学研究院 | Power grid protection method in attack scene |
CN112365099A (en) * | 2020-12-08 | 2021-02-12 | 南京大学 | Web server cluster expansion method based on non-deterministic separation |
CN112365099B (en) * | 2020-12-08 | 2024-03-19 | 南京大学 | Non-deterministic separation web server cluster telescoping method |
CN112822682A (en) * | 2020-12-31 | 2021-05-18 | 广州大学 | WSN attack and defense game method based on non-cooperative game |
CN112822682B (en) * | 2020-12-31 | 2023-02-24 | 广州大学 | WSN attack and defense game method based on non-cooperative game |
CN112969180B (en) * | 2021-03-31 | 2022-07-01 | 山东大学 | Wireless sensor network attack defense method and system in fuzzy environment |
CN112969180A (en) * | 2021-03-31 | 2021-06-15 | 山东大学 | Wireless sensor network attack defense method and system under fuzzy environment |
CN114580009A (en) * | 2022-01-13 | 2022-06-03 | 吉林省元依科技有限公司 | Block chain data management method, system and storage medium based on federal learning |
CN115296850A (en) * | 2022-07-08 | 2022-11-04 | 中电信数智科技有限公司 | Network attack and defense exercise distributed learning method based on artificial intelligence |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108898010A (en) | A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending | |
CN106936855B (en) | Network security defense decision-making determination method and device based on attack and defense differential game | |
Grossklags et al. | Secure or insure? A game-theoretic analysis of information security games | |
CN107566387B (en) | Network defense action decision method based on attack and defense evolution game analysis | |
CN110300106B (en) | Moving target defense decision selection method, device and system based on Markov time game | |
CN110460572B (en) | Mobile target defense strategy selection method and equipment based on Markov signal game | |
Fultz et al. | Blue versus red: Towards a model of distributed security attacks | |
CN110035066B (en) | Attack and defense behavior quantitative evaluation method and system based on game theory | |
CN109714364A (en) | A kind of network security defence method based on Bayes's improved model | |
CN106612287B (en) | A kind of detection method of the lasting sexual assault of cloud storage system | |
La | Interdependent security with strategic agents and cascades of infection | |
CN107070956A (en) | APT Attack Prediction methods based on dynamic bayesian game | |
CN109589607A (en) | A kind of game anti-cheating method and game anti-cheating system based on block chain | |
CN111064702B (en) | Active defense strategy selection method and device based on bidirectional signal game | |
Casey et al. | Cyber security via signaling games: Toward a science of cyber security | |
Vidal et al. | Online masquerade detection resistant to mimicry | |
Lamba | Enhancing awareness of cyber-security and cloud computing using principles of game theory | |
Wang et al. | Dynamic game model of botnet DDoS attack and defense | |
Aggarwal et al. | Modeling the effects of amount and timing of deception in simulated network scenarios | |
Cerdeiro et al. | Individual security, contagion, and network design | |
CN114024738A (en) | Network defense method based on multi-stage attack and defense signals | |
Haner et al. | Breaking botnets: A quantitative analysis of individual, technical, isolationist, and multilateral approaches to cybersecurity | |
Lin et al. | Effective proactive and reactive defense strategies against malicious attacks in a virtualized honeynet | |
Muhsen et al. | Feature Selection Strategy for Network Intrusion Detection System (NIDS) Using Meerkat Clan Algorithm. | |
Sokri | Game theory and cyber defense |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181127 |
|
RJ01 | Rejection of invention patent application after publication |