CN108898010A - A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending - Google Patents

A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending Download PDF

Info

Publication number
CN108898010A
CN108898010A CN201810661360.4A CN201810661360A CN108898010A CN 108898010 A CN108898010 A CN 108898010A CN 201810661360 A CN201810661360 A CN 201810661360A CN 108898010 A CN108898010 A CN 108898010A
Authority
CN
China
Prior art keywords
defending
attacking
state
defence
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810661360.4A
Other languages
Chinese (zh)
Inventor
郭敏
石波
吴朝雄
查尤平
于冰
温泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201810661360.4A priority Critical patent/CN108898010A/en
Publication of CN108898010A publication Critical patent/CN108898010A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a kind of methods for establishing the attacking and defending Stochastic Game Model towards malicious code defending, including:Markov attacking and defending Stochastic Game Model is established, defence income and attack income are calculated, selection defence policies and the optimal defence policies of solution based on ADSG-M betting model.The method of the attacking and defending Stochastic Game Model of a kind of foundation of the invention towards malicious code defending, according to malware detection background.The thought of game theory is applied in malware defence by a kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending of the present invention, provides a kind of new method to solve the problems research such as network security attacking and defending contradiction and its optimal defence decision.

Description

A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending
Technical field
The invention belongs to technical field of network security, proposes a kind of attacking and defending of the foundation towards malicious code defending and win at random The method for playing chess model.
Background technique
(1) Malware
Malware definition:With one or more hazardous acts, most by the combination or superposition of these hazardous acts Reach destruction system eventually, steal system user information, monitor the software of the purpose of user action, such as computer virus, worm, wood Horse, spyware, rogue software etc..
Malware behavior analysis method common at present has Static Analysis Method and dynamic analysing method.
(2) attacking and defending game
Under network-combination yarn environment, the function or service quality that attacker is desirable with Malware destruction goal systems is come Obtain maximum gain;Defender wishes to keep while system availability for system to be reduced to by risk of attacks minimum.Attacking and defending pair Anti- substantive characteristics is target antagonism, relationship Non-synergic, the tactful interdependence of attacking and defending both sides, and these features are exactly game The essential characteristic of opinion.
Summary of the invention
The purpose of the present invention is to provide it is a kind of establish the attacking and defending Stochastic Game Model towards malicious code defending method, For solving above-mentioned problem of the prior art.
A kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending of the present invention, wherein including:It establishes Markov attacking and defending Stochastic Game Model, including:1ADSG-M betting model is defined, specially:ADSG-M={ N, S, Ad,Aa,P, Rd,Ra, U }, ADSG-M betting model each element meaning is defined as follows:N={ attacker, defender } is attacking and defending game participant collection It closes;S={ St| t ∈ [0, T] } it is attacking and defending Stochastic Game state set in ping-pong process, wherein state StIndicate the net of t moment Network and information system state;It is defence set of actions, defender is in t moment StUnder state Defence set of actions is denoted as It is attack set, attacker is in t moment StState Under attack set be denoted asIt is attacking and defending Stochastic Game state transition probability letter Number, as the movement of attacking and defending both sides selects, the state of system constantly changes, according to state St, attackDefence movement And transition probability P, the state S after being shiftedt+1It is the revenue function collection of defender It closes, RdIt is set of real numbers, value is the financial value of defender;It is the revenue function collection of attacker It closes, RaIt is set of real numbers, value is the financial value of attacker;U is objective criteria function, for judging the good of attacking and defending both sides' strategy Bad, the target of attacking and defending both sides is all to maximize respective objective function;State transition probability seek include:If network and Information system has n safe condition, indicates that the state transfer between each safe condition is general with a state-transition matrix P Rate:
Wherein matrix element pijIndicate that attacking and defending game playing system is transferred to the probability of state j from state i;Meter Defence income and attack income are calculated, including:Defend income RdIncluding system from infringement, defence at Sheet and intrusion scene;Attack income RaFor:Wherein, α is that defence is efficient,It indicates to be directed to and attack It hitsTake defence policies TjValidity;When preventing completely attack,When preventing attack invalid,In the case of other,CB is defence cost, is the cost for implementing defence policies;It is system by infringement cost, indicates attackCaused by system loss,It is that defender is dynamic using defence MakeDefence cost,It is intrusion scene, indicates attacker's offensive attackRequired cost;It is based on The selection defence policies of ADSG-M betting model, including:(1) defence policies are defined:T={ TA,TDBe attacking and defending both sides action plan Slightly gather;|TA|=m indicates the attack strategies set of attacker,It indicates in shape State SKWhen attacker use attack strategies, whereinAttack strategiesIt indicates in state SK Lower attacker chooses attackProbability, it is right Attacker Available attack is chosen in the form of probability, when attacker does not take attack, attack strategies are denoted as φ;|TD|= N indicates the defence policies set of defender,It indicates in state SKWhen defender The defence policies set of use, whereinDefence policiesIt indicates in state SKLower defender Choose defence movementProbability, it is right Defender is with probability Form choose available defence movement, when defender does not take defence to act, defence policies are denoted as φ;It is rich for ADSG-M Play chess model { N, S, Ad,Aa,P,Rd,Ra, U }, when system is in state SkWhen, the strategy of attacking and defending both sides is respectively It is a Nash Equilibrium, and if only ifIt is the optimal response strategy of attacking and defending both sides, that is, meets:For arbitrary WithHave:It is one zero and attacking and defending Stochastic Game Model ADSG-M=given {N,S,Ad,Aa,P,Rd,Ra, U }, if game state set S, attacking and defending behavior aggregate Ad, AaIt is finite aggregate, then certainly exists one Stablize Nash Equilibrium;Optimal defence policies are solved, including:For given ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, it is rightOptimal defence policies χ*It is that the functional value U that makes to set the goal reaches maximum solution, i.e., following discrete type Dynamic Programmings Optimal value:
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, N=2 regards the merging of multiple Malwares as single attacker, attacks if having multiple Malwares while being attacked Behavior is considered as distributed collaboration attack.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, objective criteria function U is defined using discount expectation criterion function, discount expectation criterion function U (S, Γ)=R (S, Γ)+β∑s’P (S, Γ, S ') U (S '), wherein Γ is defence policies, R={ Rd,Ra, objective criteria function is that current attacking and defending is double The financial value R (S, Γ) of side and the following discount financial value β ∑s’The sum of P (S, Γ, S ') U (S '), β is discount rate, will not by β Carry out financial value to be folded in current state.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, using network and the safe condition of information system as attacking and defending Stochastic Game state set, safe condition transformation is by attacking and defending movement pairCause, attacking and defending Stochastic Game status and appearance is that registry entry modification/increase/deletion, file modification/increases/deletes It removes, process opens or closes and service opens or closes.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, it includes closing certain service, closing certain access authority, malicious code is removed and shift malice that the defence that defender implements, which acts, Software is to close net.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, attack set includes:The attack that malicious code is implemented, including:Modification, increase, the deletion of registry entry, file Modification, creation and deletion, the network port are intercepted and captured, process malice opens or closes, API calls malice is called, keyboard section It obtains, Mouse hook and service malice open or close.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, Decision Making Effect is shifted in the dynamic attacks face that state transition probability is set by defender, while also byAndThe probability of happening influence, whereinIt indicates in state SiLower attacker issues attackProbability;Indicate attackSuccess attack is simultaneously transferred to state SjProbability;It indicates in state SiLower defender issues defence movementProbability;Indicate defence movementSo that state is transferred to SjProbability.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, Ra+Rd=0, zero and attacking and defending Stochastic Game.
One embodiment of the method according to the present invention for establishing the attacking and defending Stochastic Game Model towards malicious code defending, In, it solves in optimal defence policies, under equilibrium state, attacker and defender defer to the Markov that discount rate is β and determine Plan process, when the strategy of attacker has been fixed, the decision of defender is the maximum value strategy in markov decision process, i.e., dynamic The optimal solution χ of state planning equation*, it is solved using iterative method, it is pre- as decision by the optimum defense strategy of each state Case.
The present invention proposes a kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending, by attacking and defending game Model is introduced into malicious code protection new scene, for given objective of defense network and information system, passes through the software in cloud Behavioural analysis and the threat of local, which perceive, determines attack set, analyzes network and information system, attack, really Determine defence policies.The present invention will construct the attacking and defending Stochastic Game mould towards malicious code defending according to malware detection background Type, and study the optimal defence policies On The Choice based on this model.The thought of game theory is applied to Malware by the present invention In defence, a kind of new method is provided to solve the problems research such as network security attacking and defending contradiction and its optimal defence decision.
Detailed description of the invention
Nothing
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, below with reference to embodiment, to specific reality of the invention The mode of applying is described in further detail.
A kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending of the present invention, including:
1, Markov attacking and defending Stochastic Game Model is established, including:
1ADSG-M betting model is defined, specially:ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, each element meaning is such as Under:
N={ attacker, defender } is attacking and defending game participant set.The present embodiment only considers the case where N=2, that is, attacks The side of hitting and defender regard the merging of these softwares as single attacker, attack if having multiple Malwares while being attacked Behavior is considered as distributed collaboration attack;
S={ St| t ∈ [0, T0] } it is attacking and defending Stochastic Game state set in ping-pong process, wherein state StWhen indicating t The network and information system state at quarter;
It is defence set of actions, defender is in t moment StDefence movement under state Set is denoted asSuch asHaveAnd
It is attack set, attacker is in t moment StAttack under state Set is denoted asSuch asHaveAnd
P:S×Ad×Aa× S → [0,1] is attacking and defending Stochastic Game state transition probability function, with the movement of attacking and defending both sides Selection, the state of system constantly changes, according to state St, attackDefence movementTransition probability P, available turn State S after shiftingt+1
It is the revenue function set of defender, RdIt is set of real numbers, value is defender Financial value;
It is the revenue function set of attacker, RaIt is set of real numbers, value is attacker Financial value;
U is objective criteria function, for judging the quality of attacking and defending both sides' strategy.The target of attacking and defending both sides be all make it is respective Objective function maximizes.The present embodiment it is expected criterion function using discount to be defined, and discount it is expected criterion function U (S, Γ) =R (S, Γ)+β ∑s’P (S, Γ, S ') U (S '), wherein Γ is defence policies, R={ Rd,Ra, objective criteria function is current The financial value R (S, Γ) of attacking and defending both sides and the following discount financial value β ∑s’The sum of P (S, Γ, S ') U (S '), β is discount rate, currently The pursuit-evasion strategy that state is taken will also result in influence to future, but when because of financial value and attack step between have much relations, therefore pass through β Future profits value is folded in current state.
Wherein, the present embodiment is using network and the safe condition of information system as attacking and defending Stochastic Game state set.Network and The safe condition of information system expresses the levels such as hardware bottom layer, operating system, software, network and data essential attribute, exposure The resource etc. for being used to attack.Safe condition transformation is by attacking and defending movement pairCause, attacking and defending Stochastic Game state Can show as registry entry modification/increase/deletion, file modification/increase/deletion, process opens or closes, service is opened or Close etc..
The defence movement that defender implements such as closes certain service, closes certain access authority, malicious code removing, shifts and dislike Anticipate software to honey net etc..
Attack set includes:The attack that malicious code is implemented, such as the modification, increase, deletion of registry entry, text Part modification, is deleted at creation, and the network port is intercepted and captured, and process malice opens or closes, and API calls malice is called, and keyboard is cut It obtains, the hook behavior such as Mouse hook, service malice opens or closes.
State transition probability seek include:It is that there is randomness caused by being acted as attacking and defending since game state shifts, A possibility that state transfer is described with probability size.If network and information system have n safe condition, a shape can be used State transfer matrix P indicates the state transition probability between each safe condition:
Wherein matrix element pijIndicate that attacking and defending game playing system is transferred to the probability of state j from state i.
On the whole, Decision Making Effect is shifted in the dynamic attacks face that state transition probability is mainly set by defender, simultaneously also ByIt is influenced etc. a variety of probabilities of happening, whereinIt indicates In state SiLower attacker issues attackProbability;Indicate attackSuccess attack simultaneously makes state It is transferred to SjProbability;It indicates in state SiLower defender issues defence movementProbability;Indicate anti- Imperial movementSo that state is transferred to SjProbability.
It calculates defence income and attack income includes:
Defend income (Rd), indicate defender take income obtained after defence policies, including system from infringement, Defend cost, intrusion scene.
Attack income Ra, indicate that attacker's offensive attack acts obtained income.
Wherein α is that defence is efficient,It indicates for attackTake defence policies TjValidity.When complete When full prevention attack,When preventing attack invalid, In the case of other,
CB is defence cost, is the cost for implementing defence policies.
It is system by infringement cost, indicates attackCaused by system loss,It is that defender adopts It is acted with defenceDefence cost,It is intrusion scene, indicates attacker's offensive attackRequired cost.
Here, Ra+Rd=0, i.e., zero and attacking and defending Stochastic Game.In view of attacking and defending both sides' income is complementary, i.e. attacker Income is defender's loss, so the present embodiment selection zero and attacking and defending game.
2, based on the selection defence policies of ADSG-M betting model
(1) defence policies are defined
T={ TA,TDBe attacking and defending both sides action strategy set.
|TA|=m indicates the attack strategies set of attacker, It indicates in shape State SKWhen attacker use attack strategies, whereinAttack strategiesIt indicates in state SK Lower attacker chooses attackProbability, it is rightAttacker Available attack is chosen in the form of probability.When attacker does not take attack, attack strategies are denoted as φ.
|TD|=n indicates the defence policies set of defender, It indicates State SKWhen defender use defence policies set, whereinDefence policiesIt indicates State SKLower defender chooses defence movementProbability, it is right Defender chooses available defence movement in the form of probability.When defender does not take defence to act, defence policies are denoted as φ.
For ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, when system is in state SkWhen, the plan of attacking and defending both sides Slightly it is respectively It is a Nash Equilibrium, and if only ifIt is the optimal response strategy of attacking and defending both sides, that is, meets:For arbitraryHave
Give one zero and attacking and defending Stochastic Game Model ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, if game state Collect S, attacking and defending behavior aggregate Ad, AaIt is finite aggregate, then certainly exists a stable Nash Equilibrium.
(2) optimal defence policies are solved
Dynamic Programming is to solve a kind of mathematical method of optimization problem in multistage decision process.Multistage decision problem is Finger requires to make decisions in each stage, so that it is best to achieve the effect that whole process, multistage decision process and time Related, the selection of each stage decision does not arbitrarily determine, it depends on current state, and causes turning for state immediately It moves, sequence of decisions generates in the dynamic change of state, therefore the method for processing multistage decision problem is called Dynamic Programming.
By above-mentioned Dynamic Programming concept it is found that ADSG-M model optimal policy On The Choice proposed by the present invention is an allusion quotation The method solved with Dynamic Programming optimal value is acquired optimal defence plan by the discrete type dynamic programming problems of type, the present invention Slightly.
Solving optimal defence policies includes:For given ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, it is rightOptimal defence policies χ*That the functional value U that makes to set the goal reaches maximum solution, i.e., following discrete type Dynamic Programmings it is optimal Value.
χi(Td)≥0
Under equilibrium state, attacker and defender defer to the markov decision process that discount rate is β, so when attacking The strategy for the person of hitting has been fixed, and the decision of defender is the maximum value strategy in markov decision process, i.e., above-mentioned Dynamic Programming The optimal solution χ of equation*.Iterative method can be used to solve above formula.By the optimum defense strategy of each state, i.e. defence is dynamic Make, such as<Certain port is closed, certain IP jump>, output is as decision prediction scheme.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations Also it should be regarded as protection scope of the present invention.

Claims (9)

1. a kind of method for establishing the attacking and defending Stochastic Game Model towards malicious code defending, including:
Markov attacking and defending Stochastic Game Model is established, including:
1ADSG-M betting model is defined, specially:ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, each member of ADSG-M betting model Plain meaning is defined as follows:
N={ attacker, defender } is attacking and defending game participant set;
S={ St| t ∈ [0, T0] } it is attacking and defending Stochastic Game state set in ping-pong process, wherein state StIndicate t moment Network and information system state;
It is defence set of actions, defender is in t moment StDefence set of actions under state It is denoted as
It is attack set, attacker is in t moment StAttack set note under state For
P:S×Ad×Aa× S → [0,1] is attacking and defending Stochastic Game state transition probability function, as the movement of attacking and defending both sides is selected It selects, the state of system constantly changes, according to state St, attackDefence movementAnd transition probability P, it is shifted State S afterwardst+1
It is the revenue function set of defender, RdIt is set of real numbers, value is the receipts of defender Benefit value;
It is the revenue function set of attacker, RaIt is set of real numbers, value is the receipts of attacker Benefit value;
U is objective criteria function, for judging that the quality of attacking and defending both sides' strategy, the target of attacking and defending both sides are all to make respective target Function maximization;
State transition probability seek include:If network and information system have n safe condition, with a state-transition matrix P indicates the state transition probability between each safe condition:
Wherein matrix element pijIndicate that attacking and defending game playing system is transferred to the probability of state j from state i;
Defence income and attack income are calculated, including:Defend income RdIncluding system from infringement, defence cost and attack Cost;
Attack income RaFor:
Wherein, α is that defence is efficient,It indicates for attackTake defence policies TjValidity;When complete resistance When only attacking,When preventing attack invalid, In the case of other,CB It is defence cost, is the cost for implementing defence policies;It is system by infringement cost, indicates attackCaused by be System loss,It is that defender is acted using defenceDefence cost,It is intrusion scene, indicates attacker's hair Dynamic attackRequired cost;
Selection defence policies based on ADSG-M betting model, including:
(1) defence policies are defined:
T={ TA,TDBe attacking and defending both sides action strategy set;
|TA|=m indicates the attack strategies set of attacker, It indicates in state Sk When the attack strategies that use of attacker, wherein k=1,2 ..., K,Attack strategiesIt indicates in state SkUnder attack The person of hitting chooses attackProbability, it is rightAttacker is with general The form of rate chooses available attack, and when attacker does not take attack, attack strategies are denoted as φ;
|TD|=n indicates the defence policies set of defender, It indicates in state SkWhen the defence policies set that uses of defender, wherein k=1,2 ..., K,Defence policiesIt indicates in state SkLower defender chooses defence movementProbability, it is rightDefence Person chooses available defence movement in the form of probability, and when defender does not take defence to act, defence policies are denoted as φ;
For ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, when system is in state SkWhen, the strategy point of attacking and defending both sides It is not It is a Nash Equilibrium, and if only ifIt is the optimal response strategy of attacking and defending both sides, that is, meets:For arbitrary WithHave:
Give one zero and attacking and defending Stochastic Game Model ADSG-M={ N, S, Ad,Aa,P,Rd,Ra, U }, if game state set S, Attacking and defending behavior aggregate Ad, AaIt is finite aggregate, then certainly exists a stable Nash Equilibrium;
Optimal defence policies are solved, including:
For given ADSG-M betting model { N, S, Ad,Aa,P,Rd,Ra, U }, it is rightOptimal defence policies χ*It is to make to determine Target function value U reaches maximum solution, i.e., the optimal value of following discrete type Dynamic Programmings:
χi(Td)≥0;
2. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist In N=2 regards the merging of multiple Malwares as single attacker, attack if having multiple Malwares while being attacked Behavior is considered as distributed collaboration attack.
3. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist In, objective criteria function U is defined using discount expectation criterion function, discount expectation criterion function U (S, Γ)=R (S, Γ)+β∑S’P (S, Γ, S ') U (S '), wherein Γ is defence policies, R={ Rd,Ra, objective criteria function is that current attacking and defending is double The financial value R (S, Γ) of side and the following discount financial value β ∑S’The sum of P (S, Γ, S ') U (S '), β is discount rate, will not by β Carry out financial value to be folded in current state.
4. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist In using network and the safe condition of information system as attacking and defending Stochastic Game state set, safe condition transformation is by attacking and defending movement pairCause, attacking and defending Stochastic Game status and appearance is that registry entry modification/increase/deletion, file modification/increases/deletes It removes, process opens or closes and service opens or closes.
5. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist In it includes closing certain service, closing certain access authority, malicious code is removed and shift malice that the defence that defender implements, which acts, Software is to close net.
6. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist In attack set includes:The attack that malicious code is implemented, including:Modification, increase, the deletion of registry entry, file Modification, creation and deletion, the network port are intercepted and captured, process malice opens or closes, API calls malice is called, keyboard section It obtains, Mouse hook and service malice open or close.
7. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist Shift Decision Making Effect in the dynamic attacks face that, state transition probability is set by defender, at the same also byAndThe probability of happening influence, whereinIt indicates in state Si Lower attacker issues attackProbability;Indicate attackSuccess attack simultaneously makes state be transferred to Sj Probability;It indicates in state SiLower defender issues defence movementProbability;Indicate defence movementSo that state is transferred to SjProbability.
8. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist In Ra+Rd=0, zero and attacking and defending Stochastic Game.
9. the method for establishing the attacking and defending Stochastic Game Model towards malicious code defending as described in claim 1, feature exist In solving in optimal defence policies, under equilibrium state, attacker and defender defer to the Markov that discount rate is β and determine Plan process, when the strategy of attacker has been fixed, the decision of defender is the maximum value strategy in markov decision process, i.e., dynamic The optimal solution χ of state planning equation*, it is solved using iterative method, it is pre- as decision by the optimum defense strategy of each state Case.
CN201810661360.4A 2018-06-25 2018-06-25 A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending Pending CN108898010A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810661360.4A CN108898010A (en) 2018-06-25 2018-06-25 A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810661360.4A CN108898010A (en) 2018-06-25 2018-06-25 A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending

Publications (1)

Publication Number Publication Date
CN108898010A true CN108898010A (en) 2018-11-27

Family

ID=64346213

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810661360.4A Pending CN108898010A (en) 2018-06-25 2018-06-25 A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending

Country Status (1)

Country Link
CN (1) CN108898010A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714364A (en) * 2019-02-20 2019-05-03 湖南大学 A kind of network security defence method based on Bayes's improved model
CN110300106A (en) * 2019-06-24 2019-10-01 中国人民解放军战略支援部队信息工程大学 Mobile target based on Markov time game defends decision choosing method, apparatus and system
CN110784487A (en) * 2019-11-07 2020-02-11 广东技术师范大学 SDN node defense method based on data packet sampling inspection model
CN110830462A (en) * 2019-10-30 2020-02-21 南京理工大学 Security analysis method for mimicry defense architecture
CN112261016A (en) * 2020-10-12 2021-01-22 国网甘肃省电力公司电力科学研究院 Power grid protection method in attack scene
CN112365099A (en) * 2020-12-08 2021-02-12 南京大学 Web server cluster expansion method based on non-deterministic separation
CN112822682A (en) * 2020-12-31 2021-05-18 广州大学 WSN attack and defense game method based on non-cooperative game
CN112969180A (en) * 2021-03-31 2021-06-15 山东大学 Wireless sensor network attack defense method and system under fuzzy environment
CN114580009A (en) * 2022-01-13 2022-06-03 吉林省元依科技有限公司 Block chain data management method, system and storage medium based on federal learning
CN115296850A (en) * 2022-07-08 2022-11-04 中电信数智科技有限公司 Network attack and defense exercise distributed learning method based on artificial intelligence

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413003A (en) * 2010-09-20 2012-04-11 中国科学院计算技术研究所 Method and system for detecting network security
CN102821007A (en) * 2012-08-06 2012-12-12 河南科技大学 Network security situation awareness system based on self-discipline computing and processing method thereof
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
CN103401838A (en) * 2013-07-02 2013-11-20 中北大学 Method for preventing botnet based on botnet program propagation behaviors
US20140274246A1 (en) * 2013-03-15 2014-09-18 University Of Southern California Localized shortest-paths estimation of influence propagation for multiple influencers
CN107135224A (en) * 2017-05-12 2017-09-05 中国人民解放军信息工程大学 Cyber-defence strategy choosing method and its device based on Markov evolutionary Games
CN107483486A (en) * 2017-09-14 2017-12-15 中国人民解放军信息工程大学 Cyber-defence strategy choosing method based on random evolution betting model
CN107623697A (en) * 2017-10-11 2018-01-23 北京邮电大学 A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413003A (en) * 2010-09-20 2012-04-11 中国科学院计算技术研究所 Method and system for detecting network security
CN102821007A (en) * 2012-08-06 2012-12-12 河南科技大学 Network security situation awareness system based on self-discipline computing and processing method thereof
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
US20140274246A1 (en) * 2013-03-15 2014-09-18 University Of Southern California Localized shortest-paths estimation of influence propagation for multiple influencers
CN103401838A (en) * 2013-07-02 2013-11-20 中北大学 Method for preventing botnet based on botnet program propagation behaviors
CN107135224A (en) * 2017-05-12 2017-09-05 中国人民解放军信息工程大学 Cyber-defence strategy choosing method and its device based on Markov evolutionary Games
CN107483486A (en) * 2017-09-14 2017-12-15 中国人民解放军信息工程大学 Cyber-defence strategy choosing method based on random evolution betting model
CN107623697A (en) * 2017-10-11 2018-01-23 北京邮电大学 A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
姜伟: "基于攻防博弈模型的主动防御关键技术研究", 《中国博士学位论文全文数据库》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714364A (en) * 2019-02-20 2019-05-03 湖南大学 A kind of network security defence method based on Bayes's improved model
CN110300106B (en) * 2019-06-24 2021-11-23 中国人民解放军战略支援部队信息工程大学 Moving target defense decision selection method, device and system based on Markov time game
CN110300106A (en) * 2019-06-24 2019-10-01 中国人民解放军战略支援部队信息工程大学 Mobile target based on Markov time game defends decision choosing method, apparatus and system
CN110830462A (en) * 2019-10-30 2020-02-21 南京理工大学 Security analysis method for mimicry defense architecture
CN110784487A (en) * 2019-11-07 2020-02-11 广东技术师范大学 SDN node defense method based on data packet sampling inspection model
CN112261016A (en) * 2020-10-12 2021-01-22 国网甘肃省电力公司电力科学研究院 Power grid protection method in attack scene
CN112365099A (en) * 2020-12-08 2021-02-12 南京大学 Web server cluster expansion method based on non-deterministic separation
CN112365099B (en) * 2020-12-08 2024-03-19 南京大学 Non-deterministic separation web server cluster telescoping method
CN112822682A (en) * 2020-12-31 2021-05-18 广州大学 WSN attack and defense game method based on non-cooperative game
CN112822682B (en) * 2020-12-31 2023-02-24 广州大学 WSN attack and defense game method based on non-cooperative game
CN112969180B (en) * 2021-03-31 2022-07-01 山东大学 Wireless sensor network attack defense method and system in fuzzy environment
CN112969180A (en) * 2021-03-31 2021-06-15 山东大学 Wireless sensor network attack defense method and system under fuzzy environment
CN114580009A (en) * 2022-01-13 2022-06-03 吉林省元依科技有限公司 Block chain data management method, system and storage medium based on federal learning
CN115296850A (en) * 2022-07-08 2022-11-04 中电信数智科技有限公司 Network attack and defense exercise distributed learning method based on artificial intelligence

Similar Documents

Publication Publication Date Title
CN108898010A (en) A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending
CN106936855B (en) Network security defense decision-making determination method and device based on attack and defense differential game
Grossklags et al. Secure or insure? A game-theoretic analysis of information security games
CN107566387B (en) Network defense action decision method based on attack and defense evolution game analysis
CN110300106B (en) Moving target defense decision selection method, device and system based on Markov time game
CN110460572B (en) Mobile target defense strategy selection method and equipment based on Markov signal game
Fultz et al. Blue versus red: Towards a model of distributed security attacks
CN110035066B (en) Attack and defense behavior quantitative evaluation method and system based on game theory
CN109714364A (en) A kind of network security defence method based on Bayes&#39;s improved model
CN106612287B (en) A kind of detection method of the lasting sexual assault of cloud storage system
La Interdependent security with strategic agents and cascades of infection
CN107070956A (en) APT Attack Prediction methods based on dynamic bayesian game
CN109589607A (en) A kind of game anti-cheating method and game anti-cheating system based on block chain
CN111064702B (en) Active defense strategy selection method and device based on bidirectional signal game
Casey et al. Cyber security via signaling games: Toward a science of cyber security
Vidal et al. Online masquerade detection resistant to mimicry
Lamba Enhancing awareness of cyber-security and cloud computing using principles of game theory
Wang et al. Dynamic game model of botnet DDoS attack and defense
Aggarwal et al. Modeling the effects of amount and timing of deception in simulated network scenarios
Cerdeiro et al. Individual security, contagion, and network design
CN114024738A (en) Network defense method based on multi-stage attack and defense signals
Haner et al. Breaking botnets: A quantitative analysis of individual, technical, isolationist, and multilateral approaches to cybersecurity
Lin et al. Effective proactive and reactive defense strategies against malicious attacks in a virtualized honeynet
Muhsen et al. Feature Selection Strategy for Network Intrusion Detection System (NIDS) Using Meerkat Clan Algorithm.
Sokri Game theory and cyber defense

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181127

RJ01 Rejection of invention patent application after publication