CN115941235A - Network attack and defense game model construction method based on node importance - Google Patents
Network attack and defense game model construction method based on node importance Download PDFInfo
- Publication number
- CN115941235A CN115941235A CN202211039767.6A CN202211039767A CN115941235A CN 115941235 A CN115941235 A CN 115941235A CN 202211039767 A CN202211039767 A CN 202211039767A CN 115941235 A CN115941235 A CN 115941235A
- Authority
- CN
- China
- Prior art keywords
- node
- network
- nodes
- attack
- defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a network attack and defense game model construction method based on node importance, which adopts a multi-attribute decision theory to identify key nodes, and obtains comprehensive node evaluation indexes by four common node evaluation indexes by using an ideal solution method of a set entropy weight method; the index is used in an attack and defense model of a complex network, and defensive resources are deployed by sequencing the importance of the nodes, so that the aim of network defense is fulfilled; establishing an attack and defense game model in a complex network based on a game theory; the key nodes can be found through the network attack and defense game model based on the node importance, the optimal resource deployment can be found by putting resources into the nodes with high importance through the solution of the game theory, and the effective utilization of the resources and the protection of the network are achieved.
Description
Technical Field
The invention relates to the field of network vulnerability and security games, in particular to a network attack and defense game model construction method based on node importance.
Background
Key infrastructure systems such as communications, power, railways, energy systems, and the like play an important role in maintaining social stability. Once these facilities are damaged, the safety of the people's lives and properties will be seriously affected. Therefore, the problem of protecting the critical infrastructure network has become a hot topic in the system security field in recent years. The critical infrastructure usually contains a plurality of system components, has an obvious network structure, and most of the existing research abstracts the system components into a complex network analysis structure. The heterogeneous topology structure of the complex network causes the importance of nodes in the network to be greatly changed, and the structure and the function of the network are greatly influenced. When these nodes in the network fail, their impact quickly spreads throughout the network. Therefore, how to accurately quantify the importance of the nodes in the complex network and find out the key nodes has important theoretical and practical significance, and a method is also needed to solve the problems that the key nodes in the network are identified and the performance of the network is reduced when the network is attacked due to the prior resource investment.
Disclosure of Invention
In order to comprehensively solve the problems, particularly aiming at the defects in the prior art, the invention provides a network attack and defense game model construction method based on node importance, which can comprehensively solve the problems.
In order to achieve the purpose, the invention adopts the following technical means:
a network attack and defense game model construction method based on node importance comprises the following steps:
s1, modeling an attack and defense model of a complex network:
the network infrastructure system is represented by a simple undirected graph G (V, E), where V is a set of nodes,
is an edge set;
the number of nodes | V | is represented by n, assuming A (G) = (a) ij ) N×N Is the adjacency matrix of G if node v i And v j Adjacent to it, then there is a ij =a ji =1, otherwise a ij =a ji =0;
Node v i Degree of (2)Is composed of
Equal to the number of edges connected thereto;
s2, key node identification:
obtaining an evaluation initial matrix through four node evaluation indexes of overcentre, betweenness centrality, approximate centrality and feature vector centrality, and then calculating the importance of the nodes according to an ideal solution method based on an entropy weight method to obtain a comprehensive evaluation index;
the obtained comprehensive evaluation indexes are used in an attack and defense model of a complex network, and defensive resources are deployed by utilizing the importance sequence of the nodes, so that the purpose of network defense is achieved;
s3, modeling an attack and defense game model of the complex network:
based on a game theory, an attack and defense game model of a complex network is established, and the attack and defense game model of the complex network comprises a basic hypothesis model, a cost model, a strategy model and a profit model of the model.
Further preferred embodiments of the present invention: the degree center of the node in the step S2 represents the direct influence of the node, and is represented as follows:
wherein k is i Is the degree of node i;
for a connected network with n nodes, any one node v can be calculated i Average shortest distance to other nodes in the network:
further preferred embodiments of the present invention: the betweenness centrality of the nodes in the step S2 generally refers to shortest path betweenness centrality, and the control force of the nodes on network flows transmitted along the shortest path in the network is described; node v i The betweenness of (A) is defined as:
where N denotes the number of nodes in the network, σ st (i) Representing the number of shortest paths, σ, from node s to node t through node i st The total number representing the shortest path is from node s to node t.
Further preferred embodiments of the present invention: the proximity centrality of the nodes in the step S2 is to eliminate the interference of the special value by calculating the average value of the distances between the nodes and all other nodes in the network, and the smaller the average distance between one node and other nodes in the network is, the larger the proximity centrality of the node is; the near-centrality of a node is expressed as:
further preferred embodiments of the present invention: the feature vector centrality of the node in the step S2 considers the linear relationship between the centrality index of one node and the centrality indexes of other surrounding nodes, and is the linear superposition of the centrality values of the adjacent nodes, and the more the central value of the feature vector of the node is, the more important the node is; the feature vector centrality measure is defined as follows:
where EC (i) denotes the feature vector centrality of node i, λ is a constant, A ij Is the adjacency matrix of the network, x j Is the value of the j-th term of the normalized largest feature vector.
Further preferred embodiments of the present invention: the evaluation initial matrix in step S2 is:
wherein m evaluation indexes and n evaluation objects are used for researching the node importance of the complex network, and the evaluation objects are n nodes of the networkThe price index is degree centrality x i1 Characteristic vector centrality x i2 A median center property x i3 Near centrality x i4 ;
Normalization is as follows:
the normalized evaluation matrix is:
determining an optimal scheme and a worst scheme:
optimal solution (consisting of maximum values per column in Z):
worst solution (consisting of minimum values per column in Z):
according to the information entropy theory, the smaller the information entropy of the index, the more the information amount indicating the contribution of the index is, the larger the weight is, so the information entropy value of the index is set as E j (0≤E j ≤1):
The weight is:
wherein ω is j The weight (degree of importance) of the jth attribute;
calculating the closeness degree of each evaluation index object to the optimal scheme and the worst scheme:
calculating the closeness degree C of the evaluation object and the optimal scheme i :
Wherein 0 is more than or equal to C i ≤1,C i → 1 indicates that the evaluation object is more preferable.
Further preferred embodiments of the present invention: the basic assumption model in step S3 is:
only one attacker and one defender are considered, and both the attacker and the defender have complete information on the network;
all attack and defense behaviors aim at nodes in the network, and when one node is attacked successfully, edges connected to the nodes are removed;
when a node is attacked by an attacker and not protected by a defender, the node is considered to be successfully attacked, and the node is removed from the network; when a node is protected by a defender, the attack of the attacker on the node is regarded as invalid, and the node still plays a role in the network.
Further preferred embodiments of the invention: the cost model in the step S3 is:
the purpose of an attacker is to achieve the maximization of network destruction through attacking nodes in a network, and a defender protects the nodes through the resource investment of the nodes so as to minimize the consumed resources, but no matter whether the attack or the defense is adopted, measures taken aiming at the nodes inevitably consume certain resources or pay certain cost, namely:
wherein r is i ≥0,r i Reference attributes (degree, betweenness, etc.) representing nodes, r i In order for the importance of a node to be significant,
representing a node v i Attack and defense costs of (1), wherein q A ,q D (> 0) represents an attack (defense) cost sensitive parameter;
in a practical scenario, the utilization of resources is not unlimited, and in order to achieve effective use of resources and accurately and efficiently attack (defend) a node, the following definitions are provided:
where α ∈ [0,1] is an attack cost constraint parameter and β ∈ [0,1] is a defense cost constraint parameter. The parameters α and β represent how much resources a player can devote to their behaviour, with increasing α, more targets an attacker can attack when taking the same attack strategy, and in the extreme case of α =1, all targets an attacker can attack.
Further preferred embodiments of the invention: the strategy model in step S3 is:
suppose that
Is a set of attacked nodes, and the attack policy defines X = [ X = 1 ,x 2 ,L,x n ]∈S A In which S is A Is the policy set of the attacker if node v i Under attack, x i =1, i.e. v i ∈V A Else x i =0, let C X The total cost for an attacker to adopt policy X is defined as:
thus, the resource budget constraint is:
for rational attackers, attacks are absolutely not one-time events, the best result is one-click, but based on rational defense of an actual defense party, the extreme situation basically does not occur, so in order to ensure that each attack achieves effective utilization of resources, and to consider that the remaining resources can be subjected to the next attack after attack failure, the number of attack nodes of the attackers is defined as follows:
similarly, for defender in strategy Y (Y = [ Y ] 1 ,y 2 ,L,y n ]∈S D ,y i =1 represents the total cost of the node under defense) is:
the resource budget constraints are:
in addition to the limitation of resource budget, some crucial targets must consider the resource investment and the necessary number of nodes to be protected for the defenders who are in a weak situation and need to guarantee the network to operate properly, so the minimum number of protected nodes is defined as:
further preferred embodiments of the present invention: the profit model in the step S3 is as follows:
as can be seen from the game hypothesis, v i When defended (y) i = 1), it will not be removed when an attacker attacks it, however, it will be removed from the network when an unprotected node is attacked, that is to say when x i =1,y i When =0, the node is removed, assuming that the set of removed nodes is
Therefore, the network after the node is removed is ≧>
Then, the profit of the attacker is known as:
where Γ represents a network performance metric function, typically the maximum clique proportion or network efficiency;
similarly, when all attacked nodes are removed without defense, the network can be represented as
The defender's profit is:
compared with the prior art, the invention has the following beneficial effects:
the network attack and defense game model construction method based on the node importance provided by the invention adopts a multi-attribute decision theory to identify key nodes, and obtains comprehensive node evaluation indexes by four common node evaluation indexes by using an ideal solution method of a set entropy weight method; the index is used in an attack and defense model of a complex network, defensive resources are deployed by sequencing the importance of the nodes, and the purpose of network defense is achieved; establishing an attack and defense game model in a complex network based on a game theory; the key nodes can be found through the proposed network attack and defense game model based on the node importance, and the optimal resource deployment can be found through the solution of the game theory by putting resources into the nodes with high importance, so that the effective utilization of the resources and the protection of the network are achieved.
Drawings
FIG. 1 is a flow chart of a network attack and defense game model construction method based on node importance according to the invention;
fig. 2 is a diagram illustrating a variation of a maximum blob size of an unscaled network under different attack modes in an embodiment of the present invention.
Detailed Description
For the convenience of understanding, the technical solutions in the embodiments of the present invention will be described in detail in the following with reference to the accompanying drawings in the embodiments of the present invention. The described embodiments are only some of the embodiments of the present invention.
Example 1
As shown in fig. 1, a network attack and defense game model building method based on node importance provided by the embodiment of the present invention includes the following steps:
s1, modeling an attack and defense model of a complex network:
the network infrastructure system is represented by a simple undirected graph G (V, E), where V is a set of nodes,
is an edge set;
the number of nodes | V | is represented by n, assuming A (G) = (a) ij ) N×N Is the adjacency matrix of G if node v i And v j Adjacent to it, then there is a ij =a ji =1, otherwise a ij =a ji =0;
Node v i To a degree of
Equal to the number of edges connected thereto;
s2, key node identification:
obtaining an evaluation initial matrix through four node evaluation indexes of decentrality, betweenness centrality, approximate centrality and feature vector centrality, and then calculating the importance of the nodes according to an ideal solution method based on an entropy weight method to obtain a comprehensive evaluation index;
the obtained comprehensive evaluation indexes are used in an attack and defense model of a complex network, and defensive resources are deployed by utilizing the importance sequence of the nodes, so that the purpose of network defense is achieved;
s3, modeling an attack and defense game model of the complex network:
based on a game theory, an attack and defense game model of a complex network is established, and the attack and defense game model of the complex network comprises a basic hypothesis model, a cost model, a strategy model and a profit model of the model.
In the step S2, the identification of the key node is to obtain a comprehensive index by using a multi-attribute decision method (an ideal solution method) by using a plurality of common evaluation indexes, so that the evaluation of the node importance has comprehensiveness and the importance of the node in the network can be described better. In addition, the use of the entropy weight method makes the proportion of each evaluation index in describing the node importance clearer.
The complex network attack and defense game model in the step S3 clearly demonstrates that the cost is related to the importance of the nodes, decision deployment is carried out according to the importance, strategies adopted by both the attack and defense are rational participation under the game theory view, and optimal resource deployment is obtained through Nash equilibrium solution, so that protection of the actual network and effective utilization of resources are facilitated.
Example 2
As shown in fig. 1, the network attack and defense game model construction method based on node importance provided by the embodiment of the invention extracts the degree-centrality, the betweenness-centrality, the approximate centrality and the feature vector centrality of all nodes in a network, and establishes an EWM-TOPSIS method (an ideal solution method based on an entropy weight method), which is a comprehensive key node identification index, by using a multi-attribute decision method. And constructing an attack and defense game model according to the node importance identified by the EWM-TOPSIS method.
Building a network model, the network infrastructure system is represented by a simple undirected graph G (V, E), where V is a set of nodes,
is an edge set. The number of nodes | V | is represented by n, assuming A (G) = (a) ij ) N×N Is a contiguous matrix of G. If node v i And v j Adjacent to each other, then there is a ij =a ji =1, otherwise a ij =a ji =0. Node v i In a number of degrees of->
Equal to the number of edges connected to it.
Many mechanisms and functions in a network are greatly affected by a small fraction of nodes that are generally considered important if they encounter a malicious attack or incident that significantly degrades network performance, and we generally refer to such nodes as critical nodes. The single node evaluation index cannot completely evaluate the importance of the node, so the TOPSIS method is used for calculating the comprehensive node evaluation index.
Nodal Centrality Degree Centre (DC): centrality is expressed as the proportion of network nodes that have direct contact with a node, reflecting associations with other nodes, where k i Is the degree of node i;
for a connected network with n nodes, any one node v can be calculated i Average shortest distance to other nodes in the network:
the betweenness centrality of the nodes generally refers to the betweenness centrality of the shortest path, and the control force of the nodes on network flows transmitted along the shortest path in the network is described; node v i The betweenness of (A) is defined as:
where N denotes the number of nodes in the network, σ st (i) Representing the number of shortest paths from node s to node t through node i, σ st The total number representing the shortest path is from node s to node t.
The proximity centrality of the node is eliminated by calculating the average value of the distances between the node and all other nodes in the network, and the smaller the average distance between one node and other nodes in the network is, the greater the proximity centrality of the node is; the near-centrality of a node is expressed as:
the feature vector centrality of the node considers the linear relation between the centrality index of one node and the centrality indexes of other surrounding nodes, and is the linear superposition of the centrality values of the adjacent nodes, and the more the central value of the feature vector of the node is, the more important the node is; the feature vector centrality measure is defined as follows:
where EC (i) denotes the feature vector centrality of node i, λ is a constant, A ij Is a contiguous matrix of the network, x j Is the value of the j-th term of the normalized largest feature vector.
Example 3
As shown in fig. 1, a network attack and defense game model building method based on node importance provided by the embodiment of the present invention includes the following steps:
s1, modeling an attack and defense model of a complex network:
the network infrastructure system is represented by a simple undirected graph G (V, E), where V is a set of nodes,
is an edge set;
the number of nodes | V | is represented by n, assuming A (G) = (a) ij ) N×N Is the adjacency matrix of G if node v i And v j Adjacent to it, then there is a ij =a ji =1, otherwise a ij =a ji =0;
Node v i To a degree of
Equal to the number of edges connected thereto; />
S2, key node identification:
obtaining an evaluation initial matrix through four node evaluation indexes of overcentre, betweenness centrality, approximate centrality and feature vector centrality, and then calculating the importance of the nodes according to an ideal solution method based on an entropy weight method to obtain a comprehensive evaluation index;
the obtained comprehensive evaluation indexes are used in an attack and defense model of a complex network, and defensive resources are deployed by utilizing the importance sequence of the nodes, so that the purpose of network defense is achieved;
s3, modeling an attack and defense game model of the complex network:
based on a game theory, an attack and defense game model of a complex network is established, and the attack and defense game model of the complex network comprises a basic hypothesis model, a cost model, a strategy model and a profit model of the model.
The degree centrality of the node in step S2 represents the direct influence of the node, and is expressed as follows:
wherein k is i Is the degree of node i;
for a connected network with n nodes, any one node v can be calculated i Average shortest distance to other nodes in the network:
in the step S2, the betweenness centrality of the nodes generally refers to shortest path betweenness centrality, and the control force of the nodes on network flows transmitted along the shortest path in the network is described; node v i The betweenness of (A) is defined as:
where N denotes the number of nodes in the network, σ st (i) Representing the number of shortest paths, σ, from node s to node t through node i st The total number representing the shortest path is from node s to node t.
The proximity centrality of the nodes in the step S2 eliminates the interference of special values by calculating the average value of the distances between the nodes and all other nodes in the network, and the smaller the average distance between one node and other nodes in the network is, the larger the proximity centrality of the node is; the near-centrality of a node is expressed as:
in the step S2, the feature vector centrality of the node considers the linear relationship between the centrality index of one node and the centrality indexes of other surrounding nodes, and is the linear superposition of the centrality values of the adjacent nodes, and the more the central value of the feature vector of the node is, the more important the node is; the feature vector centrality measure is defined as follows:
where EC (i) denotes the feature vector centrality of node i, λ is a constant, A ij Is a contiguous matrix of the network, x j Is the value of the j-th term of the normalized largest feature vector.
The initial matrix evaluated in step S2 is:
wherein m evaluation indexes and n evaluation objects are used for researching the node importance of the complex network, the evaluation objects are n nodes of the network, and the evaluation index is the degree centrality x i1 Characteristic vector centrality x i2 Intermediate center of mass x i3 Near centrality x i4 ;
Normalization is as follows:
the normalized evaluation matrix is:
determining an optimal scheme and a worst scheme:
optimal solution (consisting of maximum values per column in Z):
worst solution (consisting of minimum values per column in Z):
according to the information entropy theory, the smaller the information entropy of the index, the more the information amount indicating the contribution of the index is, the larger the weight is, so the information entropy value of the index is set as E j (0≤E j ≤1):
The weight is:
wherein ω is j The weight (degree of importance) of the jth attribute;
calculating the closeness degree of each evaluation index object to the optimal scheme and the worst scheme:
calculating the closeness degree C of the evaluation object and the optimal scheme i :
Wherein 0 is less than or equal to C i ≤1,C i → 1 indicates that the evaluation object is more preferable.
The basic assumption model in step S3 is:
only one attacker and one defender are considered, and both the attacker and the defender have complete information on the network;
all attack and defense behaviors aim at nodes in the network, and when one node is attacked successfully, edges connected to the nodes are removed;
when a node is attacked by an attacker and not protected by a defender, the node is considered to be successfully attacked, and the node is removed from the network; when a node is protected by a defender, the attack of the attacker on the node is regarded as invalid, and the node still plays a role in the network.
The cost model in step S3 is:
the purpose of the attacker is to achieve the maximization of network destruction through attacking nodes in the network, and the defender protects the nodes through the resource investment of the nodes so as to minimize the consumption of resources. However, whether attack or defense is taken, taking measures against a node inevitably consumes certain resources or comes at a certain cost, that is:
wherein r is i ≥0,r i Reference attributes (degree, betweenness, etc.) representing nodes, r i In order for the importance of the node to be significant,
representing a node v i Attack and defense costs of (a), wherein q A ,q D (> 0) represents an attack (defense) cost sensitive parameter;
in a practical scenario, the utilization of resources is not unlimited, and in order to achieve effective use of resources and accurately and efficiently attack (defend) a node, the following definitions are provided:
where α ∈ [0,1] is an attack cost constraint parameter and β ∈ [0,1] is a defense cost constraint parameter. The parameters α and β represent how much a player can devote to their actions. As α increases, more targets can be attacked by an attacker while taking the same attack strategy. In the extreme case of α =1, an attacker can attack all targets.
The strategy model in step S3 is:
suppose that
Is the set of attacked nodes, and the attack strategy defines X = [ X = 1 ,x 2 ,L,x n ]∈S A In which S is A Is the policy set of the attacker if node v i Under attack, then x i =1, i.e. v i ∈V A Else x i =0, let C X The total cost for an attacker to adopt policy X is defined as:
thus, the resource budget limit is:
for rational attackers, attacks are absolutely not one-time events, the best result is that a click is medium naturally, but based on rational defense of an actual defense party, the extreme situation basically does not occur, so in order to ensure that each attack achieves effective utilization of resources and consider that the remaining resources can be subjected to the next attack after the attack fails, that is, the number of attack nodes of an attacker is defined as:
similarly, for defender in strategy Y (Y = [ Y ] 1 ,y 2 ,L,y n ]∈S D ,y i =1 represents the total cost of the node under defense) is:
the resource budget limit is:
in addition to the limitation of resource budget, some crucial objectives must consider the investment of resources and the necessary number of nodes to be protected for defensive parties that are in a weak position and need to guarantee the network to operate properly. The number of nodes that are least protected is defined as:
the revenue model in step S3 is:
as can be seen from the game hypothesis, v i When defended (y) i = 1), it will not be removed when an attacker attacks it, however, it will be removed from the network when an unprotected node is attacked, that is to say when x i =1,y i =0, the node is removed, assuming the set of nodes removed is
Therefore, the network after the node is removed is &>
Then, the profit of the attacker is known as:
where Γ represents a network performance metric function, typically the maximum clique proportion or network efficiency;
similarly, when all attacked nodes are removed without defense, the network may be represented as
The defender's profit is:
the application effect of the present invention will be described in detail with reference to the simulation.
The network is a scale-free network, wherein G (V, E) = G (100, 200), and the attribute of the node in the top ten is sorted for the key node identification module in the network in table 1.
TABLE 1 comprehensive index of top ten sorted nodes in scaleless network
FIG. 2 can find that the damage to the network is more severe in the scale-free network, which is moderately central, near central and EWM-TOPSIS. The near-centrality attacks damage the network slightly better than the more centrality and EWM-TOPSIS attacks before the number of attacks reaches 17. But when the number of attacks reaches 17, the network under EWM-TOPSIS is more severely damaged. Especially, when the number of attacks reaches 20, the network destruction effect is most remarkable.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or equivalents may be substituted for elements thereof. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A network attack and defense game model construction method based on node importance is characterized by comprising the following steps:
s1, modeling an attack and defense model of a complex network:
the network infrastructure system is represented by a simple undirected graph G (V, E), where V is a set of nodes,
is an edge set;
the number of nodes | V | is represented by n, assuming A (G) = (a) ij ) N×N Is the adjacency matrix of G if node v i And v j Adjacent to it, then there is a ij =a ji =1, otherwise a ij =a ji =0;
Node v i To a degree of
Equal to the number of edges connected thereto;
s2, key node identification:
obtaining an evaluation initial matrix through four node evaluation indexes of overcentre, betweenness centrality, approximate centrality and feature vector centrality, and then calculating the importance of the nodes according to an ideal solution method based on an entropy weight method to obtain a comprehensive evaluation index;
the obtained comprehensive evaluation indexes are used in an attack and defense model of a complex network, and defensive resources are deployed by utilizing the importance sequence of the nodes, so that the purpose of network defense is achieved;
s3, modeling an attack and defense game model of the complex network:
based on a game theory, an attack and defense game model of a complex network is established, and the attack and defense game model of the complex network comprises a basic hypothesis model, a cost model, a strategy model and a profit model of the model.
2. The method for constructing the network attack and defense game model based on the importance of the nodes according to claim 1, wherein the degree-centrality of the nodes in the step S2 represents the direct influence of the nodes, and is represented as follows:
wherein k is i Is the degree of node i;
for a connected network with n nodes, any one node v can be calculated i Average shortest distance to other nodes in the network:
3. the method for constructing the network attack and defense game model based on the node importance according to claim 1, wherein the betweenness centrality of the nodes in the step S2 generally refers to shortest path betweenness centrality, and the control force of the nodes on network flows transmitted along the shortest path in the network is described; node v i The betweenness of (A) is defined as:
where N denotes the number of nodes in the network, σ st (i) Representing the shortest path from node s to node t through node iNumber, σ st The total number representing the shortest path is from node s to node t.
4. The network attack and defense game model construction method based on node importance is characterized in that the proximity centrality of the node in the step S2 is calculated to eliminate the interference of a special value by calculating the average value of the distances between the node and all other nodes in the network, and the smaller the average distance between one node and other nodes in the network is, the greater the proximity centrality of the node is; the near-centrality of a node is expressed as:
5. the method for constructing the network attack-defense game model based on the node importance according to claim 1, wherein the feature vector centrality of the node in the step S2 considers the linear relationship between the centrality index of one node and the centrality indexes of other nodes around, and is the linear superposition of the centrality values of the adjacent nodes, and the larger the centrality value of the node feature vector is, the more important the node is; the feature vector centrality measure is defined as follows:
where EC (i) denotes the feature vector centrality of node i, λ is a constant, A ij Is a contiguous matrix of the network, x j Is the value of the j-th term of the normalized largest feature vector.
6. The method for constructing the network attack-defense game model based on the node importance according to claim 1, wherein the evaluation initial matrix in the step S2 is as follows:
wherein m evaluation indexes and n evaluation objects are used for researching the node importance of the complex network, the evaluation objects are n nodes of the network, and the evaluation index is degree centrality x i1 Characteristic vector centrality x i2 A median center property x i3 Near centrality x i4 ;
Normalization is as follows:
the normalized evaluation matrix is:
determining an optimal scheme and a worst scheme:
optimal solution (consisting of maximum values per column in Z):
worst solution (consisting of minimum values per column in Z):
according to the information entropy theory, the smaller the information entropy of the index, the more the information amount indicating the contribution of the index is, the larger the weight is, so the information entropy value of the index is set as E j (0≤E j ≤1):
The weight is:
wherein ω is j The weight (degree of importance) of the jth attribute;
calculating the closeness degree of each evaluation index object to the optimal scheme and the worst scheme:
calculating the closeness degree C of the evaluation object and the optimal scheme i :
Wherein 0 is more than or equal to C i ≤1,C i → 1 indicates that the evaluation object is more preferable.
7. The method for constructing the network attack-defense game model based on the node importance as claimed in claim 1, wherein the basic hypothesis model in the step S3 is:
only one attacker and one defender are considered, and both the attacker and the defender have complete information on the network;
all attack and defense behaviors are directed at nodes in the network, and when one node is attacked successfully, edges connected to the nodes are removed;
when a node is attacked by an attacker and not protected by a defender, the node is considered to be successfully attacked, and the node is removed from the network; when a node is protected by a defender, the attack of the attacker on the node is regarded as invalid, and the node still plays a role in the network.
8. The method for constructing a network attack and defense game model based on node importance according to claim 1, wherein the cost model in the step S3 is as follows:
the purpose of an attacker is to achieve the maximization of network destruction by attacking nodes in a network, and a defender protects the nodes by investing resources of the nodes so as to minimize consumed resources, but measures taken for the nodes are bound to consume certain resources or pay certain cost no matter the nodes are attacked or defended, namely:
wherein r is i ≥0,r i Reference attributes (degree, betweenness, etc.) representing nodes, r i In order for the importance of a node to be significant,
representing a node v i Attack and defense costs of (1), wherein q A ,q D (> 0) represents an attack (defense) cost sensitive parameter;
in a practical scenario, the utilization of resources is not unlimited, and in order to achieve effective use of resources and accurately and efficiently attack (defend) nodes, the following definitions are provided:
where α ∈ [0,1] is an attack cost constraint parameter, β ∈ [0,1] is a defense cost constraint parameter, the parameters α and β represent how much resources a player can devote to their behavior, as α increases, there are more targets that an attacker can attack when taking the same attack strategy, and in the extreme case of α =1, an attacker can attack all targets.
9. The method for constructing a network attack and defense game model based on node importance according to claim 1, wherein the policy model in the step S3 is:
suppose that
Is a set of attacked nodes, and the attack policy defines X = [ X = 1 ,x 2 ,L,x n ]∈S A In which S is A Is the policy set of the attacker if node v i Under attack, x i =1, i.e. v i ∈V A Else x i =0, let C X The total cost for an attacker to adopt policy X is defined as:
thus, the resource budget limit is:
for rational attackers, attacks are absolutely not one-time events, the best result is that a click is medium naturally, but based on rational defense of an actual defense party, the extreme situation basically does not occur, so in order to ensure that each attack achieves effective utilization of resources and consider that the remaining resources can be subjected to the next attack after the attack fails, that is, the number of attack nodes of an attacker is defined as:
similarly, for defender in strategy Y (Y = [ Y ] 1 ,y 2 ,L,y n ]∈S D ,y i =1 represents the total cost of the node under defense) is:
the resource budget limit is:
in addition to the limitation of resource budget, for the defenders who are in a weak situation and need to guarantee the normal operation of the network, some crucial targets must consider the investment of resources and the necessary number of nodes to be protected, so the minimum number of protected nodes is defined as:
10. the network attack and defense game model building method based on node importance according to claim 1, wherein the profit model in the step S3 is:
as can be seen from the game hypothesis, v i When defended (y) i = 1), it will not be removed when an attacker attacks it, however, it will be removed from the network when an unprotected node is attacked, that is to say when x i =1,y i =0, the node is removed, assuming the set of nodes removed is
Thus, the network after the node is removed is &>
The gain of the attacker can be known as:
where Γ represents a network performance metric function, typically the maximum clique proportion or network efficiency;
similarly, when all attacked nodes are removed without defense, the network may be represented as
The defender's income is:
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211039767.6A CN115941235A (en) | 2022-08-29 | 2022-08-29 | Network attack and defense game model construction method based on node importance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211039767.6A CN115941235A (en) | 2022-08-29 | 2022-08-29 | Network attack and defense game model construction method based on node importance |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115941235A true CN115941235A (en) | 2023-04-07 |
Family
ID=86551215
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211039767.6A Pending CN115941235A (en) | 2022-08-29 | 2022-08-29 | Network attack and defense game model construction method based on node importance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115941235A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117522536A (en) * | 2024-01-04 | 2024-02-06 | 深圳市华图测控系统有限公司 | Book checking method and system based on two-dimension code identification |
-
2022
- 2022-08-29 CN CN202211039767.6A patent/CN115941235A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117522536A (en) * | 2024-01-04 | 2024-02-06 | 深圳市华图测控系统有限公司 | Book checking method and system based on two-dimension code identification |
| CN117522536B (en) * | 2024-01-04 | 2024-04-26 | 深圳市华图测控系统有限公司 | Book checking method and system based on two-dimension code identification |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107147670B (en) | APT (android Package) defense method based on game system | |
| Agah et al. | Preventing DoS attacks in wireless sensor networks: A repeated game theory approach. | |
| CN101420442B (en) | Network security risk evaluation system based on game theory | |
| Shen et al. | Signaling game based strategy of intrusion detection in wireless sensor networks | |
| US20070113281A1 (en) | Method used in the control of a physical system affected by threats | |
| La | Interdependent security with strategic agents and cascades of infection | |
| CN108765179A (en) | A kind of credible social networks analysis method calculated based on figure | |
| CN115941235A (en) | Network attack and defense game model construction method based on node importance | |
| Zhu et al. | Research on the security technology of big data information | |
| Wang et al. | A network security assessment model based on attack-defense game theory | |
| Qi et al. | An attack–defense game model in infrastructure networks under link hiding | |
| Shao et al. | Multistage attack–defense graph game analysis for protection resources allocation optimization against cyber attacks considering rationality evolution | |
| CN113037776A (en) | Electric power system information asset safety monitoring method | |
| He et al. | SCPN-based game model for security situational awareness in the Intenet of things | |
| Chaoqi et al. | Camouflage strategy of a Stackelberg game based on evolution rules | |
| Zhang et al. | Preventing spread of spam transactions in blockchain by reputation | |
| Guan et al. | Notice of Retraction: An New Intrusion Prevention Attack System Model Based on Immune Principle | |
| Wang et al. | Attack-Defense game analysis of critical infrastructure network based on Cournot model with fixed operating nodes | |
| Gao et al. | Quantitative risk assessment of threats on scada systems using attack countermeasure tree | |
| Busby et al. | Modelling security risk in critical utilities: The system at risk as a three player game and agent society | |
| Guan et al. | A Bayesian Improved Defense Model for Deceptive Attack in Honeypot-Enabled Networks | |
| Zhang | Defensive strategy selection based on attack-defense game model in network security | |
| Elliott | Help–somebody robbed my second life avatar | |
| CN108471430A (en) | A kind of Internet of Things embedded-type security means of defence and device | |
| Lin et al. | RiskProp: Account Risk Rating on Ethereum via De-anonymous Score and Network Propagation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |