CN116579430A - Method and system for solving network attack and defense game refining BNE - Google Patents
Method and system for solving network attack and defense game refining BNE Download PDFInfo
- Publication number
- CN116579430A CN116579430A CN202310505035.XA CN202310505035A CN116579430A CN 116579430 A CN116579430 A CN 116579430A CN 202310505035 A CN202310505035 A CN 202310505035A CN 116579430 A CN116579430 A CN 116579430A
- Authority
- CN
- China
- Prior art keywords
- office
- game
- probability
- bne
- defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 96
- 238000000034 method Methods 0.000 title claims abstract description 89
- 238000007670 refining Methods 0.000 title claims abstract description 49
- 230000008901 benefit Effects 0.000 claims abstract description 34
- 230000008569 process Effects 0.000 claims abstract description 30
- 230000003068 static effect Effects 0.000 claims abstract description 11
- 230000009471 action Effects 0.000 claims description 44
- 238000013139 quantization Methods 0.000 claims description 18
- 238000006243 chemical reaction Methods 0.000 claims description 16
- 230000035515 penetration Effects 0.000 description 7
- 238000005457 optimization Methods 0.000 description 6
- 238000012937 correction Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002498 deadly effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007429 general method Methods 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011002 quantification Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
- G06N5/042—Backward inferencing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network attack and defense games, and discloses a method and a system for solving network attack and defense game refining BNE, wherein in the process of quantifying network attack and defense games, perfect Nash equilibrium of sub games of complete information dynamic games and Bayesian Nash equilibrium of incomplete information static games are combined, and the situation of role interchange is considered, so that the solving of the refining BNE problem is converted into the solving of a benefit maximization problem; wherein role interchange refers to an attacker becoming a defender, or a defender becoming an attacker. The invention solves the problems that the complex network attack and defense game process is difficult to accurately quantitatively describe in the prior art.
Description
Technical Field
The invention relates to the technical field of network attack and defense games, in particular to a method and a system for solving network attack and defense games and refining BNE.
Background
In 2018 global risk report, network attacks are first listed as security risks in the first five world, next to extreme weather and natural disasters. In the actual network attack and defense process, both an attacker and an defender are always in a rational state, one party always maximizes the benefit of the other party while considering the action and the policy (strategy) of the other party. That is, an attacker may destroy the target system or steal the target information to a great extent, and an defender may try to prevent this from happening. In short, the countermeasure interaction relationship between the attacker and the defender in the network attack and defense corresponds to the game theory. The adoption of a strategy has a vital role in the network attack and defense game, and the adoption of a specific strategy can directly influence the final result of the attack and defense game, and an attacker or an defender can construct a plurality of attack/defense strategy sets before taking actions. However, in actual offensive and defensive gaming, the latter determinants are not aware of the specific strategy adopted by the former determinants. Therefore, it is necessary to build an attack-defense game model to describe the attack-defense game strategy and to simulate and infer the final game outcome before the actual attack/defense is developed.
However, in an actual attack and defense scenario, there is always a case where information is missing. In addition, in the countering process, the countermeasures adopted by both the attack and defense are always dynamically changed. However, most of the prior art suffer from the following three disadvantages due to the complexity of the actual network attack and defense scenario and the sensitivity of the attack strategy: (1) Focusing on the construction of a model and the selection of a defense strategy in a certain specific scene from the theoretical point of view, the game relationship of two game parties is directly focused on from the actual attack and defense scene in a universal mode by fresh work; (2) The actual network attack and defense game has uniqueness different from a general attack scene due to continuous actions and strategy selection, and the existing matrix game method lacks complete description of the attack and defense game and does not need to mention the relation of incomplete information and dynamic strategies; (3) With the continuous updating and upgrading of attack and defense technical means, the scene of 'role exchange' of an attacker-defender appears in recent years. That is, as attacks develop, the roles of the attacker and defender may be interchanged when certain preconditions are met. In this new phase of role interchange, the original defender is made the attacker instead to maximize the benefits of the entire attack-defense game, while the original defender is forced to be converted into defender to resist the attack of the original defender. However, the prior art lacks consideration of the situation of role interchange in the modeling process, and it is difficult to accurately describe the actual network attack and defense scene.
Since game theory is the most suitable methodology for constructing network attack and defense architecture, there have been many studies in the security field and many applications in many different scenarios. In the incomplete information static game, the attack and defense decision problem is solved through Bayesian Nash equilibrium. In the complete information dynamic game, perfect Nash balance of the sub-game solves the attack and defense decision-making problem. In a complete but imperfect information dynamic game with both features, the solution is to refine BNE.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a method and a system for solving network attack and defense game refining BNE, which solve the problems that the complex network attack and defense game process is difficult to accurately quantitatively describe in the prior art.
The invention solves the problems by adopting the following technical scheme:
in the process of quantifying network attack and defense games, perfect Nash equilibrium of sub games of complete information dynamic games and Bayesian Nash equilibrium of incomplete information static games are combined, and the situation of role interchange is considered, so that the solution of the refined BNE problem is converted into the solution of a benefit maximization problem; wherein role interchange refers to an attacker becoming a defender, or a defender becoming an attacker.
As a preferred technical scheme, the method comprises the following steps:
s1, haisani conversion: converting the incomplete information dynamic game into a complete and imperfect information dynamic game, adding persons in the bureau except the attacking and defending parties, establishing different types for the attacking party and the defending party, and giving a probability distribution to each type of the persons in the bureau;
s2, defining scene probability: defining edge probability and conditional probability in the attack and defense scene of the incomplete information dynamic game network, wherein the specific definition method is as follows: edge probability p (a) defining human selection actions in office ih ) Further, conditional probability p (theta) in the attack and defense scene of the incomplete information dynamic game network is defined based on Bayesian law ik |a ih ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein i represents the number of persons in the office, h represents the number of possible actions of the persons in the office, K represents the number of possible types of the persons in the office, K is 1.ltoreq.k.ltoreq.k, K represents the number of possible types of the persons in the office, a ih Representing a certain action of person i in office, θ ik Representing a certain type of person i in the office, p (a ih ) Representing person i in office to select a ih Edge probability, p (θ) ik |a ih ) Representing a given a ih In case i belongs to the type theta ik Probability of (2);
s3, condition and hypothesis definition: giving the definition of conditions and assumptions of the incomplete information dynamic game refined BNE;
s4, revenue quantization definition: for the situation of role exchange of an attacker and an defender, quantifying the benefits of the attacker or defender in the whole attack and defense game process into the sum of the benefits of different role exchange stages; wherein the number of character exchange stages is denoted as L;
s5, defining incomplete information dynamic game refining BNE: and according to the scene probability definition of the step S2, the condition and assumption definition of the step S3 and the income quantization definition of the step S4, the definition of the incomplete information dynamic game refining BNE is given.
As a preferred embodiment, in step S2,
wherein ,p(aih |θ ik ) Indicating that i is of type theta ik In case of i select a ih Conditional probability of p (θ) ik ) Indicating that i is of type theta ik Is a priori probability of (c).
As a preferred embodiment, in step S2,
the types of people in the office are distributed independently;
i belongs to the type theta ik Is p (theta) ik )≥0,
i belongs to the type theta ik And i selects a ih The conditional probability of (2) is
As a preferred technical solution, in step S3, the conditions for refining BNE in the incomplete information dynamic game include:
(1) On each information set, the decision maker must have a probability distribution defined over all decision junctions belonging to the information set;
(2) Given the probability distribution over the information set and the subsequent policies of other persons in the office, the actions of the persons in the office must be optimal;
(3) The benefits of the attacker or defender in different character stages are independent;
(4) The posterior probability of each office person is modified according to Bayesian law and equalization strategy.
As a preferred technical solution, the conditions for refining the BNE in the incomplete information dynamic game include:
there are n players participating in game, and the type of player i in the game is theta i ∈Θ i; wherein ,θi Is private information Θ i Is the type space of person i in the office;
p(θ -i |θ i ) Is of the type theta i Person i in office of (a) thinks that other n-1 persons in office are of type theta -i =(θ 1 ,...,θ i-1 ,θ i+1 ,...,θ n ) Is a priori probability of (2);
S i (θ i ) Is of the type theta i Policy set for person i in office; wherein s is i ∈S i (θ i ) Is a specific strategy adopted by the person i in the office;
a -ih =(a 1h ,...,a (i-1)h ,a (i+1)h ,...a nh ) The method comprises the following steps: in the h th A personal information set, wherein the action set of other n-1 persons in the office observed by the person i in the office; a, a -ih Belongs to policy set S -i =(S 1 ,...,S i-1 ,S i+1 ,...,S n ) Part of a), a -ih From S -i A predetermined action;
the method comprises the following steps: person i in office is observing action a -ih Then, other n-1 persons are considered to be of type theta -i Posterior probability of>
u i (S i ,S -i ,θ i ) Is the payment function of person i in the office.
As a preferred technical solution, in step S5, definition of the incomplete information dynamic game refined BNE is:
refining BNE is an optimal strategy setAnd a posterior probabilityIs a combination of (a); wherein (1)>Representing the optimal strategy of person in office 1, …, person in office n, respectively, ++>The posterior probabilities of the persons n in the office are shown respectively.
As a preferred technical solution, the definition of the incomplete information dynamic game refining BNE satisfies the following conditions:
refining conditions:
for each office person i and each information set h:
wherein ,representing a specific optimal strategy for person i in the office, < +.>Representing an optimal policy set of persons in other offices except the person i in the office; wherein, the specific optimal strategy of the person i in the office refers to: taking into account the type of person i in the office and the set of optimal policies of the other persons in the office, the person i in the office adopts a certain optimal policy.
As a preferred technical solution, the definition of the incomplete information dynamic game refining BNE satisfies the following conditions:
belief conditions:
from the Bayesian law, the prior probability p i (θ -i |a -ih ) Observed a -ih Optimal strategyObtain->
A system for solving network attack and defense game refining BNE is used for realizing the method for solving network attack and defense game refining BNE, and comprises the following modules:
the sea sagnac conversion module: the method is used for converting the incomplete information dynamic game into the complete and imperfect information dynamic game, adding persons in the bureau except the attack and defense parties, establishing different types for the attack party and the defense party, and giving a probability distribution to each type of the persons in the bureau;
scene probability definition module: the method is used for defining the edge probability and the conditional probability in the attack and defense scene of the incomplete information dynamic game network, and specifically comprises the following steps: edge probability p (a) defining human selection actions in office ih ) Further, conditional probability p (theta) in the attack and defense scene of the incomplete information dynamic game network is defined based on Bayesian law ik |a ih ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein i represents the number of persons in the office, h represents the number of possible actions of the persons in the office, K represents the number of possible types of the persons in the office, K is 1.ltoreq.k.ltoreq.k, K represents the number of possible types of the persons in the office, a ih Representing a certain action of person i in office, θ ik Representing a certain type of person i in the office, p (a ih ) Representing person i in office to select a ih Edge probability, p (θ) ik |a ih ) Representing a given a ih In case i belongs to the type theta ik Probability of (2);
condition and hypothesis definition module: the method is used for providing the definition of conditions and assumptions of the incomplete information dynamic game refined BNE;
the profit quantization definition module: for the situation of role exchange of the attacker and the defender, the profit of the attacker or defender in the whole attack and defense game process is quantized into the sum of the profits of different role exchange stages; wherein the number of character exchange stages is denoted as L;
incomplete information dynamic game refining BNE definition module: the method comprises the steps of providing definition of incomplete information dynamic game refining BNE according to scene probability definition and condition output by a scene probability definition module, condition and assumption definition output by a assumption definition module and gain quantization definition output by a gain quantization definition module;
the output end of the Haisani conversion module is respectively connected with the input end of the scene probability definition module, the input end of the condition and assumption definition module and the input end of the benefit quantization definition module, and the output end of the scene probability definition module, the output end of the condition and assumption definition module and the output end of the benefit quantization definition module are respectively connected with the input end of the incomplete information dynamic game refining BNE definition module.
Compared with the prior art, the invention has the following beneficial effects:
(1) In the modeling process, the situation of role transformation in the incomplete information dynamic network attack and defense game is considered, and compared with other similar models, the method is more suitable for actual attack and defense scenes;
(2) For a full information dynamic game, consider the uncertainty of the defender type; aiming at incomplete information static game, the method also considers the asynchronism of the behaviors of an attacker and an defender; particularly, on the basis of historical statistical data, dynamic information of an defender type which is vital to attack and defense game evolution and final refining of BNE is obtained by utilizing correction of the prior probability of the defender type;
(3) Because no limit of specific attack technology or strategy exists, the expandability and the universality of the method are superior to those of other similar models; meanwhile, the method converts the solution of the Nash problem into a return maximization (reward) problem, and regards the return maximization (reward) problem as an optimization problem in a game theory, so that a new thought is provided for solving the Nash problem from the optimization angle.
Drawings
FIG. 1 is a flow chart of steps of a method for solving network attack and defense game refining BNE according to the present invention;
FIG. 2 is a topology diagram of a real penetration test case;
FIG. 3 is a schematic diagram of a game tree of a target server obtained in accordance with the present invention;
FIG. 4 is one of the ROOT rights screen shots of a target server obtained in accordance with the present invention;
FIG. 5 is a second view of a ROOT authority screen shot of a target server obtained according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but embodiments of the present invention are not limited thereto.
Example 1
As shown in fig. 1 to 5, the invention discloses a general method for solving refined bayesian Nash equalization (refined BNE, equalization of incomplete information dynamic game is called refined Bayesian equalization) of network attack and defense games, so as to solve the problem of solving the refined BNE in the incomplete information dynamic network attack and defense game. Particularly, in the actual network attack and defense game process in recent years, the attack and defense roles of an attacker and a defender often exchange. Therefore, it is necessary to consider such a situation of "attack and defense roles exchange" in the network attack and defense game modeling process, so as to describe the attack and defense game process more accurately. The method is based on the angle of an attacker, the perfect Nash equilibrium of the sub-games of the complete information dynamic game and the Bayesian Nash equilibrium of the incomplete information static game are deeply combined, and finally, the Nash equilibrium problem is converted into an optimization problem with the maximum benefit to solve.
The invention is based on the actual attack and defense scene, considers the situation of 'attack and defense role interchange' in the attack and defense modeling process by the view angle of an attacker, and solves the Bayesian refined Nash equilibrium of the incomplete information dynamic game by combining the perfect Nash equilibrium of the sub-game of the complete information dynamic game with the Bayesian Nash equilibrium depth of the incomplete information static game so as to quantify the complex network attack and defense game. The invention provides a universal quantization method which is not aimed at a certain or a certain specific scene, but is focused on the characteristics of the actual attack and defense game process in the present year, is simple and effective to realize, and has important practical significance for theoretical research and industrial demand.
Aiming at the problems and the demands existing in the prior art, the invention provides a method for solving the network attack and defense game refining BNE, which aims to quantify the network attack and defense game process and describe the network attack and defense game process more accurately from the viewpoint of optimizing the problem, thereby solving the problem of selecting attack strategies.
The technical scheme adopted by the invention is as follows:
a method for solving network attack and defense game refining BNE comprises the following steps:
step S1: firstly, converting incomplete information dynamic games into complete and imperfect information dynamic games through Hassanyi conversion (Harsanyi conversion), wherein local people except for the attack and defense parties need to be added in naturally; "nature" establishes different types for aggressors and defenses and gives each type of office a probability distribution; the incomplete information game refers to that all persons in all offices do not know knowledge about game situation, and the incomplete information game comprises all policy information, action information, payment function information, basic structure and functions of a target system and the like of the persons in other offices; imperfect information gaming refers to the fact that people in the office know and memorize decision information of people in other offices at present or before making decisions;
step S2: edge probability p (a) defining human selection actions in office ih ) Further, conditional probability p (theta) in the attack and defense scene of the incomplete information dynamic game network is defined based on Bayesian law ik |a ih );
Step S3: giving the definition of conditions and assumptions of the incomplete information dynamic game refined BNE;
step S4: for the situation of role conversion, the benefits of an attacker or defender in the whole attack and defense game process can be quantized into the sum of benefits of different stages, wherein the number of conversion stages is recorded as L;
step S5: according to steps S2-S4, a definition of incomplete information dynamic gaming refined BNE is given.
The invention considers the problem of 'role exchange' of an attacker-defender in an actual attack and defense scene and the problem that the existing method cannot quantify, so that a general quantification method is provided by combining perfect Nash equilibrium of the sub-games of the complete information dynamic game with the depth of Bayesian Nash equilibrium of the incomplete information static game, and the problem of Bayesian refined Nash equilibrium of the incomplete information dynamic game is solved.
More specifically, the method comprises the following steps:
step S1: firstly, converting incomplete information dynamic game into complete but imperfect information dynamic game through Harsanyi conversion (Haisha conversion), and adding in office persons except the offender and the defender. "nature" establishes different types for aggressors and defenses and gives any office a probability distribution of the type.
Step S2: edge probability p (a) defining human selection actions in office ih ) Conditional probability p (theta) in attack and defense scene of incomplete information dynamic game network based on Bayesian law ik |a ih )。
In incomplete information dynamic gaming, assume: (1) type independent distribution of people in the office; (2) There are k possible types for person i in the office, and H possible actions; (3) By theta ik and aih Representing a specific type and a specific action of person i in the office, respectively; (4) i belongs to the type theta ik Is p (theta) ik )≥0,(5) i belongs to the type theta ik I select a ih The conditional probability of (a) is p (a) ih |θ ik ),/>Then i selects a ih Is the edge probability of (a)
As can be seen from the above, the person in the office i selects action a ih Is the "total probability" of each type of i select a ih Conditional probability p (a) ih |θ ik ) Is weighted, the weight is the prior probability p (θ ik ). Let i observe that action a is selected ih I is of type theta ik Posterior probability of (a), i.e. given a ih In case i belongs to the type theta ik Is p (theta) ik |a ih ). In addition, there are
p(a ih ,θ ik )≡p(a ih |θ ik )p(θ ik )≡p(θ ik |a ih )p(a ih ),
I.e. i belongs to the class theta ik And select action a ih Is equal to the prior probability p (θ) ik ) Multiplying by type θ ik And select action a ih Probability of (2); or equal to selection action a ih The total probability multiplied by the selection action a ih Posterior probability in case. Then there is
Step S3: conditions and assumptions for refining BNE in incomplete information dynamic gaming are given.
Through the analysis, the invention aims to solve the perfect Nash equilibrium of the sub-games in the complete information dynamic game and the Bayesian Nash equilibrium in the incomplete information static game, namely to process the refined BNE in the complete but imperfect dynamic game. Refining BNE is the deep combination of perfect Nash equilibrium of a sub-game of a Selten complete information dynamic game and a Harsanyi incomplete information static game, and the following four conditions are required to be met: (1) On each information set, the decision maker must have a probability distribution (belief) defined over all decision junctions belonging to the information set; (2) Given the probability distribution over the information set and the subsequent policies of other persons in the office, the actions of the persons in the office must be optimal; (3) The benefits of the attacker or defender in different character stages are independent; (4) The posterior probability of each office person is modified according to Bayesian law and equalization strategy.
There are n players participating in game, and the type of player i in the game is theta i ∈Θ i, wherein ,θi Is private information Θ i Is the type space of person i in the office; p (theta) -i |θ i ) Is of the type theta i Person i in office of (a) thinks that other n-1 persons in office are of type theta -i =(θ 1 ,...,θ i-1 ,θ i+1 ,...,θ n ) Is a priori probability of (2); s is S i (θ i ) Is of the type theta i Policy set for person i in office, where s i ∈S i (θ i ) Is a certain one adopted by person i in officeSpecific strategies; a, a -ih =(a 1h ,...,a (i-1)h ,a (i+1)h ,...a nh ) In the h th The action set of other n-1 persons in the office observed by person i in the office in the information set belongs to the strategy set S -i =(S 1 ,...,S i-1 ,S i+1 ,...,S n ) Is formed by S -i A predetermined action;is that person i in the office is observing action a -ih Then, other n-1 persons are considered to be of type theta -i Posterior probability of>u i (S i ,S -i ,θ i ) Is the payment function (utility function) of person i in the office.
Step S4: for the situation of role conversion, the benefits of an attacker or defender in the whole attack and defense game process can be quantized into the sum of benefits of different stages, wherein the number of conversion stages is recorded as L;
step S5: according to steps S2-S4, a definition of incomplete information dynamic gaming refined BNE is given.
Incomplete information dynamic gaming refining BNE is defined as
Refining BNE is an optimal strategy combinationAnd a posterior probability combination +.>Satisfy the following requirements
(1) For each person i and each information set h in each office
Wherein superscript denotes the optimal term.
(2)Is derived from a priori probabilities p using Bayesian rules i (θ -i |a -ih ) Observed a -ih And optimal policy->Obtained (where possible).
In the above method:
(1) Known as refining conditions. Given an optimal strategy for people in other officesPosterior probability of person i in office->The strategy of person i in each office is optimal on all subsequent games starting from the information set h, or, in other words, all the offices are orderly. The condition is the expansion of the sub-game refined Nash equilibrium on the incomplete information dynamic game, specifically, in the complete information dynamic game, the sub-game refined Nash equilibrium requires an equilibrium strategy to form Nash equilibrium on each sub-game; in incomplete information dynamic gaming, however, refining the BNE requires that the equalization strategy constitute bayesian nash equalization on each "follow-up game".
(2) Called belief conditions, is the application of bayesian rules. If the person in the office is acting multiple times, the correction probability (correction of beliefs) requires repeated application of bayesian rules. Since the policy is an action rule and is itself not observable, the office i can only combine a according to the observed actions -i =(a 1 ,...,a i-1 ,a i+1 ,...a n ) The probability is modified but the action he observes is the optimal strategyPrescribed actions. The constraint "where possible"Require if a -i Not an action under the equilibrium policy, then observed a -i But a zero probability event, where the bayesian rule does not define the posterior probability. Any posterior probability as long as it is consistent with the equalization strategyAre reasonable.
Example 2
As further optimization of embodiment 1, as shown in fig. 1 to 5, this embodiment further includes the following technical features on the basis of embodiment 1:
the specific application of the method of the invention will be described from a practical point of view, in conjunction with a real penetration attack test case for a Web server. In the case of simulating a penetration attack for a web server, the simplified network topology of the corresponding target is known through information collection as shown in fig. 1.
In this network topology, the threat of an attacker comes from the internet, and the security policy of the firewall is set to allow internet users to access the Web server and FTP server. The Web server and FTP server can access the database server, but the attacker and external network users cannot directly access the database server. The goal of the penetration attack is to obtain the highest control rights of the database server through a series of attack strategies. An attacker can firstly acquire the control authority of the Web server through the vulnerability of the Web server, then take the Web server as a springboard, and finally acquire the highest authority of the database server. Or, the attacker can firstly acquire the control authority of the FTP server through the vulnerability of the FTP server, then take the FTP server as a springboard, and finally acquire the highest authority of the database server. In order to more effectively and concisely describe the game problem of the penetration attack process, game analysis is only carried out on the process of attempting to acquire the Web server authority. Continuously collecting information and detecting network by an attacker in the penetration attack process, wherein the obtained software and hardware information of the defender is shown in a table 1; vulnerability information mined into devices in the network is shown in table 2; the corresponding device security attributes and importance are shown in table 3.
Table 1 hard software environment table for both the offender and the defender
TABLE 2 target device vulnerability information table
TABLE 3 device Security Properties and importance tables
In the attack phase, the defender has a 'high defending cost' theta 11 "Low defense cost" θ 12 Two types, the attacker has only one type theta 21 I.e., a "high attack cost" type. First an attacker considers a priori belief to be p (θ) for high-defense and low-defense type defenders 11 )=0.5,p(θ 12 ) =0.5. Then, based on the information collection, the attacker can take two attack strategies: the high attack deadly policy (command execution) is S 21 The low-deadliness policy (XSS attack) is S 22 As shown in table 4. Meanwhile, there are two strategies for defenders: the high operation cost strategy (code reconstruction and patch upgrade) is S 11 The low operation cost policy (firewall discards suspicious packet) is S 12 As shown in table 5.
Table 4 aggressor policy quantization table
TABLE 5 defender policy quantization table
And calculating the profit values of the defender and the attacker under various possible conditions according to the corresponding quantized values in the attack and defense party strategy quantization tables by using a profit function formula. When defender adopts defending type theta 11 Defensive strategy S 11 An attacker adopts an attack strategy S 21 The attack and defense benefits are as follows:
AR(θ 11 ,S 11 ,S 21 )=SDC(S 21 )+DC(θ 11 ,S 11 )-AC(θ 11 ,S 21 )
=10×4×20+300-200=900
DR(θ 11 ,S 11 ,S 21 )=SDC(S 21 )+AC(θ 11 ,S 21 )-DC(θ 11 ,S 11 )
=10×4×20+200-300=700
wherein AR (θ) 1i ,S 1i ,S 2j ) And DR (theta) 1i ,S 1i ,S 2j ) Respectively defining the benefits of an attacker and a defender, namely the benefits which can be obtained after the attacker attacks and the benefits which are obtained by the defender for transferring the system resources on the attack surface; SDC (level) is the cost of system loss, which refers to the loss caused by an attacker when the attacker attacks the system by using corresponding resources; AC () is the cost of the attack, which refers to the cost that an attacker needs to pay when detecting and attacking the attack surface; DC () is a defense cost. Similarly, the invention can obtain the benefits of both the attack and the defense when other attack and defense strategies are adoptedThe game tree of the Web server entitlement acquisition process in the clear is shown in fig. 3.
As shown in fig. 3, in this game, the defender has 4 pure strategies: (S) 11 ,S 11 ),(S 11 ,S 12 ),(S 12 ,S 11 ),(S 12 ,S 12 ). Where the 1 st and 4 th policies are mixed policies (different types of defenders select the same policies), and the 2 nd and 3 rd are separate policies (different types of defenders select different policies). (S) 11 ,S 11 ) Representing the assignment of type θ when "nature 11 For the defender, the defender selects a strategy S 11 When "nature" allocates type θ 12 For the defender, the defender selects a strategy S 11 . Similarly, there are 4 pure strategies for an attacker: (S) 21 ,S 21 ),(S 21 ,S 22 ),(S 22 ,S 21 ),(S 22 ,S 22 ) The same defensive party is defined.
(1) For defense strategies (S 11 ,S 11 ) The balance policy of defender is S (θ 11 )=S*(θ 12 )=S 11 From fig. 3, it is known that the information set of the attacker connected by the dotted line on the left is located on the equalization path to obtain the posterior probabilityThe attacker adopts the strategy S 21 The benefits of the method are as follows: 900×0.5+1000×0.5=950. Attacker adopts strategy S 22 The benefits of the method are as follows: 40×0.5+140×0.5=90. Thus, the optimal policy for an attacker is S (S 11 )=S 21 . At this time, the type is θ 11 and θ12 The revenues available to defenders of (2) are 700 and 600, respectively. To confirm S (theta) 11 )=S*(θ 12 )=S 11 Is the best choice for defenders, and the model needs to take S by checking defenders 12 In this case. If the defender selects policy S 12 An attacker can observe the strategy S 12 At this time, the game is shown as a set of information connected by a dotted line on the right side of fig. 3. If an attacker pairs the strategy S 12 The reaction of (2) isPolicy S 21 Then the type is theta 11 and θ12 Is selected by defender S 12 The benefits of (1) are 580 and 530, respectively, select S 11 The yields of (2) are 700 and 600, respectively, when the type is θ 11 and θ12 Will choose strategy S 11 I.e., high operational cost policies (code reconstruction and patch upgrades); if an attacker pairs the strategy S 12 The reaction of (1) is S 22 Type theta 11 and θ12 Is selected by defender S 12 The benefits of (1) are 160 and 110, respectively, select S 11 The benefits of (2) are 280 and 180, respectively. At this time, the type is θ 11 and θ12 The defender of (C) will still select strategy S 11 . In addition, consider the attacker at S 12 Posterior probability of time information set +.> and />At the same time, consideration is also given to selecting policy S at the time of the inference 21 Whether or not the optimum can be achieved. At this time, the attacker selects S 21 Is of benefit of
Accordingly, the attacker selects S 22 Is of benefit of
It can be seen that, for any ofThe values are all +.>The attacker will take policy S 21 Therefore->Is the hybrid BNE of the game. Likewise, three other pure strategies are available that cannot constitute the BNE of the game, and are not described in detail herein.
In the penetration attack process, the probability of adopting a low-cost defense type by the defender is continuously corrected by judging the behavior of the defender, and finally the strategy S is adopted 21 I.e., CVE-2017-9805 (S2-052) vulnerability, attacks the target Web server. The attack results are shown in fig. 4 and 5, the exploit result shows that the execution is successful from the red frame No. 1, the rebound Shell is successfully realized as can be seen from the output of the red frame No. 2, the interception (Listen) is carried out locally, and the connection with the external network address is successfully carried out.
It is noted that for the sake of illustrating the simplicity of analysis, the role exchange phase l=1 in this example, and the definition of the bayesian law and the posterior probability correction are not listed one by one.
The method is characterized in that:
the refined BNE of the invention is a combination of equalization strategy and equalization belief, namely: given beliefsStrategy->Is optimal; given policy->Belief->Is derived from the equalization strategy and observed actions using bayesian rules. Thus, refined BNE is a corresponding stationary point (fixed point of a correspondence), i.e. there isSince refined BNE is a stationary point, the posterior probability and the strategy are interdependent. Thus, the solution of refining balances using reverse induction is not applicable in incomplete information gaming because it is not known how the predecessor should choose if it is not.
The invention has 3 advantages:
(1) In the modeling process, the situation of role transformation in the incomplete information dynamic network attack and defense game is considered, and compared with other similar models, the method is more suitable for actual attack and defense scenes;
(2) For a full information dynamic game, consider the uncertainty of the defender type; aiming at incomplete information static game, the method also considers the asynchronism of the behaviors of an attacker and an defender; particularly, on the basis of historical statistical data, dynamic information of an defender type which is vital to attack and defense game evolution and final refining of BNE is obtained by utilizing correction of the prior probability of the defender type;
(3) Because no limit of specific attack technology or strategy exists, the expandability and the universality of the method are superior to those of other similar models; meanwhile, the method converts the solution of the Nash problem into a return maximization (reward) problem, and regards the return maximization (reward) problem as an optimization problem in a game theory, so that a new thought is provided for solving the Nash problem from the optimization angle.
As described above, the present invention can be preferably implemented.
All of the features disclosed in all of the embodiments of this specification, or all of the steps in any method or process disclosed implicitly, except for the mutually exclusive features and/or steps, may be combined and/or expanded and substituted in any way.
The foregoing description of the preferred embodiment of the invention is not intended to limit the invention in any way, but rather to cover all modifications, equivalents, improvements and alternatives falling within the spirit and principles of the invention.
Claims (10)
1. A method for solving network attack and defense game refining BNE is characterized in that in the process of quantifying network attack and defense game, perfect Nash equilibrium of sub-games of complete information dynamic game and Bayesian Nash equilibrium of incomplete information static game are combined, and the situation of role exchange is considered, so that the solution of refining BNE problem is converted into the solution of benefit maximization problem; wherein role interchange refers to an attacker becoming a defender, or a defender becoming an attacker.
2. The method for solving network attack and defense game refining BNE according to claim 1, comprising the following steps:
s1, haisani conversion: converting the incomplete information dynamic game into a complete and imperfect information dynamic game, adding persons in the bureau except the attacking and defending parties, establishing different types for the attacking party and the defending party, and giving a probability distribution to each type of the persons in the bureau;
s2, defining scene probability: defining edge probability and conditional probability in the attack and defense scene of the incomplete information dynamic game network, wherein the specific definition method is as follows: edge probability p (a) defining human selection actions in office ih ) Further, conditional probability p (theta) in the attack and defense scene of the incomplete information dynamic game network is defined based on Bayesian law ik |a ih ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein i represents the number of persons in the office, h represents the number of possible actions of the persons in the office, K represents the number of possible types of the persons in the office, K is 1.ltoreq.k.ltoreq.k, K represents the number of possible types of the persons in the office, a ih Representing a certain action of person i in office, θ ik Representing a certain type of person i in the office, p (a ih ) Representing person i in office to select a ih Edge probability, p (θ) ik |a ih ) Representing a given a ih In case i belongs to the type theta ik Probability of (2);
s3, condition and hypothesis definition: giving the definition of conditions and assumptions of the incomplete information dynamic game refined BNE;
s4, revenue quantization definition: for the situation of role exchange of an attacker and an defender, quantifying the benefits of the attacker or defender in the whole attack and defense game process into the sum of the benefits of different role exchange stages; wherein the number of character exchange stages is denoted as L;
s5, defining incomplete information dynamic game refining BNE: and according to the scene probability definition of the step S2, the condition and assumption definition of the step S3 and the income quantization definition of the step S4, the definition of the incomplete information dynamic game refining BNE is given.
3. The method for solving network offence and defense gaming refined BNE of claim 2, wherein in step S2,
wherein ,p(aih |θ ik ) Indicating that i is of type theta ik In case of i select a ih Conditional probability of p (θ) ik ) Indicating that i is of type theta ik Is a priori probability of (c).
4. The method for solving network offence and defense gaming refined BNE of claim 3, wherein in step S2,
the types of people in the office are distributed independently;
i belongs to the type theta ik Is the prior probability of (2)
i belongs to the type theta ik And i selects a ih The conditional probability of (2) is
5. The method for solving network attack and defense game refining BNE according to claim 4, wherein in step S3, the condition of the incomplete information dynamic game refining BNE comprises:
(1) On each information set, the decision maker must have a probability distribution defined over all decision junctions belonging to the information set;
(2) Given the probability distribution over the information set and the subsequent policies of other persons in the office, the actions of the persons in the office must be optimal;
(3) The benefits of the attacker or defender in different character stages are independent;
(4) The posterior probability of each office person is modified according to Bayesian law and equalization strategy.
6. The method for solving network offensive and defensive gaming refined BNE of claim 5, wherein the condition of incomplete information dynamic gaming refined BNE comprises:
there are n players participating in game, and the type of player i in the game is theta i ∈Θ i; wherein ,θi Is private information Θ i Is the type space of person i in the office;
p(θ -i |θ i ) Is of the type theta i Person i in office of (a) thinks that other n-1 persons in office are of type theta -i =(θ 1 ,...,θ i-1 ,θ i+1 ,...,θ n ) Is a priori probability of (2);
S i (θ i ) Is of the type theta i Policy set for person i in office; wherein s is i ∈S i (θ i ) Is a specific strategy adopted by the person i in the office;
a -ih =(a 1h ,...,a (i-1)h ,a (i+1)h ,...a nh ) The method comprises the following steps: in the h th A personal information set, wherein the action set of other n-1 persons in the office observed by the person i in the office; a, a -ih Belongs to policy set S -i =(S 1 ,...,S i-1 ,S i+1 ,...,S n ) Part of a), a -ih From S -i A predetermined action;
the method comprises the following steps: person i in office is observing action a -ih Then, other n-1 persons are considered to be of type theta -i Posterior probability of>
u i (S i ,S -i ,θ i ) Is the payment function of person i in the office.
7. The method for solving network attack and defense game refining BNE according to claim 6, wherein in step S5, the definition of the incomplete information dynamic game refining BNE is:
refining BNE is an optimal strategy setAnd a posterior probabilityIs a combination of (a); wherein (1)>Representing the optimal strategy for person 1 in the office, respectively, & gt, person n in the office>The posterior probabilities of the persons n in the office are shown respectively.
8. The method for solving network attack and defense game refining BNEs according to claim 7, wherein the definition of the incomplete information dynamic game refining BNEs satisfies the following conditions:
refining conditions:
for each office person i and each information set h:
wherein ,representing a specific optimal strategy for person i in the office, < +.>Representing an optimal policy set of persons in other offices except the person i in the office; wherein, the specific optimal strategy of the person i in the office refers to: taking into account the type of person i in the office and the set of optimal policies of the other persons in the office, the person i in the office adopts a certain optimal policy.
9. A method of solving network offender gaming refined BNE as claimed in claim 7 or 8, wherein the definition of incomplete information dynamic game refined BNE satisfies the following condition:
belief conditions:
from the Bayesian law, the prior probability p i (θ -i |a -ih ) Observed a -ih Optimal strategyObtain->
10. A system for solving network attack and defense game refining BNE, characterized by implementing a method for solving network attack and defense game refining BNE according to any of claims 1 to 9, comprising the following modules:
the sea sagnac conversion module: the method is used for converting the incomplete information dynamic game into the complete and imperfect information dynamic game, adding persons in the bureau except the attack and defense parties, establishing different types for the attack party and the defense party, and giving a probability distribution to each type of the persons in the bureau;
scene probability definition module: the method is used for defining the edge probability and the conditional probability in the attack and defense scene of the incomplete information dynamic game network, and specifically comprises the following steps: edge probability p (a) defining human selection actions in office ih ) Further, conditional probability p (theta) in the attack and defense scene of the incomplete information dynamic game network is defined based on Bayesian law ik |a ih ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein i represents the number of persons in the office, h represents the number of possible actions of the persons in the office, K represents the number of possible types of the persons in the office, K is 1.ltoreq.k.ltoreq.k, K represents the number of possible types of the persons in the office, a ih Representing a certain action of person i in office, θ ik Representing a certain type of person i in the office, p (a ih ) Representing person i in office to select a ih Edge probability, p (θ) ik |a ih ) Representing a given a ih In case i belongs to the type theta ik Probability of (2);
condition and hypothesis definition module: the method is used for providing the definition of conditions and assumptions of the incomplete information dynamic game refined BNE;
the profit quantization definition module: for the situation of role exchange of the attacker and the defender, the profit of the attacker or defender in the whole attack and defense game process is quantized into the sum of the profits of different role exchange stages; wherein the number of character exchange stages is denoted as L;
incomplete information dynamic game refining BNE definition module: the method comprises the steps of providing definition of incomplete information dynamic game refining BNE according to scene probability definition and condition output by a scene probability definition module, condition and assumption definition output by a assumption definition module and gain quantization definition output by a gain quantization definition module;
the output end of the Haisani conversion module is respectively connected with the input end of the scene probability definition module, the input end of the condition and assumption definition module and the input end of the benefit quantization definition module, and the output end of the scene probability definition module, the output end of the condition and assumption definition module and the output end of the benefit quantization definition module are respectively connected with the input end of the incomplete information dynamic game refining BNE definition module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310505035.XA CN116579430A (en) | 2023-05-06 | 2023-05-06 | Method and system for solving network attack and defense game refining BNE |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310505035.XA CN116579430A (en) | 2023-05-06 | 2023-05-06 | Method and system for solving network attack and defense game refining BNE |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116579430A true CN116579430A (en) | 2023-08-11 |
Family
ID=87544706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310505035.XA Pending CN116579430A (en) | 2023-05-06 | 2023-05-06 | Method and system for solving network attack and defense game refining BNE |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116579430A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118101353A (en) * | 2024-04-29 | 2024-05-28 | 广州大学 | Port anti-detection optimal response strategy selection method based on multi-round game |
-
2023
- 2023-05-06 CN CN202310505035.XA patent/CN116579430A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118101353A (en) * | 2024-04-29 | 2024-05-28 | 广州大学 | Port anti-detection optimal response strategy selection method based on multi-round game |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107135224B (en) | Network defense strategy selection method and device based on Markov evolution game | |
| CN108833402B (en) | Network optimal defense strategy selection method and device based on limited theory game theory | |
| CN107566387B (en) | Network defense action decision method based on attack and defense evolution game analysis | |
| CN110460572B (en) | Mobile target defense strategy selection method and equipment based on Markov signal game | |
| Guo et al. | Adversarial policy learning in two-player competitive games | |
| CN109714364A (en) | A kind of network security defence method based on Bayes's improved model | |
| CN107070956A (en) | APT Attack Prediction methods based on dynamic bayesian game | |
| CN108898010A (en) | A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending | |
| CN111064702B (en) | Active defense strategy selection method and device based on bidirectional signal game | |
| CN116579430A (en) | Method and system for solving network attack and defense game refining BNE | |
| CN115348064A (en) | Power distribution network defense strategy design method based on dynamic game under network attack | |
| CN111905377A (en) | Data processing method, device, equipment and storage medium | |
| You et al. | A kind of network security behavior model based on game theory | |
| CN114024738A (en) | Network defense method based on multi-stage attack and defense signals | |
| Meng et al. | A cluster UAV inspired honeycomb defense system to confront military IoT: A dynamic game approach | |
| CN115328189A (en) | Multi-unmanned aerial vehicle cooperative game decision method and system | |
| Sun et al. | Selection of optimal strategy for moving target defense based on signal game | |
| Guan et al. | A Bayesian Improved Defense Model for Deceptive Attack in Honeypot-Enabled Networks | |
| CN114666107A (en) | Advanced persistent threat defense method in mobile fog computing | |
| Liu et al. | MIA-FedDL: A Membership Inference Attack against Federated Distillation Learning | |
| de Nobrega | Cyber defensive capacity and capability:: A perspective from the financial sector of a small state | |
| Amadi et al. | Game Theory Application in Cyber Security; A | |
| Chindrus et al. | Development and testing of a core system for red and blue scenario in cyber security incidents | |
| Koutiva et al. | An Agent-Based Modelling approach to assess risk in Cyber-Physical Systems (CPS) | |
| CN115619607B (en) | Multi-stage resource attack and defense allocation method and system based on reinforcement learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |