| 摘要: |
| 企业级网络中存在的漏洞日益增多,给公司网络系统安全控制机制的优化选择带来了巨大挑战。本文通过对企业网络中漏洞之间的复杂依赖关系进行建模,构建了漏洞依赖图,并在此基础上建立了Stackelberg攻防博弈模型。同时考虑到传统求解方法无法求解实际的问题规模,引入双模块算法。实验结果表明,本文提出的模型和方法是可行的、高效的。 |
| 关键词: 漏洞依赖图 Stackelberg博弈 安全控制机制 双模块算法 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2019.01.09 |
| 投稿时间:2018-09-30修订日期:2018-11-24 |
| 基金项目:本课题得到国家重点研发计划基金资助项目(No.2016YFB0800700)和国家自然科学基金项目(No.61872120,No.61672515)的资助 |
|
| Research on Optimizing Security Control Mechanism of Networked System Based on Stackelberg Defender-Attacker Game |
| WANG Zhen,DUAN Chenjian,WU Ting,GUO Yunchuan,WANG Zhu,LI Fenghua |
| Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
| Abstract: |
| The increasing number of vulnerabilities in enterprise-level networks poses a huge challenge to the optimal selection of corporate network system security control mechanisms. This paper models the complex dependencies between the vulnerabilities in these networks by building a Vulnerability Dependency Graph, and model the Stackelberg game on it. At the same time, considering the traditional solution method cannot solve the actual problem scale, a Double Oracle algorithm is introduced. The results show that the proposed model and method are feasible and efficient |
| Key words: vulnerability dpendency graphs stackelberg game security control mechanism double oracle algorithm |
