引用本文
  • 王震,段晨健,吴铤,郭云川,王竹,李凤华.基于Stackelberg攻防博弈的网络系统安全控制机制优化研究[J].信息安全学报,2019,4(1):101-115    [点击复制]
  • WANG Zhen,DUAN Chenjian,WU Ting,GUO Yunchuan,WANG Zhu,LI Fenghua.Research on Optimizing Security Control Mechanism of Networked System Based on Stackelberg Defender-Attacker Game[J].Journal of Cyber Security,2019,4(1):101-115   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 3435次   下载 2956 本文二维码信息
码上扫一扫!
基于Stackelberg攻防博弈的网络系统安全控制机制优化研究
王震1,2, 段晨健2, 吴铤2, 郭云川1, 王竹1,3, 李凤华1,3
0
(1.中国科学院信息工程研究所 北京 中国 100093;2.杭州电子科技大学网络空间安全学院 杭州 中国 310018;3.中国科学院大学网络空间安全学院 北京 中国 100049)
摘要:
企业级网络中存在的漏洞日益增多,给公司网络系统安全控制机制的优化选择带来了巨大挑战。本文通过对企业网络中漏洞之间的复杂依赖关系进行建模,构建了漏洞依赖图,并在此基础上建立了Stackelberg攻防博弈模型。同时考虑到传统求解方法无法求解实际的问题规模,引入双模块算法。实验结果表明,本文提出的模型和方法是可行的、高效的。
关键词:  漏洞依赖图  Stackelberg博弈  安全控制机制  双模块算法
DOI:10.19363/J.cnki.cn10-1380/tn.2019.01.09
投稿时间:2018-09-30修订日期:2018-11-24
基金项目:本课题得到国家重点研发计划基金资助项目(No.2016YFB0800700)和国家自然科学基金项目(No.61872120,No.61672515)的资助
Research on Optimizing Security Control Mechanism of Networked System Based on Stackelberg Defender-Attacker Game
WANG Zhen1,2, DUAN Chenjian2, WU Ting2, GUO Yunchuan1, WANG Zhu1,3, LI Fenghua1,3
(1.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, China;3.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
The increasing number of vulnerabilities in enterprise-level networks poses a huge challenge to the optimal selection of corporate network system security control mechanisms. This paper models the complex dependencies between the vulnerabilities in these networks by building a Vulnerability Dependency Graph, and model the Stackelberg game on it. At the same time, considering the traditional solution method cannot solve the actual problem scale, a Double Oracle algorithm is introduced. The results show that the proposed model and method are feasible and efficient
Key words:  vulnerability dpendency graphs  stackelberg game  security control mechanism  double oracle algorithm