摘要: |
企业级网络中存在的漏洞日益增多,给公司网络系统安全控制机制的优化选择带来了巨大挑战。本文通过对企业网络中漏洞之间的复杂依赖关系进行建模,构建了漏洞依赖图,并在此基础上建立了Stackelberg攻防博弈模型。同时考虑到传统求解方法无法求解实际的问题规模,引入双模块算法。实验结果表明,本文提出的模型和方法是可行的、高效的。 |
关键词: 漏洞依赖图 Stackelberg博弈 安全控制机制 双模块算法 |
DOI:10.19363/J.cnki.cn10-1380/tn.2019.01.09 |
Received:September 30, 2018Revised:November 24, 2018 |
基金项目:本课题得到国家重点研发计划基金资助项目(No.2016YFB0800700)和国家自然科学基金项目(No.61872120,No.61672515)的资助 |
|
Research on Optimizing Security Control Mechanism of Networked System Based on Stackelberg Defender-Attacker Game |
WANG Zhen,DUAN Chenjian,WU Ting,GUO Yunchuan,WANG Zhu,LI Fenghua |
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
Abstract: |
The increasing number of vulnerabilities in enterprise-level networks poses a huge challenge to the optimal selection of corporate network system security control mechanisms. This paper models the complex dependencies between the vulnerabilities in these networks by building a Vulnerability Dependency Graph, and model the Stackelberg game on it. At the same time, considering the traditional solution method cannot solve the actual problem scale, a Double Oracle algorithm is introduced. The results show that the proposed model and method are feasible and efficient |
Key words: vulnerability dpendency graphs stackelberg game security control mechanism double oracle algorithm |