【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 7508次   下载 8124 本文二维码信息
码上扫一扫!
基于Stackelberg攻防博弈的网络系统安全控制机制优化研究
王震,段晨健,吴铤,郭云川,王竹,李凤华
分享到: 微信 更多
(中国科学院信息工程研究所 北京 中国 100093;杭州电子科技大学网络空间安全学院 杭州 中国 310018;中国科学院信息工程研究所 北京 中国 100093;中国科学院大学网络空间安全学院 北京 中国 100049)
摘要:
企业级网络中存在的漏洞日益增多,给公司网络系统安全控制机制的优化选择带来了巨大挑战。本文通过对企业网络中漏洞之间的复杂依赖关系进行建模,构建了漏洞依赖图,并在此基础上建立了Stackelberg攻防博弈模型。同时考虑到传统求解方法无法求解实际的问题规模,引入双模块算法。实验结果表明,本文提出的模型和方法是可行的、高效的。
关键词:  漏洞依赖图  Stackelberg博弈  安全控制机制  双模块算法
DOI:10.19363/J.cnki.cn10-1380/tn.2019.01.09
Received:September 30, 2018Revised:November 24, 2018
基金项目:本课题得到国家重点研发计划基金资助项目(No.2016YFB0800700)和国家自然科学基金项目(No.61872120,No.61672515)的资助
Research on Optimizing Security Control Mechanism of Networked System Based on Stackelberg Defender-Attacker Game
WANG Zhen,DUAN Chenjian,WU Ting,GUO Yunchuan,WANG Zhu,LI Fenghua
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
The increasing number of vulnerabilities in enterprise-level networks poses a huge challenge to the optimal selection of corporate network system security control mechanisms. This paper models the complex dependencies between the vulnerabilities in these networks by building a Vulnerability Dependency Graph, and model the Stackelberg game on it. At the same time, considering the traditional solution method cannot solve the actual problem scale, a Double Oracle algorithm is introduced. The results show that the proposed model and method are feasible and efficient
Key words:  vulnerability dpendency graphs  stackelberg game  security control mechanism  double oracle algorithm