Research On Active Defense Based On Attack-Defense Game Model

The sophistication and automation of attacks poses a severe challenge to traditional protection methods. Depends on the firewall, intrusion detection and anti-virus software, the traditional security technologies are static and can only passively prevent, detect, and react to cyber attacks. In many cases is"too late"after very serious damage is caused. The traditional security technologies lack of initiative and ability to predict the attack. We must have the ability to transform passive to proactive cyber defense and harden the network, isolate, control, and defeat the attack will bebefore it causes deadly damage. As an effective defense means, proactive Defense Model and technology gaining more and more attention, have become a hot topic of research.Based on this background, we focus on better understanding the conflicts and contradictions between attack and defense. Using a mathematical model to describe the framework of information security against the nature of the problem, solve the attack prediction and optimal active defense strategy selection problem. The main research topics include the following aspects.Taxonomy of network attack and defense is an important network security research. Scientific and rational taxonomy has important reference value for effective defense in network security. To solve the problem that the existing attack taxonomy is arbitrary classification, does not meet the basic requirements of taxonomy and does not consider the characteristics of attack and defensive strategic interdependence. What's more, the size of the strategy space is directly related to the computational complexity of game model. This dissertation proposes a defense-oriented and multi-dimensional attack taxonomy method (DCMAT), using a variety of relevant attributes of attack and defense as classification. According to above attack taxonomy, a defense strategy taxonomy method is proposed. A model for quantify the cost of attack and defensive strategy is also proposed. Those models can be used for network security attack and defense modeling and optimal active defense policy-making system.Security analysis and attack-defense modeling are effective method to identify the vulnerabilities of information systems for proactive defense. The attack graph model reflects only attack actions and system state changes, without considering the perspective of the defenders. To assess the network information system and comprehensively show attack and defense strategies and theirs cost, a defense graph model is proposed. Compared with the attack graph, the model makes some improvements. Defense graph will be mapped to the attack and defense game model, in order to provide a basis for active defense policy decision. What's more, a generation algorithm of defense graph is proposed. A representative example is provided to illustrate our models and generation algorithm.Studying on the relation and essence of attack between defense, we find that theirs objectives are oppositional, strategies are interdependent and relationship is non-cooperative, which are the basic features of game theory. To describe the relationship between attack and defense and select defense strategies, the attack-defense game model is proposed. The attack-defense game model provides a new way of thinking for solving practical problems in information security. Defense graph model can be mapped to the attack-defense game model. An optimal network security hardening algorithm based on those models is proposed. Those models can automatically vulnerability assessment and harden network security. For the timely and effective active defense provided the guarantee.In this paper, the issue of optimal defense strategy selection is defined and formalized. The static attack-defense game model only finds the optimal strategy in a single state and does not consider dynamic change of states. A new attack-defense stochastic game model is proposed to describe the states dynamically change and address the issue of optimal defense strategy selection. We model attacker and defender as two players, non-cooperative stochastic game, and detailed describe the formal definition of the model and its component elements. An algorithm for defense strategy selection based on those models is proposed. A representative network example is provided to illustrate our models and demonstrate the efficacy of our models in the prediction of attack behaviors and decision of optimal defense strategies.