The Configuration Optimization Strategy Of Enterprise's Information Systems Security Technology Based On Game Relationship

With the rapid development of network technology and the usage of information system wider and deeper,information system security has been one of the critical problem focused by information system researchers and practicers.Recently,with the rapid development of information system security technology,many enterprises have choose to combine and apply multiple technologies to build a defense-in-depth system.However,enterprise information system security management involves system users,hackers,security technology suppliers,security managers and other stakeholders.In the selection and configuration of enterprise information system security technology,it is necessary to consider not only the characteristics of information system security technology,the characteristics of security threat and the requirements of enterprise information system security,but also the characteristics and relationships of various subjects involved in security management.Therefore,this starts from the requirements of realizing the combination optimization of information system security technology and the coordination between information system security technology and personnel management,studies the selection and configuration strategy of enterprise information system security technology based on the game relationship between enterprises and users.First,the game model between enterprise and legal users is established to study the selection and configuration strategy of intrusion prevention system(IPS).The equilibrium strategies of IPS and intrusiotn detection system(IDS)are compared from three aspects(artificial investigation rate,the detection probability and the hacking probability of legal user),the changes of enterprise income after using IPS instead of IDS is analyzed,and the optimization of enterprise configuration strategy is discussed when the IPS is selected.Research show:(1)an IPS could hurt the enterprise when not configured optimally.(2)The optimal configuration of the IPS depends not only on the cost parameter but also on the external environment(quality of the IDS)in which the enterprise is operating.(3)Whether the IDS is in optimal configuration or not,the enterprise will make the same decision between using the IPS instead of the IPS and going on using the IDS.(d)The enterprise realizes a strictly nonnegative value if the enterprise configures the IPS optimally.Second,game model between enterprise and illegal user is established,and the optimal configuration strategies in enterprise's deception strategy is studied.On the one hand,the optimal configuration strategies of combination between IDS and honeypot is analyzed.Results show that when the detection probability of IDS is higher(lower),the deployment of IDS is good for Normal Service(Honeypot Service)but bad for Honeypot Service(Normal Service).On the other hand,protective coloration and warning coloration strategy in mimicry honeypot is compared and analyzed.The results show that:(1)Compared with warning coloration,both the optimal configuration probability of honeypot and the optimal attacking probability of illegal user are higher in protective coloration.(2)The mainly reason affecting illegal user's attacking probability is the disguise cost that is honeypot was disguised as normal service and normal service was disguised as honeypot in information systems.(3)Information system configured protective coloration or warning coloration is better than that configured both protective coloration and warning coloration.And the protective coloration(warning coloration)strategy is better strategy when the tricking ability(deterrent ability)is stronger than deterrent ability(tricking ability).Third,the game model between enterprise and legal user is established,and the impact of legal users' rights and reward and punishment mechanism on the configuration strategies of information system security technology is studied.On the one hand,taking IDS as an example,the impact of the legal users' rights on the configuration strategies of IDS is discussed.The results show that improving the legal users' rights can decrease the demand on the configuration of firm's IDS.And,enterprises need to increase the punishment for the attack while improving the legal users' rights.On the other hand,the impact of decision-understand-wrong between enterprise and legal user and enterprise's reward and punishment mechanism for legal users on the IDS configuration strategy are analyzed.The results show that reward mechanism can decrease the enterprise's actual probability of manual investigation,but can increase the legal user's actual probability of hacking if the cost of reward is more than the income of reward.Besides,decision-understand-wrong between enterprise and legal user can decrease legal user's hacking probability if the reward to legal user is high,that is decision-understand-wrong has a positive effect on the impact of high reward.However,it is opposite if the reward to legal user is low,that is decision-understand-wrong has a negative effect on the impact of low reward.Fourth,taking IDS and mimicry honeypot as example respectively,establishing a game model between enterprise and illegal user,the impact of enterprise and illegal user's risk preference on the selection and configuration of enterprise's information system security technology is studied.The results show that:(1)Enterprises can influence illegal users' judgment on enterprises' risk preference by releasing false information and other methods.(2)Enterprises can make a risk assessment for illegal user by analyzing IDS,honeypots and user logs,and evaluate the expected benefits of illegal users based on the value of information,so as to formulate a more reasonable artificial investigation strategy.(3)Enterprises can adjust the rate of honeypot configuration by analyzing illegal users' risk preference and attack cost,so as to further improve the tricking ability of pure protective coloration strategy and the deterrent ability of pure warning coloration strategy.At last,three cases which are closely related to this research are selected for practical application.This expounds the background of each case,anlayzes the information system security management problems faced by the case,and discusses the practical application of the research result of this research.