Research On Game Modeling And Analysis Of Honeypot Against Cyber Attacks In Industrial Internet

The industrial internet is a new network architecture combining traditional industrial control systems with computer networks.Although the industrial internet has greatly improved the collaborative capabilities and operational efficiency of traditional industrial control systems,it has also brought about growing cybersecurity issues.Advanced Persistent Threats(APT)with high stealth and strong destructive power is one of the main security threats of the current industrial internet.APT is a compound network attack carefully designed for the characteristics of a specific target network or system,which can continuously adapt to changes in defense tools and continuously chase the target.Therefore,research on detection and defense technologies for APT attacks is of great significance.Intrusion detection system and intrusion prevention system are the main defense tools against APT attacks in the industrial internet.The former is to detect and identify threats that have not entered the industrial internet,while the latter is to scan and isolate attacks that have already entered the industrial internet.Honeypot,as an active defense tool,has become an important security supplement against APT in the industrial internet.Honeypots are used to capture and analyze APT by deploying hardware and software security resources without practical equipment to lure attackers into using them.This dissertation studies the security strategy selection for honeypots against APT in the industrial internet through game theory.In this dissertation,the APT attack process is divided into APT invasion stage and latent destruction stage respectively.From the perspective of honeypot types,automated honeypots and semi-automated honeypots are considered according to whether there is human intervention or not,respectively.Therefore,the attack and defense game process is modeled under different APT stages and honeypot types,and then the optimal defense strategy is selected.In addition,the incentive mechanism of multi honeypot collaboration is discussed.The main contributions can be enumerated as follows:(1)A static offensive and defensive game model based on automated honeypots is proposed to overcome the problem of the information asymmetry between the APT attacker and honeypot defender in the APT intrusion stage.Incomplete information static game theory is used to analyze the strategy settings and utilities of honeypot defender and APT attacker,and Harsanyi transformation is used to transform incomplete information static game into imperfect static game.By analyzing the existence of Bayesian Nash equilibria,the defender can obtain the optimal defense strategy.In addition,the optimal allocation strategy of high-and lowinteraction automated honeypots under the deployment cost constraints is also studied.Simulation experiments show that the model can effectively improve the defense performance of automated honeypots in the APT intrusion stage.(2)A dynamic evolutionary game model based on automated honeypots is proposed for the continuous threat in the latent destruction stage after APT invading the automated honeypots.The model uses replication dynamics equations to describe the dynamic interaction process between attackers and defenders,analyzes the strategies and utilities of defenders and attackers,obtains the asymptotically stable strategies of defenders and attackers through the negative qualitative of the eigenvalues of the Jacobi matrix,and further obtains the evolutionary stable strategy(optimal defense strategy).Compared with the greedy strategy,simulation experiments show that this model can effectively improve the defense performance of automated honeypots in the latent destruction stage of APT.(3)A semi-automated honeypot static game model based on prospect theory for studying semi-automated honeypots against APT attacks is proposed in the APT intrusion stage.The model uses the value function and Prelec weighting function based on the prospect theory to describe the bounded rational behavior of the defender and the attacker in the APT intrusion stage,obtains the optimal defense strategy by analyzing the bounded rational Bayesian Nash equilibrium,and further analyzes the impact of the bounded rational factor on the utility as well as the strategy.The simulation results show that the model can effectively simulate the game process of both attackers and defenders under bounded rationality,achieve a balance between defending against APT intrusion attacks and ensuring utilities of industrial internet,and effectively improve the defense performace of semi-automated honeypots in APT intrusion stage.(4)A dynamic bounded rational evolutionary game model based on semi-automated honeypots for studying semi-automated honeypots against APT attacks is proposed in the APT latent destruction stage.The model obtains the bounded rational evolutionary stabilization strategy(optimal defense strategy)by analyzing the dynamic bounded rational interaction process between the defender and the attacker,and further analyzes the impact of the bounded rational factor on the utilities of the attacker and the defender.The simulation results show that the model can effectively simulate the dynamic game process between attackers and defenders under bounded rationality,which provides a feasible modeling method as well as theoretical support for the study of semi-automatic honeypots against APT attacks in industrial internet.(5)An incentive model of multi-honeypots cooperative defense based on contract theory is proposed.This model uses a self-revealing mechanism based on contract theory to make the industrial internet nodes honestly inform the central control node log data they have collected.Simulation results show that the model can effectively incentivize honeypots to share log data and improve the defensive performance in industrial internet.