Research On The Decision-making Methods Of Moving Target Defense Based On Game Theory

The network information system has become the critical infrastructure for the effective operation of social production and life.The real-time interaction of the network information system provides convenient communication services for network users.In fact,the intensity of cyberspace confrontation is increasing,which causes more threats and challenges to the security defense of the network information system.The vulnerability attack surface of the network information system is the common control target of both attackers and defenders.On the one hand,the attackers need to use the vulnerability attack surface of the network information system to launch an attack to destroy the data and assets of the network system.On the other hand,the defenders need to identify and reduce the vulnerability attack surface of network information systems depending on the premise,which ensures the availability of network information systems.At present,cyberspace security faces an asymmetrical situation of “easy to attack but hard to defend”,and network security defense is at the disadvantage of “passive beating”.As an emerging and highly subversive defense method,moving target defense(MTD)has the ability and superiority to break through the asymmetric attack-defense situation.MTD continuously changes the vulnerability attack surface of network information system through the dynamic configuration of network system,which could increase the elasticity and unpredictability of network information system and provide initiative for network defense.Improving the effectiveness of network security defense requires both advanced and practical defense technologies,and scientific and effective decision-making methods.According to the complex and changeable network attack-defense process,the automatic,accurate,and effective selection of the optimal strategy is a hot and challenging issue in the current MTD research field.The essence of network security lies in the confrontation between attack and defense.Game theory is a mathematical tool to solve the problem of strategy selection in a competitive environment.It provides strong theoretical support for the analysis of network attack-defense behavior and decision-making research,and can significantly improve the decision-making ability of MTD.According to the typical MTD attack-defense confrontation process,this dissertation continuously evolves from complete rationality to bounded rationality.From the perspectives of temporal strategy,spatial strategy,and rational decision-making ability,different MTD decisionmaking methods are studied based on game theory classification.Starting from four different dimensions of spatial,temporal,temporospatial,and bounded rationality,five different game models are introduced,including Markov game,robust game,Flip It game,differential game,and evolutionary game.The main work includes the following aspects:1.To solve the problem that the existing MTD game model is difficult to model the continuous dynamic characteristics of network attack-defense confrontation effectively,obtain the transition probability,and easy to fail,the chapter innovatively proposes an MTD complete information spatial strategy decision-making method based on Markov game called MG-MTD,and an MTD incomplete information spatial strategy decision-making method based on Markov robust game called MRG-MTD.Firstly,from the perspective of attack-defense information,the attack-defense behaviors are studied,which expands the static analysis in the traditional game to a continuous dynamic process.This chapter constructs an MTD complete information spatial strategy decisionmaking model based on the Markov game.On the one hand,the single-stage MTD attack-defense confrontation process is described.On the other hand,the randomness of the multi-stage MTD state transition is characterized by the Markov decision process.Secondly,the MTD incomplete information spatial strategy decision-making model based on the Markov robust game is constructed,and the multi-stage and multi-state features of the MTD confrontation are described.Combining Markov decision process with robust game theory to account for unknown prior information in incomplete information assumptions.On this basis,the game equilibrium strategies of MG-MTD and MRG-MTD are analyzed and solved.An effective MTD complete information and incomplete information spatial strategy decision-making algorithm are designed,respectively.Finally,the validity of the proposed models,and the accuracy and performance of the MTD spatial strategy decision-making algorithms are verified by application examples.2.Aiming at the problem that the existing MTD game model is difficult to effectively construct a temporal strategy decision-making model,an MTD temporal strategy decision-making method based on the Flip It game called FG-MTD is researched and built.At first,starting from the stealth confrontation between the actual attack and defense sides,the existing attack-defense process is abstractly described,the APT attack process based on the Cyber Kill Chain(CKC)is analyzed,the MTD network attack surface state transition model based on the susceptible–infective–recuperative–malfunctioned(SRIM)infectious disease extension model is defined.The MTD temporal strategy decision-making model based Flip It game is defined.Then,the Nash equilibrium strategy of the proposed FG-MTD method is analyzed,and the optimal MTD temporal strategy decision-making algorithm is designed to provide theoretical support under moderate security.At last,the application example is used to verify the scientificity of the FG-MTD model and method.Based on the numerical analysis,the temporal strategies of different types of attack-defense are summarized.3.Focused on the problem that the existing MTD game model is difficult to describe the stealth temporospatial characteristics of MTD attack-defense effectively,an innovative MTD temporospatial strategy decision-making method based on the differential game called DG-MTD is proposed.Firstly,based on the dynamic temporospatial confrontation characteristics of the network attack-defense process,the chapter proposes an improved moving target defense model based on the multidimensional transition of exploration-attack-detection surfaces,analyzes the characteristics of attack-defense games for MTD and temporospatial strategies,and describes the characteristics of temporospatial continuous interaction accurately and effectively.Next,the chapter uses the differential game to analyze continuous network attack-defense processes to build an MTD temporospatial decision-making model.The chapter quantifies the attacker’s and defender’s payoffs,designs a saddle-point strategy solution,and develops an optimal temporospatial defense strategy selection algorithm.Finally,the chapter uses application examples and numerical analysis results to show that the DG-MTD model and algorithm are accurate and effective.4.In order to solve the problem that the existing MTD game model is difficult to apply the noncomplete rational attack-defense process effectively,the chapter researches and constructs a bounded rational strategy decision-making method based on the evolutionary game called EGMTD.Starting from the imperfect rationality of attack-defense behaviors,firstly,an MTD bounded rational strategy decision-making model based on the evolutionary game is constructed,and rational parameters are introduced to describe the strategy learning capabilities of both the attacker and the defender.Then,the optimal MTD bounded rational strategy is obtained by solving the evolutionary stable equilibrium.And the evolution trajectories of the offensive and defensive strategies are depicted through numerical experiments.Finally,the application example of the medical information network system shows that EG-MTD could select appropriate MTD strategy in different states along different attack paths,and the route hopping decision example based on EG-MTD can effectively select the optimal hopping path.In addition,compared with no route hopping strategy,fixed periodic route hopping strategy,and random periodic route hopping strategy,the route hopping strategy based on EG-MTD increases defense payoffs by 58.7%,27.6%,and 24.6%,respectively.This method has reasonable practicability and application value.The research results of this dissertation solve the MTD decision-making problem in dynamic,hidden,time-varying,and complex network environments.It provides theoretical support,model guidance,and method guarantee for MTD decision-making research.It is helpful for security managers to timely and scientifically implement network defense actions and control the network security situation.