Research Of Network Attack And Defense Game Modeling And Effectiveness Evaluation With Incomplete Information

Network attack and defense game modeling can provide data support for confrontation plan and effectiveness analyses,so that the analysis results are more convincing and the results have a higher degree of confidence.In addition,it is the solution to the deduction of confrontation strategies with incomplete information as well as the key for the attack and defense sides concerning strategy generation,evaluation,and practice,action planning,and decision-making.Simultaneously,it is also the core basic technology for the evolvement of attack and defense confrontation training simulation and the construction of network cooperative confrontation alongside the basic and common technology of network attack and defense confrontation.Especially,for the modeling and analysis problems during the initial and dynamic competition phases of network attack and defense,this thesis explores to model and analyze the network attack and defense game based on the mathematic theory of “strategy game” with incomplete information.A Bayesian Nash equilibrium(BNE)based network attack and defense static game model,a perfect BNE based network attack and defense dynamic game model,and a network attack and defense effectiveness evaluation model are proposed in this thesis.In-depth analyses of model balance,optimization strategy selection,profit function,and actual cases of network attack and defense are implemented to verify the feasibility and efficacy of the proposed models.The major research contents and contributions of this paper include the following aspects:Firstly,for the initial phase of practical network attack and defense,both attack and defense parties lack information about each other’s basic capabilities,and there is no historical confrontation experience to follow.Therefore,when lacking information concerning the types of decision-making risks for both attack and defense parties,it is difficult for traditional static game models to model the decision-making gains of both sides with incomplete information.To realize the network attack and defense game modeling and strategy analyses in this initial stage,this thesis utilizes incomplete information game and Harsanyi transformation to construct a network attack and defense static game model based on BNE.Moreover,the existence theorem of equilibrium and the engineering mathematics method to solve the BNE are furnished;the profit function model under different game scenarios is presented;the static game method of attack and defense with incomplete information based on risk aversion as well as the relationship between the optimal strategy portfolio and risk probability are derived in this thesis.In addition,on the basis of practical attack and defense cases,this thesis analyzes and quantitatively derives static non-cooperative games,and applies the BNE network attack and defense theory and implementation methods to the solution of the equilibrium strategy of both sides and to the calculation of profit matrix in engineering practice analyses.Finally,the feasibility and effectiveness of the network attack and defense static game model based on BNE and its solution method are verified.Secondly,for the dynamic competition phase of practical network attack and defense,that is,the attacker continues to sniff the target,and dynamically change the attack strategy according to the damage effect,while the defender adjusts the defense strategy in real time accordingly to deal with the attack challenge.That makes traditional dynamic game invalid to sufficiently describe the practical network attack and defense scenarios,thus leading to inability for fitting the complex and sophisticated practical network attack and defense evolution.To model the evolution of the strategy of both parties in the network attack and defense game,this thesis analyzes the integration of complete information dynamic game,sub-game perfect Nash equilibrium,and incomplete information static game BNE,and introduces the “role-shift” in the practical network attack and defense process.Further,a generic model of dynamic network attack and defense game with incomplete information based on extended description is proposed,accompanying the expression method and solution steps of refined BNE in the game model.Besides,the transfer definition of a signal transmission game with specific values is conducted to display the feasibility of the proposed model from a theoretical point of view.At the same time,via a real penetration test case,various parameters in the attack and defense process being quantitatively described,the proposed model is utilized to derive the optimal attack strategy,which further manifests the effectiveness of the proposed model from a practical perspective.Thirdly,traditional network attack and defense effectiveness evaluation often evaluates attack or defense effects based on partial attack and defense effectiveness index.So that it is difficult to reflect the dynamic changes of security risk probability of the target network system before and after the game.Furthermore,it may yield deviations concerning the effect analyses on the overall performance of the target network system in the effectiveness evaluation results of the attack and defense game,after the strategy combination of both parties is implemented.This thesis proposes a network attack and defense effectiveness evaluation model based on entropy function and Dematel method,respectively: 1)Taking the risk probability of target network system as the basic parameter,utilize the concept of “entropy” in information theory to calculate the “risk entropy” and “security entropy” of the target network system.Then a network attack and defense effectiveness evaluation model is constructed based on entropy function via comparing the changes in the “entropy value” of the target network system before and after attack and defense to achieve quantitative evaluation of attack and defense effects;2)Taking the strategy combination of attack and defense as the basic parameters,the analyses concerning causal relationship between attack and defense strategies are implemented through the theoretical idea of the “decision experiment and experimental evaluation method”,i.e.,the Dematel method,and the construction of a “expert knowledge” matrix.Meanwhile,the direct and indirect impact about the attack and defense strategy combination on the target network system is calculated to realize the qualitative analysis of the attack and defense effects.This thesis applies the fundamental thought and methods of non-cooperative game theory to analyze and investigate the attack and defense confrontation issue of the target network system.Through integrating qualitative analysis,quantitative analysis,and practical verification,a series of innovative research results are obtained in this thesis,which are of certain theoretical reference significance and practical application value for further in-depth research and engineering practice application of network attack and defense theory.