Research On Network Security Situational Awareness Based On Attack And Defense Game

With the rapid development of Internet, people's lives become more convenient. However, the deteriorating network environment makes network security problems become greatly serious. The traditional network security technology is unable to meet the demands for people to the network security. In order to adapt the preventive measures timely for occurrence of a serious threat, a new technology is urgently needed to master facing the network system security status and development trend. The network security situation awareness(NSSA) technology gradually becomes a research topic of current research in the field of network security, which plays an important role in intrusion detection, attack position, predicting network development trend and improving the security of the network. Network security is a kind of two-player game problem, which is the process of constant confrontation between "attacker" and "defender". In the process of studying, the idea of game theory is applied to network attack and defense. A frame work of NSSA based on game theory is proposed by combining the characteristics of network structure. The main research content has the following several points.Firstly, a framework of NSSA based on game theory is proposed. It is according to the existing problems of traditional network security technology and the factors about the correctness and effectiveness of the situation awareness. The framework is classified several aspects from the bottom to top, including the network environment, situation index e xtraction and quantitation, situation assessment game analysis, situation visualization and resource management, process control and optimization and so on. Especially, situation index and situation evaluation game analysis are described in detail. The established NSSA framework lays foundation for further research of situation awareness.Secondly, a hierarchical network security situation index system(HNSSIS) is constructed according to certain rules and the construction idea are needed for obtaining the network security situation indexes. HNSSIS is starting from three layers including the service layer, host layer and network layer. In view of the traditional analytic hierarchy process analysis method has some disadvantages of strong subjectivity to quantify situation index, the improved fuzzy analytic hierarchy process analysis method is adopted to quantify situation indexes in HNSSIS. Then, experiments are carried out to analysis and show that the network security status can be reflected effectively and reasonably by the proposed HNSSIS. It provides effective basis for the next situation assessment of network attacker and defender.Thirdly, according to traditional network security situation awareness methods have only considered the problems from a single point of view for perceiving the network system. A two-player, non-cooperation game model is proposed and their payoff functions are defined. Based on the model, the corresponding defense strategy search algorithm is adopted and it's flow chart is designed. A new method is provided for real-time, scientific and intuitive reflection of network security situation. Payoff functions of network attacker and defender are analyzed, the Nash Equilibrium point is found and the best protection measures against the attacker are searched by using the method. Through the experiment, the whole security network situation status is obtained, so as to the feasibility and effectiveness of the method is verified. It provides a certain referential significance for the future research on the new model and algorithm.