Research On Network Security Situation Based On Attack-defense Evolutionary Game

How to comprehensively measure the security status of the network,accurately analyze and predict the attack behavior,and when the threat comes,it is extremely urgent to provide a timely and effective response plan.Network Security Situation Awareness(NSSA)plays a very important role in intrusion detection,attack action locating,and prediction of the development trend of network security.Current researches have many problems.First of all,most of the researches focus on a single factor.Lack of analysis of attack and defense inner connection makes it hard to comprehensively evaluate security situation.Secondly,perfect rationality assumption is not what the situation in the real world.Technologies developed under this assumption cannot be applied in reality.Finally,it is difficult to assess the network conditions during the attack phase if only a single state of the network is considered in the assessment of security situation.Therefore,it is impossible to analyze the status of largescale complex networks from a macro perspective and to protect the security of the network system.To solve above problems,this paper aims at the limited rationality and the dynamic change process of attack-defense in the real network and presents a multi-state network security situation evaluation method.This method is a combination of evolutionary game theory and Q-learning algorithm.The innovations and main work of this article are as follows:(1)Based on the extraction of security attribute data in the network system,an improved network security measurement method is proposed.By comprehensively considering the system loss of each network state,the cost of attack and defense,and the introduction of defense reward,there is a more comprehensive measure of the attack strategies and defense strategies of the attack stage.(2)Based on the introduction of state transition costs,a Q-learning algorithm is used to study the state transition of the network.The Q-value matrix is adjusted in real time using the attack strategy in the current network to infer the state transition path of the network.It not only achieves multi-state dynamic analysis and deduction of network attack and defense but also mitigates the dependence of previous attack graph on the expert knowledge base.(3)Based on the confrontation relationship between attack and defense,this paper proposes a network security situation assessment algorithm based on an attack-defense evolutionary game(MADEG).The MADEG model was constructed and the method for solving multistate evolution stable equilibrium was proposed.This paper introduces the initial probability of evolution,constructs the dynamic equation of replication,and finds the best benefits and optimal strategies for both attack and defense under the strategy of evolutionary stability.From the perspective of the economic utility of both offensive and defensive,the assessment of the degree of harm suffered by multi-state networks is conducted.In addition,the evolutionary game takes into account the irrational behaviors of both attack and defense,and the evolutionary stabilization strategy obtained in the MADEG algorithm improves the disadvantages of the ambiguous strategies under the mixed strategy in the classical game.(4)This paper analyzes the network security status the entire attack through the MADEG algorithm and compares the network state transfer process obtained from the simulation of the Cisco simulation platform to verify the consistency of the state transition process.In addition,the security situation curve derived from the MADEG algorithm is fully characterized the security dynamics of the entire system.The effectiveness of the algorithm is verified,which helps network security administrators to formulate network security defense strategies based on the actual network value and existing status.