Research On Network Security Threat Early Warning And Defense Decision-making Method Based On Differential Game Model

With the rapid development of network technology and the increasing enrichment of service functions,network systems have become the infrastructure for maintaining the efficient operation of social life.At the same time,it is accompanied by the emergence of cyberspace security incidents.Facing network security challenges,we need to enhance network defense capabilities and to ensure the safety of cyberspace.Therefore,it is urgent for the security threat early warning and defense decision-making methods,which meet the actual attack and defense scenarios.Because the differential game theory is highly consistent with the actual network attack-defense characteristics,we studies the cybersecurity threat early warning and defense decision-making problems based on differential game theory.Then from the perspectives of dynamic and real-time confrontation in actual network incidents,the differential game models are constructed and the phased warning,procedural warning,and real-time defense decision-making methods are designed.The main work includes the following aspects:1.For the continuous confrontation in the network attack and defense scenario,we analyze the basic components of threat early warning and defense decision-making process based on differential game model.Then,by introducing the integrated design of security threat early warning and defense decision-making,we propose integrated framework of network security threat early warning and defense decision-making.Additionally we portray the overall structure,process mechanism and key technologies of threat early warning and defense decision-making.By the mentioned above,we can improve the linkage and integrity between threat early warning and defense decision-making,which enhances the overall effectiveness of network security protection and provides theoretical support for the research of early warning and decision-making methods.2.For the phased threat early warning problem,because the existing game model can not analyze the continuous attack-defense behaviors,we propose the cybersecurity threat early warning method based on the qualitative differential game model.Firstly,the network area is divided according to the network topology and function differences.Then we analyze the threat propagation process referring to the epidemic model.Based on the mentioned above,we construct the network attack-defense game model based on the qualitative differential game theory,by which we can predict the evolution of the network security state.Based on the model,the qualitative differential game solution method is designed to construct the attack-defense barrier and divide the capture area.Furthermore,we introduce multidimensional Euclidean distance to evaluate the threat severity in different security states and design the phased warning algorithm,which has better accuracy and timeliness.3.For the procedural threat early warning problem,because the existing threat analysis methods have disadvantage in objectivity and timeliness,we propose cybersecurity threat early warning method combining qualitative differential game and evolutionary game.Firstly,based on the qualitative differential game model of the phased threat early warning method,we can use the attack-defense barrier as the metric for security threat.At the same time,from the perspective of the bounded rationality,we construct the attack and defense model based on the evolutionary game.Furthermore,based on the analysis of the game equilibrium,we predict the actual evolutionary trajectory of the network security state.By the combination of these models,we can analyze the dynamic trend of the network security threat based on the multi-dimensional spatial distance between the evolutionary trajectory and the attack-defense barrier.Finally,the cyber security threat procedural early warning algorithm is designed,which makes the early warning model and method have better timeliness,objectivity and practical value.4.For the network security real-time defense decision-making problem,we propose a network defense decision-making method based on Markov differential game model.Considering that the actual network state is easily affected by random interference under long-term confrontation,we transform the network confrontation in a certain period of time into a continuous multi-stage attack and defense process with short durations in each stage.Then the Markov differential game model is constructed to analyze the attack-defense behaviors.We use the Markov stochastic process to describe the random jump of the network system state between each stage,and use the quantitative differential game theory to analyze the continuous confrontation process in each stage.Furthermore we introduce the time discount factor to calculate the strategy total payoffs,and design the optimal defense strategy selection algorithm based on Markov differential game,which can provide guidance for real-time defense decision-making of network security.