Research On Network Attack-defense Utility Based On Game Theory

The research on network system attack and defense has always been one of the key directions of network system security.The current research on network attack and defense utility is experiencing a transition from qualitative to quantitative.As one of the main tools for network attack and defense research,game theory can well describe the relationship between network attack and defense.However,there are still many deficiencies in the current research on network attack and defense utility measurement,including two aspects:(1)The attack and defense utility measurement index system is not comprehensive enough,and the related measures on active defense measures are insufficient.(2)There is no quantitative calculation formula that can measure the utility of network attack and defense under different network defense measures.Aiming at the above problems,this paper studies the threat intelligence sharing problem in active defense based on game theory,and proposes a benefit distribution mechanism in threat intelligence sharing based on the Shapley value and risk assessment.A stochastic game model of network attack and defense was established,and a calculation method of network attack and defense utility was proposed for the defense capabilities under different defense measures.The specific contributions of this article are as follows:1.The problem of threat intelligence sharing in active defense measures is studied,and a cooperative game model of cyber threat intelligence sharing is proposed.There is a trusted third-party service in this model,and the organizations that cooperate with each other share and obtain threat intelligence information through third parties.Considering that various organizations will bear different risks in threat intelligence sharing,the risk of threat intelligence sharing is evaluated by combining comprehensive fuzzy evaluation method and analytic hierarchy process.The concept of risk coefficient is proposed,and the cooperative game benefit distribution mechanism based on the Shapley value is improved,which makes the distribution of benefits more fair and reasonable,and encourages the organization's threat intelligence sharing behavior.Finally,the validity of the proposed model and benefit distribution mechanism was verified through a case.2.Based on the stochastic game theory,a stochastic game model for network attack and defense utility evaluation is proposed.The indicators of network attack and defense utility are divided into five aspects: attack impact,attack cost,defense effect,defense cost,and assets.The weight value of each utility index was determined by analytic hierarchy process.In terms of utility calculation,the active defense and passive defense measures are distinguished,and the influence of system recovery ability,deception ability,and tracking ability on attack and defense utility calculations is analyzed,and the network offensive and defensive utility calculation formula is given.3.Design and implement a network attack and defense utility measurement experiment,and verify the proposed model and calculation method.By creating virtual devices in a virtual environment,the topology of a real network is constructed to simulate network attacks and defenses.The evaluation process of network offensive and defensive effectiveness,the algorithm for determining the weight of network attack and defense utility indicators,and the calculation algorithm of network attack and defense utility are proposed.Based on the network attack and defense system state transition diagram and network attack and defense behavior strategy set,the network attack and defense utility is evaluated.By analyzing the experimental results,the correctness and effectiveness of the proposed attack and defense stochastic game model and utility calculation method are verified.