Research On Industrial Internet Information Security Strategy Based On Game Theory

Industrial Internet is a new form of industrial application formed by the Industrial Control System(ICS)and the new generation of information technology(IT).Industrial Internet not only improves the overall collaborative ability and operational efficiency of traditional industries,but also brings information security problems into ICS.Security risks and invasion threats to the Industrial Internet are increaseing rapidly.In recent years,attackers to Industrial Internet have evolved from personal hackers to wellorganized hacker groups,some of which even involve state forces.Offensive and defensive confrontation in industrial Internet has become one of the important field of information warfare between countries.Traditional theories of reliability engineering and risk management can't afford effective guidance for the Industrial Internet security.The theory of industrial Internet security strategy selection needs to be expanded and deepened.Motivated by this consideration,this paper focuses on the security issue of optimal defense strategy selection for Industrial Control System based on game theory.Firstly,the paper studies the optimal defense resource allocation strategy under the condition that resources is limited in Industry Internet based on game theory.Then,considering the typical industrial Internet security event(such as Stuxnet,Blackenergy,etc.)can be divided into three stages,such as accessing,spreading,and tampering,the paper studied the the optimal defensive strategy selection in three stages respectively based on game theory.The main contents are as follows:(1)The research on optimal resource allocation strategy selection for industrial Internet security.Based on the complete information static game theory,this paper establishes the Limited Resource Node Game Model(LRN-GM),which reveals the basic rules of the interaction between the attacker and the defender when the resources of Industrial Internet security protection are extremely limited.A Co-wolf Evolution algorithm is proposed to solve the Nash equilibrium of the game mode,which is composed of Improved Wolf Pack Algorithm and Cooperative Evolution Algorithm.The simulation results show that Cowolf Evolution Algorithm is effective,and it provides a good reference for the allocation of Industrial Internet security protection resources.(2)The research on optimal defense strategy selection for spear-phishing attack.According to the case study of spear-phishing attacks by the hacker group 'APTC-12',this paper constructs a Spear-Phishing Attack-Defense Signaling Game Model(SPAD-SGM)to study the optimal strategy selection for the spear-phishing attack-defense process.The model describes the dynamic interaction process between malicious attackers and enterprise defenders under the condition of incomplete information.It reveals the decision rules of both attackers and defenders in the process of spear-phishing.The game model considers both incomplete information and dynamic interaction between players,which can imitate a realistic spear-phishing attack in a accurate and reasonable way.Based on the game model,the paper proposed an algorithm that can automatically select the optimal defense strategy for the spear-phishing attack-defense process.The rationality and validity of the model are verified by simulation experiments.(3)The research on optimal control strategy selection for multipath malware.This paper analyzed the propagation process of multipath malware in Industry Internet based on the classical infectious disease theory and built a Multipath Malware Susceptible-Infectious-Susceptible Model(MM-SIS).Then,based on the MM-SIS model,this paper established a Multipath Malware Propagation and Suppression Differential Game Model(MMPS-DGM)and proposed a optimal control strategy selection algorithm for suppression of multipath malware.Compared with the traditional dynamic game model,MMPS-DGM is more consistent with the characteristics of attack and defense confrontation in the actual propagation of malicious programs.It can describe the continuous change of system state in the process of malicious program propagation clearly.The rationality and validity of the model are verified by simulation experiments.(4)The research on defend strategy for data tampering attack of industry controller.According to the case study of Ukraine blackout attack,this paper analyses the attack to the industry controller and constructs a Industry Controller Data Tampering Evolutionary game model(CDT-EGM)to studies the interaction between attacker and defender based on the assumption that players are rational limited.Instead of assuming that participants are completely rational,the model assumes participants are limited rational.Compared with the classical game model,the evolutionary game model is more consistent with the actual attack and defense process in the Industrial Internet.Then this paper studies the evolutionary stable strategy of attacker and defender based on the CDT-EGM.Moreover,this paper put forward a optimal defensive strategy selection algorithm based on evolutionary game.Finally,the rationality and validity of the proposed model are verified are by several simulation experiments.