Research On The Assessment Of The Vulnerability And Defense Mechanism Selection Of Network System Based On Game Theory

Enterprise or infrastructure networks bring huge security risks while digitizing and informatizing.How to assess the factors affecting security in the enterprise network and develop an effective defense mechanism is a key issue deserving the investigation.However,the existing work faces many challenges: First,the factors considered in the security assessment based on the Attack Graph are complex,and it is difficult to describe the relationship between the vulnerabilities in the system simply and intuitively,and accurately analyze the harm of the vulnerability.Secondly,it is necessary to study the combinatorial optimization problem of the defense mechanisms under limited resources.Last but not least,the attacker's strategic response behavior must be taken into consideration when selecting the defense mechanism,so as to better analyze each attacker's attack step and select the appropriate defense mechanism.Based on the existing work,this dissertation considers that the essence of the security problem is the process of constant interaction between the attacker and defender.Therefore,the game theory is applied to security investigation.From the perspective of the re-assessment of the vulnerability harm in the specific network environment and the selection of the active defense mechanism,the cooperative game model and the attack-defense game model are established respectively.The main contributions are as follows:(1)Based on the Vulnerability Dependency Graph,this dissertation fully considers the specific network environment of the vulnerability,and proposes a method to assess the vulnerability harm.This method introduces the idea of cooperative game,defines the benefits of cooperation between the vulnerability nodes,and uses the Shapley value as the solution of the cooperative game.In addition,the CVSS assessment of the vulnerability is introduced into the calculation of the Shapley value as the attack cost.By being compared with the Banzhaf value and the network centrality assessment method,the proposed method has better correctness and can better describe the contribution of the vulnerability to the attack behavior in a successful attack(2)This dissertation proposes an active defense mechanism selection strategy based on the Vulnerability Dependency Graph.Firstly,considering the attacker's strategic behavior,this dissertation constructs the Stackelberg attacker-defender zero-sum game model,and gives clear definitions of the strategies and benefits of both players.In order to calculate the large-scale game equilibrium,the Double Oracle algorithm is proposed to solve the mixed strategy Nash equilibrium.The computational complexity of the algorithm and the approximation rate of the optimal solution are proved.The experimental results show that the solution efficiency of the algorithm is obviously better than mathematical programming,and the solution quality is obviously better than the heuristic algorithm such as random strategy and degree-first strategy.The defense mechanism selected according to the solving result can be highly strategic while still maintaining high payoff.