CN107483486B - Network defense strategy selection method based on random evolution game model - Google Patents

Network defense strategy selection method based on random evolution game model Download PDF

Info

Publication number
CN107483486B
CN107483486B CN201710827946.9A CN201710827946A CN107483486B CN 107483486 B CN107483486 B CN 107483486B CN 201710827946 A CN201710827946 A CN 201710827946A CN 107483486 B CN107483486 B CN 107483486B
Authority
CN
China
Prior art keywords
defense
attack
random
strategy
evolution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710827946.9A
Other languages
Chinese (zh)
Other versions
CN107483486A (en
Inventor
黄健明
张恒巍
王衡军
王晋东
王娜
寇广
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201710827946.9A priority Critical patent/CN107483486B/en
Publication of CN107483486A publication Critical patent/CN107483486A/en
Application granted granted Critical
Publication of CN107483486B publication Critical patent/CN107483486B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of network security, and particularly relates to a network defense strategy selection method based on a random evolution game model, which comprises the following steps: constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the white Gaussian noise as a reference, an It Lo random differential equation is adopted to obtain a network attack and defense random evolution game system; the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolution game system, and equilibrium solution of attack and defense evolution is obtained; aiming at the equilibrium solution of attack and defense evolution, the stability analysis is carried out on the strategy selection states of both the attack and defense parties according to the stability theorem of the random differential equation solution, and the network security defense strategy in the equilibrium solution is output. The method solves the problems that the traditional determined game model is not accurate enough in network defense strategy selection and the like, can more accurately analyze the random dynamic evolution process among the finite attack and defense decision makers, enhances the practicability of safety defense strategy selection, and has important guiding significance on the network safety defense technology.

Description

Network defense strategy selection method based on random evolution game model
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network defense strategy selection method based on a random evolution game model.
Background
At present, network attack means are increasingly complicated, intelligent and diversified, and the attack purpose of an attacker is also continuously driven by economic benefits. Many challenges in the field of straight-plane network space security enhance the network security defense capability and ensure the network space security, which has become an urgent issue to be solved urgently. The game theory is a decision theory for researching the direct interaction of behaviors among decision-making main bodies, and has the characteristics of target oppositivity, relationship non-cooperation, strategy dependency and the like which are all consistent with the basic characteristics of network attack and defense. Therefore, applying the game theory to the modeling and analysis of the network defense and attack process becomes a research hotspot in recent years. However, the existing research results have a common characteristic that all models and methods are established under a deterministic attack and defense condition. In the actual attack and defense process, the selection of an attack means, the change of the system operation environment, the interference of other external factors and the like have certain randomness, so the effectiveness and the accuracy of the model and the method can be improved by considering the random factors.
The essence of network security lies in attack and defense opposition, so from the perspective of attack and defense opposition, research and exploration of network security analysis methods and defense technical systems have important practical significance. The game theory is a decision theory for researching the direct interaction of behaviors among decision-making main bodies, and has the characteristics of target oppositivity, relationship non-cooperation, strategy dependency and the like which are all consistent with the basic characteristics of network attack and defense. Therefore, applying the game theory to the modeling and analysis of the network defense and attack process becomes a research hotspot in recent years. Because the traditional game model is mostly established on the premise that the actor is completely rational and is not consistent with the actual situation, the evolutionary game theory based on the incomplete rationality better conforms to the reality of attack and defense confrontation, but the influence of various random interference factors existing in the attack and defense process is not considered by using the most replication dynamic learning mechanism at present, and the determined game model reduces the actual application value of the determined game model. The network Attack and Defense evolution Game Model ADEGM (attach-Defense evolution Game Model) is represented as 4-tuple, and ADEGM ═ (N, S, P, U), where N ═ N (P, U)ND,NA) Is the participant space of the evolving game. Wherein N isDFor defense, NAIs an attacker. S ═ (DS, AS) is the game policy space. Wherein DS ═ { DS ═ DS1,DS2,…DSnDenotes an optional set of policies for defenders, AS ═ AS1,AS2,…ASmRepresents an attacker's optional set of policies. P ═ P, q is the game belief set. Wherein p isiRepresenting an attacker to select an attack policy ASiProbability of (a), qjPresentation defense selection defense strategy DSjThe probability of (c). U ═ U (U)D,UA) The method is a profit function set which represents the game profits of the participants and is determined by the strategies of all the participants. The traditional game theory applied to the selection of the network security defense strategy has the following defects: (1) the assumption of completely rational precondition for the behavior in the classic game model is not in accordance with the actual situation, but in reality, the decision-making ability of the person is limited, i.e. the decision-making person actually belongs to an incompletely rational individual. Neglecting the limited rational condition of the behavior person can have great influence on the final game result, so that the final game balance result is greatly different from the reality, and the effectiveness of the model and the method is reduced. (2) The traditional evolutionary game theory is based on a duplicate dynamic learning mechanism, and a decision maker adjusts self strategies through learning to maximize self income, but does not consider the interference problem of various random factors in the game process. In the actual attack and defense process, the selection of an attack means, the change of the system operation environment, the interference of other external factors and the like have certain randomness, so that the effectiveness and the accuracy of the model and the method are reduced by neglecting the consideration of the randomness.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a network defense strategy selection method based on a random evolution game model, which solves the problems that the traditional game model is determined to be applied to the network defense strategy selection and is not accurate enough, can more accurately analyze the random dynamic evolution process between the finite attack and defense decision makers, and enhances the practicability and the guiding significance of the security defense strategy selection.
According to the design scheme provided by the invention, the network defense strategy selection method based on the random evolution game model comprises the following steps:
constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the white Gaussian noise as a reference, an It Lo random differential equation is adopted to obtain a network attack and defense random evolution game system;
the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolution game system, and equilibrium solution of attack and defense evolution is obtained;
aiming at the equilibrium solution of attack and defense evolution, the stability analysis is carried out on the strategy selection states of both the attack and defense parties according to the stability theorem of the random differential equation solution, and the network security defense strategy in the equilibrium solution is output.
In the foregoing, the network attack and defense random evolution game model is represented by quintuple.
Preferably, the network attack and defense random evolution model ADEGM ═ (N, S, P, Δ, U), where N ═ N (N, P, Δ, U)D,NA) Is the participant space of the evolving game, NDRepresenting a defensive party, NARepresenting an attacker; s ═ DS, AS is the game policy space, DS denotes the optional policy set of the defender, AS denotes the optional policy set of the attacker; p is a game belief set, q represents a probability set that a defender selects different defense strategies, and P represents a probability set that an attacker selects different attack strategies; Δ ═ δ12Is the set of random interference strength coefficients, δ1Representing the strength factor, δ, of the effect of random disturbances on the defender2Representing the influence intensity coefficient of random interference on an attacker and satisfying delta1>0,δ2>0;U=(UD,UA) Is a set of game revenue functions, UDIndicating player's game benefits, UAAnd the game income of the attackers is represented, and the value of the attack and defense income is jointly determined by the strategy selected by the attack and defense decision maker.
Preferably, the optional policy set DS ═ DS for the defenders1,DS2In which DS is1Indicating that defender adopted Strong defense strategy, DS2Representing the defender to adopt a weak defense strategy; optional policy set AS ═ a for aggressorsS1,AS2Where AS1Representing attackers implementing a strong attack strategy, AS2Representing an attacker implementing a weak attack strategy.
Preferably, the acquisition of the network attack and defense random evolution game system comprises the following contents:
A1) and constructing a type space set D ═ D of the defensive partyiI is more than or equal to 1 }; constructing defender-selectable policy space set DS ═ DSjJ is more than or equal to 1 and less than or equal to m, wherein m is the number of strategies selectable by an attacker decision maker;
A2) selecting an attack strategy for an attacker with a probability qiSelection of defense strategies DSiWherein, in the step (A),
Figure BDA0001407966240000031
1≤i≤m;
A3) calculating average profit of defender
Figure BDA0001407966240000032
Constructing a set delta (delta) of attack and defense random interference intensity coefficients12In which is delta1>0,δ2>0;
A4) Describing random interference of the evolutionary game of the defense party and the attacking party by using a random differential equation by taking the white Gaussian noise as a reference to obtain a random copy dynamic differential equation of the defense party and the attacking party;
A5) and randomly copying a dynamic differential equation of the simultaneous defense party and the attacking party to obtain the network attack and defense random evolution game system.
Preferably, the average profit of the defensive party is calculated in A3)
Figure BDA0001407966240000033
Comprises the following steps: acquiring a game income matrix by combining a network attack and defense game tree; calculating the average income of the attacking party and the defending party according to the game income matrix, wherein the average income of the defending party
Figure BDA0001407966240000034
Figure BDA0001407966240000035
Expected yield for the defenders.
Preferably, in a5), the network attack and defense random evolution gaming system is represented as:
Figure BDA0001407966240000036
Figure BDA0001407966240000037
wherein, CdRepresenting the defense cost required by the defensive party when selecting the strong defense strategy; caRepresenting the attack cost required by an attacker for selecting a strong attack strategy; vaWhen the defending party selects the weak defending strategy, the attacking party selects the attack return which can be obtained by the strong attacking strategy; vadWhen the strong defense strategy is selected by the defensive party, the attack return which can be obtained by the strong attack strategy selected by the attacking party is shown, and V is satisfieda>Vad(ii) a q (t) and 1-q (t) respectively represent the number of defenders selecting different defense strategies and the proportion of the number of defenders selecting different defense strategies as a function of time; omega (t) belongs to one-dimensional standard Brown motion and describes the influence of random interference factors on game evolution in the network attack and defense process.
Preferably, the obtaining of the equilibrium solution of the attack and defense evolution specifically includes:
B1) carrying out random Taylor expansion on the random evolution differential equation of the defending party and the attacking party in the network attack and defense random evolution game system according to It Lou random differential equation;
B2) and adopting a Milstein method to carry out numerical solution on a differential equation in the network attack and defense random evolution game system to obtain a corresponding attack and defense evolution equilibrium solution.
Further, in B1, It is expressed as dx (t) ═ f (t, x (t))) dt + g (t, x (t))) d ω (t), where t e [ t (t)) ]0,T],x(t0)=x0,x0E.g. R, ω (T) belongs to a one-dimensional standard Brown motion, obeying a normal distribution N (0, T), d ω (T) obeys a normal distribution N (0, Δ T), where T represents timeAnd R is a real number.
In the above, the selecting states of the strategies of both the attacking and defending parties for stability analysis and verifying the evolution stability strategy of the network attacking and defending random evolution game system includes: when it is satisfied with
Figure BDA0001407966240000041
And Cd≥1,
Figure BDA0001407966240000042
And Ca-VadWhen the network attack and defense random evolution game system is more than or equal to 1, a unique evolution stable strategy ESS (0,0) exists; when it is satisfied with
Figure BDA0001407966240000043
And Cd-Va+Vad+1≤0,
Figure BDA0001407966240000044
And Ca-VaWhen +1 is less than or equal to 0, the network attack and defense random evolution game system has a unique evolution stable strategy ESS (1, 1).
The invention has the beneficial effects that:
aiming at the problem that various random interference factors exist in an attack and defense game system, in order to improve the effectiveness and the accuracy of the model, various random interferences such as system operation environment change, network topology structure change, attack and defense strategy change and the like in the attack and defense game process are described by using the concept of Gaussian white noise for reference, the traditional copy dynamic evolution game method is improved, a random network attack and defense evolution game model under an asymmetric condition is constructed by using a nonlinear It-Lo random differential equation and is used for describing a real-time random dynamic evolution process of network attack and defense confrontation; carrying out numerical solution on the attack and defense random differential equation, carrying out stability analysis on strategy selection states of both the attack and defense according to a random differential equation stability discrimination theorem, and determining a security defense strategy of a random attack and defense evolution game model; finally, the influence of random interference with different strengths on the evolution rate of attack and defense decisions is verified through simulation, and certain technical guidance can be provided for network attack behavior prediction and security defense strategy selection. Compared with the prior art, the method can more accurately analyze the random dynamic evolution process among the attack and defense decision makers with limited rationality, and the safety defense strategy selection has stronger practicability and guiding significance.
Description of the drawings:
FIG. 1 is a prior art basic network attack and defense game tree;
FIG. 2 is a schematic flow diagram of the process of the present invention;
FIG. 3 is a schematic diagram of a network attack and defense game tree in an embodiment;
FIG. 4 is a schematic diagram of an acquisition process of the network attack and defense random evolution game system in the embodiment;
FIG. 5 is a schematic diagram of an equalization solution acquisition process of attack and defense evolution in an embodiment;
FIG. 6 is a diagram of the evolution trend of the null solution stabilization strategy of the defender in the simulation example;
FIG. 7 is a diagram of the evolution trend of the zero solution stabilization strategy of an aggressor in a simulation example;
FIG. 8 is a diagram of evolution trend of a zero solution unstable strategy of a defender in a simulation example;
FIG. 9 is a diagram of evolution trend of a zero solution unstable strategy of an aggressor in a simulation example.
The specific implementation mode is as follows:
in order to make the objects, technical solutions and advantages of the present invention clearer and more obvious, the present invention is further described in detail below with reference to the accompanying drawings and technical solutions. The technical terms involved in the examples are as follows:
evolutionary Game Theory (Evolutionary Game Theory): the biological evolution theory originated from Darwin inherits the theoretical explanation of biology on species evolution, starts from individual limited rational condition, takes group behaviors as research objects, and explains the evolution game process of biological behaviors in the explanation of the development process and evolution selection of biological species. All game parties tend to a certain stable strategy through long-term trial and error, simulation and improvement, the strategy is possibly stabilized in group organizations for a long time, and the stable strategy balance is very similar to the evolutionary stable strategy of biological evolution so as to achieve a relative stabilityHarmonious game equilibrium states. Replication dynamics (Replicator dynamics): in a group consisting of limited rational game parties, game players gradually adopt more game parties than a strategy with a good average level by continuously trial and error, learning and improving own strategies, so that the proportion of the game parties adopting various strategies in the group can be changed. Nash equilibrium (NashEquilibrium): in game G ═ S1,…,Sn;u1,…,unIn the game, a certain strategy combination composed of one strategy of each game party
Figure BDA0001407966240000061
Strategy of any gambling party i
Figure BDA0001407966240000062
If the condition is satisfied:
Figure BDA0001407966240000063
for arbitrary sij∈SiAre all true, then call
Figure BDA0001407966240000064
Is a nash balance for game G. Limited rational (bound ratio): the behavior person finds the optimal strategy through game analysis in the game process, and the behavior person does not deviate from the optimal choice due to forgetting, errors, randomness and the like. In the traditional game theory, it is generally premised that the behavior is completely rational, that is, the judgment and selection ability of the behavior is limited, and a mistake is made in the decision making process. Evolution Stable Strategy (ESS): the method is a strategy which cannot be invaded by the mutant under a definite definition, and is a balanced strategy with real stability and stronger prediction capability in the evolutionary game. The method is a robust balance concept which has stronger anti-interference capability and can still be recovered after interference in a biological evolution theory, and is the most core balance concept in the evolutionary game analysis.
An existing network Attack and Defense Evolution Game Model (ADEGM) can be represented as a 4-tuple, where (N, S, P, U) is (N, S, P, U)D,NA) Is a participant space of an evolutionary game, where NDFor defense, NAIs an attacker. S ═ (DS, AS) is the game policy space, DS ═ DS { (DS)1,DS2,…DSnDenotes an optional set of policies for defenders, AS ═ AS1,AS2,…ASmRepresents an attacker's optional set of policies. P ═ P, q is the set of game beliefs, PiRepresenting an attacker to select an attack policy ASiProbability of (a), qjPresentation defense selection defense strategy DSjThe probability of (c). U ═ U (U)D,UA) The method is a profit function set which represents the game profits of the participants and is determined by the strategies of all the participants. In the network attack and defense countermeasures, the decision makers of an attacker A and a defender D have a plurality of strategies to select, and the selectable strategy sets of the decision makers of the attacker A and the defender D are respectively assumed to be { AS1,AS2…ASm}、{DS1,DS2…DSnAnd (m, N belongs to N, and m, N is more than or equal to 2), the probability of the strategy adopted by an attack and defense decision maker is different at different stages of the game process, and the probability is continuously changed under the action of a learning mechanism along with the time, so that the attack and defense strategy selection forms a dynamic change process. The resulting attack and defense game tree is shown in fig. 1. p is a radical ofiRepresenting a selective attack strategy ASiProbability of (a), qjPresentation selection defense strategy DSjThe probability of (c). When different strategies are adopted for attack and defense countermeasures, corresponding attack and defense profit values can be generated. Wherein a isijAnd bijRespectively representing attackers and defenders to adopt ASi、DSjThe respective gains. For a defender, the strategy selection has n possibilities, and a decision maker has different probabilities qiFor each defense strategy DSiSelection is performed, but the conditions are met for the entire policy set: q. q.s1+q2+…+q n1. Similarly, the attacker can select m strategies according to the attack policy, and the decision maker has different probabilities piStrategy AS for each attackiAnd selecting, wherein the whole strategy set meets the following requirements: p is a radical of1+p2+…+pm=1。
Based on the above conditions, expected receipts of different defense strategies of the defenders are calculatedBenefit to
Figure BDA0001407966240000071
And average profit
Figure BDA0001407966240000072
Figure BDA0001407966240000073
As the defending income lower person can learn to imitate the strategy selected by the high income person, aiming at the optional strategy { DS in the defending strategy set1,DS2…DSnSelecting different strategies, the proportion of people will change along with the time, and adopting qi(t) is represented byi(t) denotes a selection defense strategy DSiThe proportion of the number of people, and satisfies:
Figure BDA0001407966240000074
DS for a particular defense policyiThe proportion of the number of people selecting the strategy is a function of time, and the dynamic change rate can be expressed by a copy dynamic equation:
Figure BDA0001407966240000075
similarly, optional policies in policy set for aggressors AS1,AS2…ASmSelecting the people number proportion of different strategies to dynamically change along with time, and respectively using pi(t) wherein p isi(t) satisfies:
Figure BDA0001407966240000076
optional attack strategy AS for an attackeriThe corresponding replication dynamical equation can be obtained:
Figure BDA0001407966240000077
two duplicate dynamic equations are simultaneously established
Figure BDA0001407966240000078
Through solving, the network attack and defense evolution game equilibrium state point can be obtained, and the analysis and prediction of the security defense strategy selection can be realized. However, the evolutionary game theory is based on a duplicate dynamic learning mechanism, and a decision maker adjusts a self strategy through learning to maximize the self income, but does not consider the interference problem of various random factors in the game process. In the actual attack and defense process, the selection of an attack means, the change of the system operation environment, the interference of other external factors and the like have certain randomness, so that the effectiveness and the accuracy of the model and the method are reduced by neglecting the consideration of the randomness. In view of this, an embodiment of the present invention provides a method for selecting a network defense strategy based on a random evolutionary game model, which is shown in fig. 2 and includes:
101. constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the white Gaussian noise as a reference, an It Lo random differential equation is adopted to obtain a network attack and defense random evolution game system;
102. the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolution game system, and equilibrium solution of attack and defense evolution is obtained;
103. aiming at the equilibrium solution of attack and defense evolution, the stability analysis is carried out on the strategy selection states of both the attack and defense parties according to the stability theorem of the random differential equation solution, and the network security defense strategy in the equilibrium solution is output.
The problem that the traditional determined game model is not accurate enough in network defense strategy selection is solved. In order to improve the effectiveness and the accuracy of the model, the invention describes various random interferences such as system operation environment change, network topology structure change, attack and defense strategy change and the like in the attack and defense game process by using the concept of Gaussian white noise. The method is used for describing a real-time random dynamic evolution process of network attack and defense confrontation by constructing a random network attack and defense evolution game model under an asymmetric condition. And (3) carrying out numerical solution on the It and the xi random differential equations of both the attacking party and the defending party, and carrying out stability analysis on the strategy selection states of the attacking party and the defending party according to the random differential equation stability judgment theorem. The model and the method can more accurately describe the network attack and defense strategy selection dynamic change process.
Based on a random power system, the characteristics of network attack and defense are combined, and an asymmetric network attack and defense random evolution game model under the limited rational condition is constructed on the basis of an evolution game theory. In another embodiment of the invention, the network attack and defense random evolution game model is represented by quintuple. Further, the network attack and defense random evolution model ADEGM ═ N, S, P, Δ, U, where N ═ N (N, P, Δ, U)D,NA) Is the participant space of the evolving game, NDRepresenting a defensive party, NARepresenting an attacker; s ═ DS, AS is the game policy space, DS denotes the optional policy set of the defender, AS denotes the optional policy set of the attacker; p is a game belief set, q represents a probability set that a defender selects different defense strategies, and P represents a probability set that an attacker selects different attack strategies; Δ ═ δ12Is the set of random interference strength coefficients, δ1Representing the strength factor, δ, of the effect of random disturbances on the defender2Representing the influence intensity coefficient of random interference on an attacker and satisfying delta1>0,δ2>0;U=(UD,UA) Is a set of game revenue functions, UDIndicating player's game benefits, UAAnd the game income of the attackers is represented, and the value of the attack and defense income is jointly determined by the strategy selected by the attack and defense decision maker.
Aiming at the network attack and defense countermeasure process, for convenient analysis, the defense strategy is divided into a strong defense strategy and a weak defense strategy according to the defense strength degree, and an optional strategy set DS of a defense party is constructed as { DS ═ DS1,DS2In which DS is1Indicating that defender adopted Strong defense strategy, DS2Indicating that the defender is adopting a weak defense strategy. Similarly, aiming at an attacker, the attack strategy is divided into a strong attack strategy and a weak attack strategy, and an optional strategy set AS of the attacker is constructed AS { AS ═1,AS2In which AS1Representing attackers implementing a strong attack strategy, AS2Representing an attacker implementing a weak attack strategy. In addition to the inventionIn one embodiment, as shown in fig. 4, the acquisition of the network attack and defense random evolutionary gaming system includes the following contents:
201) and constructing a type space set D ═ D of the defensive partyiI is more than or equal to 1 }; constructing defender-selectable policy space set DS ═ DSjJ is more than or equal to 1 and less than or equal to m, wherein m is the number of strategies selectable by an attacker decision maker;
202) selecting an attack strategy for an attacker with a probability qiSelection of defense strategies DSiWherein, in the step (A),
Figure BDA0001407966240000091
1≤i≤m;
203) calculating average profit of defender
Figure BDA0001407966240000092
Constructing a set delta (delta) of attack and defense random interference intensity coefficients12In which is delta1>0,δ2>0;
204) Describing random interference of the evolutionary game of the defense party and the attacking party by using a random differential equation by taking the white Gaussian noise as a reference to obtain a random copy dynamic differential equation of the defense party and the attacking party;
205) and randomly copying a dynamic differential equation of the simultaneous defense party and the attacking party to obtain the network attack and defense random evolution game system.
In the network attack and defense countermeasure process, the probability of the strategy adopted by an attack and defense decision maker is different in different stages of the game process, and the probability is continuously changed under the action of a learning mechanism along with the time, so that the attack and defense strategy selection forms a dynamic change process. The corresponding network attack and defense game tree is shown in figure 3, wherein p represents that an attacker selects an attack strategy AS11-p denotes the chosen attack strategy AS2And satisfies p ∈ [0,1]](ii) a q represents defensive person selection defense strategy DS11-q denotes the chosen defense strategy DS2And satisfies q ∈ [0,1]]。dijRepresenting a pair of attack and defense strategies (AS)i,DSj) The resulting defense profit value, aijRepresenting a pair of attack and defense strategies (AS)i,DSj) The resulting attack profit values and the profit matrix for the game are shown in table 1.
TABLE 1 network attack and defense game income matrix
Figure BDA0001407966240000093
Wherein, VnRepresenting fixed benefits which can be brought by information assets owned by the defenders;
Cdrepresenting the defense cost required by the defensive party when selecting the strong defense strategy;
Carepresenting the attack cost required by an attacker for selecting a strong attack strategy;
Vawhen the defending party selects the weak defending strategy, the attacking party selects the attack return which can be obtained by the strong attacking strategy;
Vadwhen the strong defense strategy is selected by the defensive party, the attack return which can be obtained by the strong attack strategy selected by the attacking party is shown, and V is satisfieda>Vad
In the game process, the cost of the weak attack and defense strategy is assumed to be 0 relative to the strong attack and defense strategy.
Based on this, expected benefits of the defensive parties are calculated respectively
Figure BDA0001407966240000094
And average profit
Figure BDA0001407966240000095
Figure BDA0001407966240000101
Figure BDA0001407966240000102
Figure BDA0001407966240000103
In the process of attack and defense, different defense decision makers learn and adjust own strategies through each other along with repeated game, so that the own strategies are optimal. Thus, the number of defenders selecting different defense strategies is in dynamic change, and the proportion of the number of defenders selecting different defense strategies is a function of time and is respectively represented as q (t) and 1-q (t). Against a strong Defense Strategy (DS)1) The following replication dynamic equation can be used to describe the dynamic evolution process:
Figure BDA0001407966240000104
because 1-q (t) epsilon [0,1] can be deduced to have no influence on the evolution result selected by the defense strategy, the formula can be converted into the following form:
Figure BDA0001407966240000105
through analysis, the defense decision maker selects the strategy DS1Rate of change of the ratio of (A) with time
Figure BDA0001407966240000106
Difference amplitude between expected income of selected strong defense strategy and expected income of selected weak defense strategy
Figure BDA0001407966240000107
In positive correlation.
In order to describe the actual network attack and defense game process more accurately, the concept of Gaussian white noise is used for reference, random differential equations are adopted to describe various random interferences of a defense strategy, an information system environment, a network structure change and the like of a defense party in a game system, and then random copy dynamic differential equations of the defense party can be obtained
Figure BDA0001407966240000108
Similarly, for the aggressors, the difference of the aggressors can be obtainedExpected yield of attack strategy
Figure BDA0001407966240000109
And average profit
Figure BDA00014079662400001010
Figure BDA00014079662400001011
Figure BDA00014079662400001012
And further obtaining an evolutionary game replication dynamic equation of the attacker:
Figure BDA00014079662400001013
in the same way, the random copy dynamic differential equation of the attacker can be obtained:
Figure BDA00014079662400001014
the random replication dynamic differential equation of the attacking and defending party is an It Lo random differential equation commonly used in the random analysis theory, and respectively represents the dynamic evolution process of the attacking and defending party, wherein omega (t) belongs to one-dimensional standard Brown motion, namely an irregular random fluctuation phenomenon, and can well describe how the game evolution is influenced by random interference factors in the network attacking and defending process. Given time t, ω (t) follows a normal distribution N (0, t); d ω (t) represents random interference when t>0 and step length h>At 0, the increment Δ ω (t) ═ ω (t + h) - ω (t) follows a normal distribution
Figure BDA0001407966240000111
δiRepresents the random interference strength of both the attack and defense, and satisfies deltai>0. Therefore, the evolution of p (t) and q (t) also becomes a random process, so that the random replication dynamic differential equations of the attack and defense parties form random attack and defenseAnd (5) an evolution system.
In the attack and defense game evolution process, a plurality of disturbance factors influencing the stability of the system exist, both external factors and internal factors exist, and each factor does not play a decisive role in the stability of the system.
Figure BDA0001407966240000112
And
Figure BDA0001407966240000113
determining the values of p (t) and q (t) in the interval [0, 1%]The practical meaning of the two is satisfied.
Figure BDA0001407966240000114
And
Figure BDA0001407966240000115
the maximum value, i.e. the perturbation maximum, is reached if and only if 1-q (t) and 1-p (t) are met. When the proportion of the number of people selected by the two defense strategies is the same, the stability of the system is most easily disturbed, and conversely, if the proportion of the number of people is larger, the disturbance is smaller.
The network attack and defense random evolution game system can be obtained by combining the random replication dynamic differential equations of the attack and defense parties:
Figure BDA0001407966240000116
since the above-mentioned established random attack and defense evolution differential equation system is composed of non-linear It's random differential equation, It is not possible to directly solve the analytic solution of the equation, for this reason, in another embodiment of the present invention, referring to fig. 5, obtaining the equilibrium solution of attack and defense evolution specifically includes:
301) carrying out random Taylor expansion on the random evolution differential equation of the defending party and the attacking party in the network attack and defense random evolution game system according to It Lou random differential equation;
302) and adopting a Milstein method to carry out numerical solution on a differential equation in the network attack and defense random evolution game system to obtain a corresponding attack and defense evolution equilibrium solution.
And (3) combining a random Taylor expansion formula and an It Lolo random formula to expand and solve the random copy dynamic differential equations of the attack and defense parties.
For ItLo random differential equation: dx (t) (t, x (t)) dt + g (t, x (t)) d ω (t), where t e [ t ], (t ∈)0,T],x(t0)=x0,x0E.g., R, ω (t) one-dimensional standard Brown's motion, obeys a normal distribution N (0, t), while d ω (t) obeys a normal distribution N (0, Δ t). Let h be (T-T)0)/N,tn=t0+ nh, performing It Lou random differential equation to perform random Taylor expansion to obtain
x(tn+1)=x(tn)+K0f(x(tn))dt+K1g(x(tn))+K11M1g(x(tn))+K00M0f(x(tn))+R
Wherein R represents the remainder of the expansion, an
Figure BDA0001407966240000121
K0=h;K1=Δωn
Figure BDA0001407966240000122
On the basis, It Lo random differential equation can be expressed as
Figure BDA0001407966240000124
Therefore, random Taylor expansion is carried out on the random evolution differential equation of the defense party, and the random Taylor expansion can be obtained
Figure BDA0001407966240000125
Namely, it is
Figure BDA0001407966240000126
Similarly, aiming at the randomly evolved differential equation of the attack party, random Taylor expansion is carried out on the randomly evolved differential equation to obtain
Figure BDA0001407966240000127
Wherein R is1And R2Respectively, the remainder of the attack and defense differential expansion. The random taylor expansion is the basis of numerical solution of the random differential equation, and in the solution process, the model is generally solved numerically by using an Euler method and a Milstein method, and the solution processes of the Euler method and the Milstein method are obtained by intercepting partial terms on the basis of the taylor expansion. Aiming at the network attack and defense random evolution game model established by the invention, the Milstein method is adopted to carry out numerical solution on the attack and defense random differential equation, and the expression of the Milstein method is as follows:
Figure BDA0001407966240000128
according to the formula, numerical solution can be carried out on the network attack and defense random evolution differential equations (10) and (15) to obtain corresponding attack and defense evolution equilibrium solutions.
Aiming at equilibrium solution existing in a game system, stability analysis is carried out on strategy selection states of an attack party and a defense party according to a random differential equation stability discrimination theorem.
Given a random differential equation:
dx(t)=f(t,x(t))dt+g(t,x(t))dω(t),x(t0)=x0
let x (t) be x (t, x)0) For the convenience of analysis, it is assumed that x (t), f (t, x (t)), and g (t, x (t)) are scalar quantities. Let the presence function V (t, x) and the normal c1,c2Satisfy the requirement of
c1|x|p≤V(t,x)≤c2|x|p,t≥0.
(1) If a normal number γ is present, it satisfies:
LV(t,x)≤-γV(t,x),t≥0.
the zeroth-solution p-order moment of differential equation (21) is expected to be exponentially stable and true
E|x(t,x0)|p<(c2/c1)|x0|pe-γt,t≥0.
(2) If a normal number γ is present, it satisfies:
LV(t,x)≥γV(t,x),t≥0.
the zero-solution p-order moment expectation index of differential equation (21) is unstable and holds
E|x(t,x0)|p≥(c2/c1)|x0|pe-γt,t≥0.
According to the content, the stability criterion of the random attack and defense evolution system can be obtained through analysis.
Let V (t, q (t)) ═ q (t)), [0,1] e for the defender's randomly evolving differential equation],c1c 21, p is 1, γ is 1, LV (t, q (t)) f (t, q (t)), so that:
(1) when in use
Figure BDA0001407966240000131
And CdWhen the value is more than or equal to 1, the zero solution expectation moment index of the random differential equation (10) is stable;
(2) when in use
Figure BDA0001407966240000132
And Cd-Va+VadWhen +1 is equal to or less than 0, the zero solution expectation moment index of the random differential equation (10) is unstable.
The randomly evolving differential equation for the defender, known as c1=c2=1,p=1,γ=1,V(t,q(t))=q(t),q(t)∈[0,1],LV(t,q(t))=f(t,q(t))=q(t)[(Va-Vad)p(t)-Cd]If the randomly evolving differential equation of the defense is stable in the zero solution expectation moment index, it is necessary to satisfy
LV(t,q(t))≤-γV(t,q(t))
Namely, it is
q(t)[(Va-Vad)p(t)-Cd]≤-q(t)
Further can obtain
q(t)[(Va-Vad)p(t)-(Cd-1)]≤0
As can be seen from q (t) E [0,1],
(Va-Vad)p(t)-(Cd-1)≤0
and because of Va>VadIs obtained by
Figure BDA0001407966240000141
And satisfy
Figure BDA0001407966240000142
Namely, it is
Figure BDA0001407966240000143
And CdNot less than 1.
(2) To make the randomly evolving differential equation of the defending party satisfy the instability of the zero solution expectation moment index, it needs to satisfy
LV(t,q(t))≥γV(t,q(t))
Namely, it is
q(t)[(Va-Vad)p(t)-Cd]≥q(t)
Further can obtain
q(t)[(Va-Vad)p(t)-(Cd+1)]≥0
From q (t) epsilon [0,1]
(Va-Vad)p(t)-(Cd+1)≥0
According to Va>VadCan obtain the product
Figure BDA0001407966240000144
And satisfy
Figure BDA0001407966240000145
Namely, it is
Figure BDA0001407966240000146
And Cd-Va+Vad+1 is less than or equal to 0.
From the above, it can be seen that: when the condition is satisfied
Figure BDA0001407966240000147
And CdWhen the attack and defense game is repeatedly carried out, the network defender finally selects a weak defense strategy to reach an evolution stable state; on the contrary, when the condition is satisfied
Figure BDA0001407966240000148
And Cd-Va+VadWhen the +1 is less than or equal to 0, the network defender is more inclined to select a strong defense strategy along with the attack and defense game, and the weak defense strategy selector continuously adjusts the strategy and selects the strong defense strategy, so that the self income is maximized.
Let V (t, p (t)) ═ p (t)), [0,1] e for the randomly evolving differential equation of the aggressor],c1c 21, p is 1, γ is 1, LV (t, p (t)) f (t, p (t)) so that:
(1) when in use
Figure BDA0001407966240000151
And Ca-VadWhen the value is more than or equal to 1, the zero solution expectation moment index of the random differential equation (15) is stable;
(2) when in use
Figure BDA0001407966240000152
And Ca-VaWhen +1 is less than or equal to 0, the zero solution expectation moment index of the random differential equation (15) is unstable.
Thus, it can be seen that: when the condition is satisfied
Figure BDA0001407966240000153
And Ca-VadWhen the attack and defense game is repeatedly carried out, the network attacker finally selects a weak attack strategy,the game system reaches an evolution stable state; when the condition is satisfied
Figure BDA0001407966240000154
And Ca-VaWhen +1 is less than or equal to 0, the attacker is profitable, at the moment, the attacker is more inclined to attack the strategy strongly, and the benefit is maximized by continuously learning the adjustment strategy.
Combining the above contents of the randomly evolved differential equations of both the attack and defense aspects, it can be known that when the conditions are satisfied
Figure BDA0001407966240000155
And Cd≥1,
Figure BDA0001407966240000156
And Ca-VadWhen the network attack and defense game system is more than or equal to 1, a unique evolution stable strategy ESS (0,0) exists in the network attack and defense game system, namely, an attacking party implements a weak attack strategy, and a defending party selects the weak defense strategy; when the condition is satisfied
Figure BDA0001407966240000157
And Cd-Va+Vad+1≤0,
Figure BDA0001407966240000158
And Ca-VaWhen +1 is less than or equal to 0, the game system has a unique evolution stable strategy ESS (1,1), namely, the attacking party implements a strong attacking strategy, and the defending party selects a strong defending strategy, which is consistent with the continuous evolution and upgrade of the actual network attack and defense confrontation.
The basic idea of obtaining the security defense strategy is to perform evolution equilibrium solution on the game model on the basis of establishing an attack and defense random evolution game model, and select the security defense strategy on the basis of the solved evolution stable equilibrium solution. For a defender, the embodiment provides a security defense strategy selection algorithm based on a random evolutionary game theory, which is specifically shown as algorithm 1:
algorithm 1: security defense strategy selection algorithm based on random evolution game model
Input is network attack and defense game tree
Output security defense strategy
BEGIN
1.Initialize;
2. Constructing type space set D ═ { D) of defensive partyi,i≥1};
3. Constructing defender-selectable policy space set DS ═ DSj,1≤j≤m};
4. Selecting an attack strategy for an attacker with a probability qi(i is more than or equal to 1 and less than or equal to m) reasonable defense strategy DS is selectediWherein
Figure BDA0001407966240000161
5. Attack and defense strategy pair selected for attack and defense parties { ASi,DSjGet its defense profit value bij
6. Calculating expected revenue for each defense strategy
Figure BDA0001407966240000162
Wherein n represents the number of strategies of an attacker;
7. calculating average revenue for defenders
Figure BDA0001407966240000163
8. Constructing a set delta (delta) of attack and defense random interference intensity coefficients12In which is delta1>0,δ2>0;
9. Establishing a defense random copy dynamic evolution equation
Figure BDA0001407966240000164
10. The random evolution differential equation of the defending party is subjected to random Taylor expansion,
Figure BDA0001407966240000165
11. adopting a Milstein method to carry out numerical solution on an attack and defense random differential equation;
12. outputting a security defense strategy in the equilibrium solution;
END
the time complexity of the algorithm is mainly focused on solving a random differential equation, and the time complexity is O ((m + n)2) (ii) a The space consumption of the algorithm is mainly focused on the storage of the income value and the intermediate result of the equilibrium solution, and the space complexity is O (nm).
To verify the effectiveness of the present invention, further analysis was performed by specific simulation experiments as follows: aiming at the random attack and defense evolution game model and the solving and analyzing process, Matlab 2014 is adopted for numerical simulation. Two optional strategies are assumed to exist for both attack and defense parties, wherein AS is { strong attack strategy and weak attack strategy }, and DS is { strong defense strategy and weak defense strategy }. In the simulation process, the simulation step length h is 0.01, and the strategy evolution process of the attacking and defending parties under different conditions is simulated. Assume that the strategy chooses an initial state of q (0) ═ 0.5 and p (0) ═ 0.5. Given the profit of the attack and defense game, the attack and defense random disturbance intensity coefficient delta is changediObserve the intensity of random perturbations deltaiInfluence on game evolution of the attack and defense parties.
(1) In the process of attack and defense game, the attack cost is assumed to be CaDefense cost C10dThe asset profit for the defender is V10nWhen the defender chooses the weak defense strategy, the attack return is V20aWhen the defender chooses a strong defense strategy, the attack return is V10 ad5. At this time, the process of the present invention,
Figure BDA0001407966240000171
aiming at the random evolution process of a defense party, the zero solution moment exponential stability condition of a random differential equation (10) is satisfied
Figure BDA0001407966240000172
And CdThe network defenders tend to select weak defense strategies, and as the game progresses, the defenders are finally stabilized in an evolution state of q (t) ═ 0, namely all the defenders select the weak defense strategies.
Aiming at the strategy evolution of a defensive party, a Milstein method is adoptedCarrying out numerical simulation to obtain a value delta of the random disturbance intensity coefficient1=0.5,δ1=2,δ1And 5, analyzing the evolution law of the defense strategy under different random interferences. Fig. 6 is a zero solution stability strategy evolution trend diagram of a defensive party, wherein an abscissa N represents the sampling times, and an ordinate q (t) represents the proportion of selecting a strong defensive strategy.
As can be seen from fig. 6, the selection of the defense strategy presents a certain volatility in the evolution process, which indicates that the random interference existing in the system has a certain influence on the evolution of the defense strategy. Furthermore, with the interference intensity δ1The fewer number of simulations (delta) required to reach steady state evolution of defense strategies is reduced1When the value is 0.5, the defense strategy achieves a stable state after 16 times of simulation; and delta1When the random factor is less than 5, the simulation reaches the steady state 31 times), which shows that the smaller the interference intensity of the random factor is, the more the defender tends to choose a weak defense strategy.
Similarly, aiming at the random evolution process of the attacker,
Figure BDA0001407966240000173
and Ca-VadSatisfies the zero-moment index stabilization condition of the stochastic differential equation (15) of 5
Figure BDA0001407966240000174
And Ca-VadThe network attackers tend to choose to implement the weak attack strategy, and as the game progresses, the attackers will be stabilized at the evolution state of p (t) ═ 0 finally, that is, all the attackers choose to implement the weak attack strategy.
Taking a value delta to the random disturbance intensity coefficient aiming at the strategy evolution of an attacker2=0.5,δ2=2,δ2And 5, analyzing the evolution law of the attack strategy under different random interferences. Fig. 7 is a zero solution stability strategy evolution trend of an attacker, wherein an abscissa N represents sampling times, and an ordinate p (t) represents a proportion of selecting and implementing a strong attack strategy.
As can be seen from FIG. 7, with the interference intensity δ2Reducing, forcing strategy evolution to steady stateThe smaller the number of times (delta)2When the value is 0.5, the attack strategy reaches a stable state after being simulated for 16 times; and delta2When the state is reached 29 times, the simulation is carried out), which shows that the smaller the interference intensity of the random factors is, the more the attacker tends to choose to implement a weak attack strategy.
(2) In the process of attack and defense game, the attack cost is assumed to be CaDefense cost is C ═ 4dThe defender's return on assets is V, 5nWhen the defender chooses the weak defense strategy, the attack return is V20 a15, the attack return when the defender chooses a strong defense strategy is V ad2. At this time, the process of the present invention,
Figure BDA0001407966240000181
and Cd-Va+Vad+1 ═ 7. Aiming at the random evolution process of a defense party, the condition of zero solution moment index instability of a random differential equation (10) is met
Figure BDA0001407966240000182
And Cd-Va+VadAnd +1 is less than or equal to 0, the network defender tends to choose a strong defense strategy, and as the game progresses, the defender is stabilized at an evolution state of q (t) 1, that is, all defenders choose the strong defense strategy.
Based on the conditions, the Milstein method is adopted to carry out numerical simulation on the evolution of the strong defense strategy selected by the defense party, and the value delta of the random disturbance intensity coefficient is taken1=0.5,δ1=2,δ1And 5, analyzing the evolution law of the defense strategy under different random interference intensities. The evolution trend of the zero-solution unstable strategy of the defender is shown in figure 8.
As can be seen from fig. 8, the strong defense strategy selected by the defense party exhibits a certain volatility in the evolution process, which indicates that the random interference existing in the system has a certain influence on the evolution of the defense strategy. Furthermore, with the interference intensity δ1The more simulation times (delta) are required to reduce the evolution of the defense strategy to reach a steady state1When the value is 0.5, the defense strategy achieves a stable state after being simulated for 39 times; and delta1When 5, the simulation is achieved 27 timesSteady state), which means that the smaller the interference intensity of random factors, the more the defender tends to choose a weak defense strategy.
In the same way, the method for preparing the composite material,
Figure BDA0001407966240000183
and Ca-VaAnd +1 is-10, and the condition of zero solution moment index instability of the random differential equation (15) is met aiming at the random evolution process of an attacker
Figure BDA0001407966240000184
And Ca-Va+1<And 0, network attackers tend to choose to implement a strong attack strategy, and as the game progresses, the attackers will be finally stabilized in an evolution state of p (t) ═ 1, that is, all the attackers choose to implement a strong network attack.
Taking a value delta to the random disturbance intensity coefficient aiming at the strategy evolution of an attacker2=0.5,δ2=2,δ2And 5, analyzing the evolution law of the attack strategy under different random interferences. The evolution trend of the zero-solution unstable strategy of the attacker is shown in fig. 9.
As can be seen from FIG. 9, the interference intensity δ is varied2The more times (delta) the aggressive attack strategy evolves to reach steady state2When the value is 0.5, the attack strategy achieves a stable state after being simulated for 37 times; and delta2When the state is stable after 24 times of simulation), the smaller the interference intensity of the random factors is, the more the attacker tends to choose to implement a weak attack strategy.
In conclusion, different random interference strengths have different influences on the evolution rate of the attack and defense game system, and the greater the interference strength is, the defender is more inclined to select a strong defense strategy, and the attacker is more inclined to select a strong attack strategy, and the experimental result is consistent with the system pursuit stability in the random control theory. When random interference exists, the system prevents disturbance from damaging the stability of the system by strengthening attack and defense strength. Aiming at the problem of various random interference factors in an attack and defense game system, the invention describes various random interferences such as system operation environment change, network topology structure change, attack and defense strategy change and the like in the process of the attack and defense game by using the concept of Gaussian white noise for improving the effectiveness and the accuracy of the model, improves the traditional copy dynamic evolution game method, and utilizes a nonlinear It-Lo random differential equation to construct a random network attack and defense evolution game model under an asymmetric condition for describing the real-time random dynamic evolution process of network attack and defense confrontation. And (3) carrying out numerical solution on the attack and defense random differential equation, carrying out stability analysis on strategy selection states of the attack and defense parties according to a random differential equation stability discrimination theorem, and designing a safety defense strategy selection algorithm based on a random attack and defense evolution game model. The influence of random interference with different strengths on the evolution rate of attack and defense decisions is verified through simulation, and certain guidance can be provided for network attack behavior prediction and security defense strategy selection. Compared with the prior art, the method can more accurately analyze the random dynamic evolution process among the attack and defense decision makers with limited rationality, and the safety defense strategy selection has stronger practicability and guiding significance.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The elements of the various examples and method steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and the components and steps of the examples have been described in a functional generic sense in the foregoing description for clarity of hardware and software interchangeability. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Those skilled in the art will appreciate that all or part of the steps of the above methods may be implemented by instructing the relevant hardware through a program, which may be stored in a computer-readable storage medium, such as: read-only memory, magnetic or optical disk, and the like. Alternatively, all or part of the steps of the foregoing embodiments may also be implemented by using one or more integrated circuits, and accordingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present invention is not limited to any specific form of combination of hardware and software.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (1)

1. A network defense strategy selection method based on a random evolution game model is characterized by comprising the following steps:
constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the white Gaussian noise as a reference, an It Lo random differential equation is adopted to obtain a network attack and defense random evolution game system;
the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolution game system, and equilibrium solution of attack and defense evolution is obtained;
aiming at the equilibrium solution of attack and defense evolution, carrying out stability analysis on strategy selection states of both attack and defense parties according to the stability theorem of random differential equation solution, and outputting a network security defense strategy in the equilibrium solution;
the network attack and defense random evolution game model is represented by quintuple;
the network attack and defense random evolution model ADEGM is (N, S, P, Δ, U), where N is (N)D,NA) Is the participant space of the evolving game, NDRepresenting a defensive party, NARepresenting an attacker; s ═ DS, AS is the game policy space, DS denotes the optional policy set of the defender, AS denotes the optional policy set of the attacker; p is a game belief set, q represents a probability set that a defender selects different defense strategies, and P represents a probability set that an attacker selects different attack strategies; Δ ═ δ12Is the set of random interference strength coefficients, δ1Representing the strength factor, δ, of the effect of random disturbances on the defender2Representing the influence intensity coefficient of random interference on an attacker and satisfying delta1>0,δ2>0;U=(UD,UA) Is a set of game revenue functions, UDIndicating player's game benefits, UARepresenting the game income of the attacker, wherein the value of the attack and defense income is determined by the strategy selected by the attack and defense decision maker;
optional policy set DS ═ DS for defensive parties1,DS2In which DS is1Indicating that defender adopted Strong defense strategy, DS2Representing the defender to adopt a weak defense strategy; optional policy set AS ═ AS of aggressor { AS ═ AS1,AS2Where AS1Representing attackers implementing a strong attack strategy, AS2Representing an attacker to implement a weak attack strategy;
the acquisition of the network attack and defense random evolution game system comprises the following contents:
A1) and constructing a type space set D ═ D of the defensive partyiI is more than or equal to 1 }; constructing defender-selectable policy space set DS ═ DSjJ is more than or equal to 1 and less than or equal to m, wherein m is the number of strategies selectable by an attacker decision maker;
A2) selecting an attack strategy for an attacker with a probability qiSelection of defense strategies DSiWherein, in the step (A),
Figure FDA0002326312710000011
A3) calculating average profit of defender
Figure FDA0002326312710000012
Constructing a set delta (delta) of attack and defense random interference intensity coefficients12In which is delta1>0,δ2>0;
A4) Describing random interference of the evolutionary game of the defense party and the attacking party by using a random differential equation by taking the white Gaussian noise as a reference to obtain a random copy dynamic differential equation of the defense party and the attacking party;
A5) randomly copying a dynamic differential equation of the simultaneous defense party and the attacking party to obtain a network attack and defense random evolution game system;
A3) calculating average profit for defensive parties
Figure FDA0002326312710000013
Comprises the following steps: acquiring a game income matrix by combining a network attack and defense game tree; calculating the average income of the attacking party and the defending party according to the game income matrix, wherein the average income of the defending party
Figure FDA0002326312710000014
Figure FDA0002326312710000015
Expected revenue for the defender;
A5) in the middle, the network attack and defense random evolution game system is represented as follows:
Figure FDA0002326312710000016
Figure FDA0002326312710000017
wherein, CdRepresenting the defense cost required by the defensive party when selecting the strong defense strategy; caRepresenting the attack cost required by an attacker for selecting a strong attack strategy; vaWhen the defending party selects the weak defending strategy, the attacking party selects the attack return which can be obtained by the strong attacking strategy; vadWhen the strong defense strategy is selected by the defensive party, the attack return which can be obtained by the strong attack strategy selected by the attacking party is shown, and V is satisfieda>Vad(ii) a q (t) indicates selection of strong defensesThe proportion of defenders of the strategy in the whole defenders is a function of time, 1-q (t) represents the proportion of defenders of the weak defense strategy in the whole defenders is a function of time, p (t) represents the proportion of attackers of the strong attack strategy in the whole attackers is a function of time, and 1-p (t) represents the proportion of attackers of the weak attack strategy in the whole attackers is a function of time; omega (t) belongs to one-dimensional standard Brown motion and describes the influence of random interference factors on game evolution in the network attack and defense process;
acquiring a balanced solution of attack and defense evolution, specifically comprising:
B1) carrying out random Taylor expansion on the random evolution differential equation of the defending party and the attacking party in the network attack and defense random evolution game system according to It Lou random differential equation;
B2) numerical solution is carried out on differential equations in the network attack and defense random evolution game system by adopting a Milstein method to obtain corresponding attack and defense evolution equilibrium solution;
B1) wherein Ito is expressed as dx (t) f (t, x (t)) dt + g (t, x (t)) d ω (t), where t e [ t ∈ [ t ])0,T],x(t0)=x0,x0E.g. R, ω (t) belongs to a one-dimensional standard Brown motion, obeying a normal distribution N (0, t), d ω (t) obeys a normal distribution N (0, Δ t), where t0Representing the starting moment of the attack and defense game process, T representing the continuation of the time dimension, and R being a real number;
the strategy selection states of the attacking and defending parties are subjected to stability analysis, and the evolution stability strategy of the network attacking and defending random evolution game system is verified, wherein the strategy selection states comprise: when it is satisfied with
Figure FDA0002326312710000021
And Cd≥1,
Figure FDA0002326312710000022
And Ca-VadWhen the network attack and defense random evolution game system is more than or equal to 1, a unique evolution stable strategy ESS (0,0) exists; when it is satisfied with
Figure FDA0002326312710000023
And Cd-Va+Vad+1≤0,
Figure FDA0002326312710000024
And Ca-VaWhen +1 is less than or equal to 0, the network attack and defense random evolution game system has a unique evolution stable strategy ESS (1, 1).
CN201710827946.9A 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model Active CN107483486B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710827946.9A CN107483486B (en) 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710827946.9A CN107483486B (en) 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model

Publications (2)

Publication Number Publication Date
CN107483486A CN107483486A (en) 2017-12-15
CN107483486B true CN107483486B (en) 2020-04-03

Family

ID=60584445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710827946.9A Active CN107483486B (en) 2017-09-14 2017-09-14 Network defense strategy selection method based on random evolution game model

Country Status (1)

Country Link
CN (1) CN107483486B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108182536B (en) * 2017-12-28 2021-11-16 东北大学 CPS security defense method for power distribution network based on finiteness
CN108322478B (en) * 2018-03-05 2020-09-04 西安邮电大学 Attack and defense game-based website defense strategy selection method
CN108541071B (en) * 2018-04-10 2019-03-01 清华大学 Wireless communication system multi-user resource distribution system based on the double-deck game
CN108494810B (en) * 2018-06-11 2021-01-26 中国人民解放军战略支援部队信息工程大学 Attack-oriented network security situation prediction method, device and system
CN108833401A (en) * 2018-06-11 2018-11-16 中国人民解放军战略支援部队信息工程大学 Network active defensive strategy choosing method and device based on Bayes's evolutionary Game
CN108898010A (en) * 2018-06-25 2018-11-27 北京计算机技术及应用研究所 A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending
CN108696534B (en) * 2018-06-26 2021-01-08 中国人民解放军战略支援部队信息工程大学 Real-time network security threat early warning analysis method and device
CN110166437B (en) * 2019-04-19 2020-05-19 杭州电子科技大学 Method for selecting optimal strategy for moving target defense based on DS evidence reasoning
CN110602047B (en) * 2019-08-14 2021-08-03 中国人民解放军战略支援部队信息工程大学 Multi-step attack dynamic defense decision selection method and system for network attack and defense
CN111064702B (en) * 2019-11-16 2021-09-24 中国人民解放军战略支援部队信息工程大学 Active defense strategy selection method and device based on bidirectional signal game
CN111224966B (en) * 2019-12-31 2021-11-02 中国人民解放军战略支援部队信息工程大学 Optimal defense strategy selection method based on evolutionary network game
CN111245857B (en) * 2020-01-17 2021-11-26 安徽师范大学 Channel network steady state evolution game method in block link environment
CN111769903A (en) * 2020-06-09 2020-10-13 国家数字交换***工程技术研究中心 Network security defense method applied to network security defense system and related device
CN112422552B (en) * 2020-11-17 2023-04-18 南京邮电大学 Attack and defense evolution method under DoS attack of uplink channel in micro-grid secondary control
CN113132398B (en) * 2021-04-23 2022-05-31 中国石油大学(华东) Array honeypot system defense strategy prediction method based on Q learning
CN115296830B (en) * 2022-05-27 2024-02-13 南京邮电大学 Network collaborative attack modeling and hazard quantitative analysis method based on game theory

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
CN106550373A (en) * 2016-09-30 2017-03-29 天津大学 Wireless sensor network data fusion degree of accuracy model based on evolutionary Game
CN106936855A (en) * 2017-05-12 2017-07-07 中国人民解放军信息工程大学 Network security defence decision-making based on attacking and defending differential game determines method and its device
CN106953879A (en) * 2017-05-12 2017-07-14 中国人民解放军信息工程大学 The cyber-defence strategy choosing method of best response dynamics Evolutionary Game Model
CN107135224A (en) * 2017-05-12 2017-09-05 中国人民解放军信息工程大学 Cyber-defence strategy choosing method and its device based on Markov evolutionary Games

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
CN103152345B (en) * 2013-03-07 2015-09-16 南京理工大学常熟研究院有限公司 A kind of optimum attacking and defending decision-making technique of network security of attacking and defending game
CN106550373A (en) * 2016-09-30 2017-03-29 天津大学 Wireless sensor network data fusion degree of accuracy model based on evolutionary Game
CN106936855A (en) * 2017-05-12 2017-07-07 中国人民解放军信息工程大学 Network security defence decision-making based on attacking and defending differential game determines method and its device
CN106953879A (en) * 2017-05-12 2017-07-14 中国人民解放军信息工程大学 The cyber-defence strategy choosing method of best response dynamics Evolutionary Game Model
CN107135224A (en) * 2017-05-12 2017-09-05 中国人民解放军信息工程大学 Cyber-defence strategy choosing method and its device based on Markov evolutionary Games

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
"基于攻防信号博弈模型的防御策略选取方法";张恒巍等;《通信学报》;20160525;第37卷(第5期);第51-61页 *
"基于攻防演化博弈模型的防御策略选取方法";黄健明等;《通信学报》;20170125;第38卷(第1期);第168-176页 *
"基于攻防随机博弈模型的防御策略选取研究";姜伟等;《计算机研究与发展》;20101015;第47卷(第10期);第1714-1723页 *
"基于***动力学的网络安全攻防演化博弈模型";朱建明等;《通信学报》;20140125;第35卷(第1期);第54-60页 *
"基于随机博弈模型的网络攻防策略选取";付钰等;《北京邮电大学学报》;20140415;第37卷;第35-39页 *
"基于非零和攻防博弈模型的主动防御策略选取方法";陈永强等;《计算机应用》;20130501;第33卷(第5期);第1347-1349页 *

Also Published As

Publication number Publication date
CN107483486A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
CN107483486B (en) Network defense strategy selection method based on random evolution game model
CN107135224B (en) Network defense strategy selection method and device based on Markov evolution game
CN107566387B (en) Network defense action decision method based on attack and defense evolution game analysis
CN110166428B (en) Intelligent defense decision-making method and device based on reinforcement learning and attack and defense game
April et al. Practical introduction to simulation optimization
Bowling Multiagent learning in the presence of agents with limitations
DE102008048478A1 (en) Sampling strategy using genetic algorithms in the optimization of a technical design
CN113806546A (en) Cooperative training-based method and system for defending confrontation of graph neural network
Gunaratne et al. Alternate social theory discovery using genetic programming: towards better understanding the artificial anasazi
US20070179917A1 (en) Intelligent design optimization method and system
CN113033822A (en) Antagonistic attack and defense method and system based on prediction correction and random step length optimization
CN115481441A (en) Difference privacy protection method and device for federal learning
Yang Reevaluation and renegotiation of climate change coalitions—a sequential closed-loop game approach
CN113360917A (en) Deep reinforcement learning model security reinforcement method and device based on differential privacy
CN116582349A (en) Attack path prediction model generation method and device based on network attack graph
CN111311324A (en) User-commodity preference prediction system and method based on stable neural collaborative filtering
Das et al. Dynamic goals-based wealth management using reinforcement learning
CN112801299B (en) Method, system and application for constructing game model of evolution of reward and punishment mechanism
Petty et al. Modeling cyberattacks with extended petri nets: Research program overview and status report
CN117077806A (en) Differential privacy federation learning method based on random election verification block chain
CA2928501A1 (en) Systems and methods for mathematical regression with inexact feedback
Konicki et al. Exploiting extensive-form structure in empirical game-theoretic analysis
Dahl The lagging anchor algorithm: Reinforcement learning in two-player zero-sum games with imperfect information
Davis Exploratory analysis and implications for modeling
CN117441168A (en) Method and apparatus for resistance attack in deep reinforcement learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant