软件学报ISSN 1000-9825, CODEN RUXUEW E-mail: jos@iscas.ac.cnJournal of Software,2011,22(3):495−508 [doi: 10.3724/SP.J.1001.2011.03751] http://www.jos.org.cn+86-10-62562563 ©中国科学院软件研究所版权所有. Tel/Fax:∗基于Markov博弈模型的网络安全态势感知方法张勇+, 谭小彬, 崔孝林, 奚宏生(中国科学技术大学自动化系,安徽合肥 230027)Network Security Situation Awareness Approach Based on Markov Game ModelZHANG Yong+, TAN Xiao-Bin, CUI Xiao-Lin, XI Hong-Sheng(Department of Automation, University of Science and Technology of China, Hefei 230027, China)+ Corresponding author: E-mail: jzhang@mail.ustc.edu.cnZhang Y, Tan XB, Cui XL, Xi HS. Network security situation awareness approach based on Markov gamemodel. Journal of Software, 2011,22(3):495−508. http://www.jos.org.cn/1000-9825/3751.htmAbstract: To analyze the influence of propagation on a network system and accurately evaluate system security,this paper proposes an approach to improve the awareness of network security, based on the Markov Game Model(MGM). This approach gains a standard data of assets, threats, and vulnerabilities via fusing a variety of systemsecurity data collected by multi-sensors. For every threat, it analyzes the rule of propagation and builds a threatpropagation network (TPN). By using the Game Theory to analyze the behaviors of threats, administrators, andordinary users, it establishes a three player MGM. In order to make the evaluation process a real-time operation, itoptimizes the related algorithm. The MGM can dynamically evaluate system security situation and provide the bestreinforcement schema for the administrator. The evaluation of a specific network indicates that the approach issuitable for a real network environment, and the evaluation result is precise and efficient. The reinforcement schemacan effectively curb the propagation of threats.Key words: network security situation awareness; threat propagation network; Markov game model摘要: 为了分析威胁传播对网络系统的影响,准确、全面地评估系统的安全性,并给出相应的加固方案,提出一种基于Markov博弈分析的网络安全态势感知方法.通过对多传感器检测到的安全数据进行融合,得到资产、威胁和脆弱性的规范化数据;对每个威胁,分析其传播规律,建立相应的威胁传播网络;通过对威胁、管理员和普通用户的行为进行博弈分析,建立三方参与的Markov博弈模型,并对相关算法进行优化分析,使得评估过程能够实时运行.Markov博弈模型能够动态评估系统安全态势,并为管理员提供最佳的加固方案.通过对具体网络的测评分析表明,基于Markov博弈分析的方法符合实际应用,评估结果准确、有效,提供的加固方案可有效抑制威胁的扩散.关键词: 网络安全态势感知;威胁传播网络;Markov博弈模型中图法分类号: TP393文献标识码: A随着网络结构的日趋庞杂和各种新型攻击手段的大量涌现,网络安全问题越来越严峻,网络安全技术也在不断变革,从传统的入侵阻止、入侵检测发展到入侵容忍、可生存性研究,从关注信息的保密性发展到关注信∗基金项目: 国家高技术研究发展计划(863)(2006AA01Z449);中国博士后科学基金资助项目(20070420738)收稿时间: 2009-06-24; 定稿时间: 2009-10-10
本文来源:https://www.2haoxitong.net/k/doc/0f0922cf011ca300a6c390e7.html
