ISSN 1000-1239 CN 11-1777/TP

• 论文 •    下一篇

基于博弈理论的动态入侵响应

石 进 陆 音 谢 立   

  1. (计算机软件新技术国家重点实验室(南京大学) 南京 210093) (zgnjack@163.com)
  • 出版日期: 2008-05-15

Dynamic Intrusion Response Based on Game Theory

Shi Jin, Lu Yin, and Xie Li   

  1. (State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093)
  • Online: 2008-05-15

摘要: 随着计算机网络的飞速发展,人们对互联网技术的依赖程度越来越高,因此确保网络系统的安全性也变得越来越重要.近年来,由于网络攻击事件的增多,入侵检测和响应技术越来越成为目前的研究热点之一.不过与其他安全技术得到广泛应用并取得良好的效果相比,入侵检测与响应的发展是滞后的.这一方面是由于入侵检测自身检测技术的限制,另一方面是由于目前的报警响应研究未能处理好系统的收益及攻击者策略变化等问题.针对上述第2个问题,提出了一种基于博弈理论的动态入侵响应DIRBGT模型.该模型一方面对攻击者和系统双方收益计算得比较全面,因此系统在报警响应后的收益得到了保证;另一方面还将攻击者可能的策略变化纳入模型当中,与单从系统一方推理最优响应的不稳定性相比,其最优解是稳定、可靠的.实验结果表明,DIRBGT模型有效提高了报警响应的准确性和效果.

关键词: 网络安全, 入侵响应, 攻击场景, 博弈理论, 动态响应

Abstract: With recent advances in network based technology and increased dependability of every day life on this technology, assuring reliable operation of network based systems is very important. During recent years, number of attacks on networks has dramatically increased and consequently interest in network intrusion detection and response has increased among the researchers. But as other network security technologies are being widely applied and achieving good results, intrusion detection and response technology is lagging. One reason is that current intrusion detection technology is limited in the detecting algorithm itself, the other is that system’s incentive and alternation of attacker’s strategies isn’t taken into consideration sufficiently in current alerts response research. A dynamic intrusion response model based on game theory (DIRBGT) is proposed to solve the second problem. On the one hand, DIRBGT takes account of incentives of system and attacker across the board, therefore the incentive of system can be assured. And on the other hand, it deals well with attack’s intent and alternation of strategies and therefore the optimal answer is stable and reliable while the optimal responses inferred from systems alone are unstable. The experimental results show that the DIRBGT model can effectively improve the accuracy and effectiveness of alert response.

Key words: network security, intrusion response, attack scenario, game theory, dynamic response