Journal of Computer Applications ›› 2018, Vol. 38 ›› Issue (5): 1366-1371.DOI: 10.11772/j.issn.1001-9081.2017102448

Previous Articles     Next Articles

Dual game model of advanced persistent threat attack for distributed network structure

ZHANG Wei1, SU Yang1,2, CHEN Wenwu1   

  1. 1. Electronic Technique Department, Engineering College of Armed Police Force, Xi'an Shaanxi 710086, China;
    2. Key Laboratory of Information Security, Engineering College of Armed Police Force, Xi'an Shaanxi 710086, China
  • Received:2017-10-16 Revised:2017-12-04 Online:2018-05-10 Published:2018-05-24
  • Contact: 张为
  • Supported by:
    This work partially supported by the National Natural Science Foundation of China (61103231).

面向分布式网络结构的APT攻击双重博弈模型

张为1, 苏旸1,2, 陈文武1   

  1. 1. 武警工程大学 电子技术系, 西安 710086;
    2. 武警工程大学 信息安全保密重点实验室, 西安 710086
  • 通讯作者: 张为
  • 作者简介:张为(1991-),男,湖南津市人,硕士研究生,主要研究方向:网络空间安全;苏旸(1975-),男,陕西西安人,教授,博士,主要研究方向:网络空间安全、可信计算;陈文武(1990-),男,河南南阳人,硕士研究生,主要研究方向:网络空间安全。
  • 基金资助:
    国家自然科学基金资助项目(61103231)。

Abstract: Considering the lack of theoretical analysis for distributed network structure under Advanced Persistent Threat (APT) attacks, a game model was proposed to solve the problem based on Nash equilibrium theory and node game theory. Firstly, a defensive framework of network security was established by analyzing the characteristics of APT attack and distributed network structure. Secondly, risky factor of vulnerability was calculated through node game model, and Oriented to APT (OAPG) was established on the basis of Nash equilibrium theory, the balance point of attack and defense was calculated, maximum return strategy of the attacker was analyzed, and then optimal defense strategy of the defender was proposed. Finally, an APT attack instance was used to verify the model. The calculation results show that the proposed model can analyze both the attack and the defense of the network from the APT attack path and provide a reasonable defense idea for the organizations using the distributed network.

Key words: Advanced Persistent Threat (APT) attack, game model, attack path, distributed network structure, cyberspace security

摘要: 针对目前分布式网络结构缺少防御高级持续威胁(APT)攻击的安全理论模型问题,提出了一种基于纳什均衡理论和节点博弈的博弈模型。首先,通过APT攻击常用手段和分布式网络结构的特点,分析判断攻击者可能采取的攻击路径并提出网络安全防御框架;其次,通过节点博弈计算漏洞风险系数,在纳什均衡理论的基础上建立基于攻击路径的博弈模型(OAPG),计算攻防双方收益均衡点,分析攻击者最大收益策略,进而提出防御者最优防御策略;最后,用一个APT攻击实例对模型进行验证。计算结果表明,所提模型能够从APT攻击路径对网络攻防双方进行理性分析,为使用分布式网络的机构提供一种合理的防御思路。

关键词: 高级持续威胁攻击, 博弈模型, 攻击路径, 分布式网络结构, 网络空间安全

CLC Number: