检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:蔡传晰[1] 梅姝娥[1] 仲伟俊[1] CAI Chuanxi , MEI Shue , ZHONG(School of Economics and Management, Southeast University, Weijun Nanjing 211189, Chin)
出 处:《系统管理学报》2018年第2期264-273,共10页Journal of Systems & Management
基 金:国家自然科学基金资助项目(71071033)
摘 要:考虑企业和黑客之间攻防博弈的经济动机,研究了企业采用入侵检测系统和蜜罐两种安全技术策略。利用博弈论分别在正常服务和蜜罐服务中构建入侵检测系统(IDS)技术博弈模型,并求解出服务方和访问者之间的纳什均衡策略;从人工调查率、检出概率、攻击概率和期望收益4个角度对IDS在正常服务和蜜罐服务中的价值进行对比分析。结果表明:当IDS检测率较高时,配置IDS对正常服务有利,对蜜罐服务不利;当IDS检测率较低时,配置IDS对蜜罐服务有利,对正常服务不利。换言之,与常规直觉不同,"以牙还牙"策略并不总对企业有利,其有时不利于"诱敌深入"策略作用的发挥,企业在配置入侵检测系统和蜜罐时必须对这两种策略进行折中考虑。The economic motivation of the offensive and defensive game between firms and hackers was considered and the technical strategies for deploying the intrusion detection system (IDS) and honeypot together in a firm was studied. A game model including IDS in normal service and honeypot service respectively was established and the Nash equilibrium mixed strategy between firms and users was studied. Besides, the impact of IDS on normal service and honeypot service was analyzed from four aspects (artificial investigation rate, the detection probability of IDS, hacking probability, and the expected benefit of firms and hackers). The results show that when the detection probability of IDS is higher (lower), the deployment of IDS is good for normal service (honeypot service) but bad for honeypot service (normal service). Therefore, different from general intuition, the strategy of "a tooth for a tooth" is not necessarily beneficial for the firm. Sometimes, it is bad for the firm to adopt the strategy of "lure the enemy in deep". Firms need to balance the two strategies in configuring IDS and honeypot.
关 键 词:正常服务 入侵检测系统 黑客攻击 AD 策略分析
分 类 号:C93[经济管理—管理学] N94[自然科学总论—系统科学]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.141.192.51