拟态式蜜罐诱骗机制最优配置策略的博弈分析  被引量：5

作　　者：蔡传晰[1] 梅姝娥[1] 仲伟俊[1] CAI Chuan-xi;MEI Shu-e;ZHONG Wei-jun(School of Economics and Management,Southeast University,Nanjing 211189,China)

机构地区：[1]东南大学经济管理学院,江苏南京211189

出　　处：《管理工程学报》2018年第4期110-117,共8页Journal of Industrial Engineering and Engineering Management

基　　金：国家自然科学基金资助项目(71371050)

摘　　要：拟态式蜜罐中两种欺骗策略(保护色和警戒色)对防御者和攻击者的行为策略有重要影响。拟态式蜜罐欺骗策略的配置不仅受其效用函数的影响,还受其均衡条件存在性的影响。应用博弈论分别建立保护色、警戒色及其混合策略的信息安全模型,基于模型的均衡解及其均衡存在的条件和效用函数分析两种欺骗策略对拟态式蜜罐配置策略的影响。结果表明:(1)与警戒色相比,保护色情况下蜜罐最优配置比例和攻击者最优攻击概率都较高,且欺骗策略的伪装成本是影响攻击者攻击概率的主要原因;(2)蜜罐信号和正常服务信号中虚假信号的比例,总伪装成本一定时正常服务信号和蜜罐信号的比例都是影响攻击者攻击策略的重要因素;(3)对信息系统配置保护色或警戒色比同时配置两种策略更优;(4)当蜜罐的诱骗能力(威慑能力)较强时,纯保护色(纯警戒色)策略最优。Two deception strategies(protective coloration and warning coloration)of mimicry honeypot have an important impact on the behavioral strategy of defender and attacker.The configuration of the deception strategies in mimicry honeypot is not only influenced by the utility function of mimicry honeypot,but also the existence of its equilibrium condition.Properly using deception strategies to trap attacker could increase defender’s expected benefit.Therefore,the security model between defender and attacker was established by game theory in the two deception strategies and their mixed strategies separately.The main reason affecting attacker’s behaviors was provided by analyzing the Nash Equilibrium separately in four pure strategies.The impact of the configuration of the two deception strategies on the attacker’s behavioral strategy,and the existence of equilibrium condition in mimicry honeypot were analyzed by calculating the model’s equilibrium point.Besides,the optimal configuration probability of two deception strategies was proposed,given the probability of honeypot is fixed.Moreover,some advices in information system management were proposed after the simulation.The results show many findings.First,compared with pure warning coloration,both the optimal configuration probability of honeypot and the optimal attacking probability of hacker are higher in pure protective coloration.Second,the mainly reason affecting hacker’s attacking probability is the disguise cost.Normal service was disguised as honeypot in information systems.Third,when the proportion of fake honeypot in the signal of honeypot is low or the proportion of honeypot in the signal of normal service is high,attacker will not attack information systems with the signal of honeypot,and in fact,attacker may only attack a fraction of information systems with the signal of normal service.Conversely,when the proportion of fake honeypot in the signal of honeypot is high or the proportion of honeypot in the signal of normal service is low,attacker wil

关 键 词：信息安全 欺骗策略 拟态式蜜罐 博弈论 

分 类 号：C931[经济管理—管理学]