检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张晓宁[1,2] 张恒巍 马军强[1] 孙鹏宇[1] 王晋东 ZHANG Xiao-ning;ZHANG Heng-wei;MA Jun-qiang;SUN Peng-yu;WANG Jin-dong(School of Cryptography Engineering,Information Engineering University,Zhengzhou 450000,China;PLA 69243 Unit,Fukang 831500,China)
机构地区:[1]信息工程大学密码工程学院,河南郑州450000 [2]解放军69243部队,新疆阜康831500
出 处:《计算机工程与设计》2023年第6期1616-1621,共6页Computer Engineering and Design
基 金:国家重点研发计划基金项目(2017YFB0801900)。
摘 要:现有的网络攻击归因方法缺乏对攻击成本与防御措施的考虑,对攻击行为分析不够全面、准确。通过分析攻防对抗与非合作博弈基本特征的一致性,构建信号博弈模型描述攻防过程。利用通用漏洞评分系统CVSS(common vulnerability scoring system)对攻防成本及收益进行量化,采用信号传递机制表述防御信息对攻击者决策产生的重要影响,基于对博弈均衡解的分析实现对攻击策略的可信归因。实验结果表明,所提模型可以提升网络攻击归因的准确性,对防御策略的选取具有指导作用。The existing cyber attack attribution methods lack consideration of attack cost and defense measures,so that the analysis of attack behavior is not comprehensive and accurate.By analyzing the consistency of the basic characteristics of attack and defense confrontation and non-cooperative game,a signal game model was constructed to describe the attack and defense process.The CVSS(common vulnerability scoring system)was used to quantify the cost and benefit of attack and defense,and the signal transmission mechanism was used to express the important influence of defense information on attacker decision-making.Based on the analysis of game equilibrium solution,the credible attribution of attack strategy was realized.Experimental results show that the proposed model can not only improve the accuracy of cyber attack attribution,but guide the selection of defense strategies.
关 键 词:攻击路径 信号博弈 攻击归因 精练贝叶斯均衡 收益量化 攻防行为分析 漏洞评估
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.21.168.253