基于随机博弈的医疗系统入侵检测优化配置  

作　　者：李毅[1] 杨雅琪 李芳[1] 张坤 栾浩 马红兵[1] LI Yi;YANG Yaqi;LI Fang;ZHANG Kun;LUAN Hao;MA Hongbing(Department of Radiotherapy,The Second Affiliated Hospital of Xi’an Jiaotong University,Xi’an Shaanxi 710004,China;School of Cyber Engineering,Xidian University,Xi’an Shaanxi 710126,China;Department of Radiotherapy,Shaanxi Cancer Hospital,Xi’an Shaanxi 710061,China)

机构地区：[1]西安交通大学第二附属医院放疗科,陕西西安710004 [2]西安电子科技大学网络与信息安全学院,陕西西安710126 [3]陕西省肿瘤医院放疗科,陕西西安710061

出　　处：《中国医疗设备》2023年第6期55-60,67,共7页China Medical Devices

基　　金：陕西省重点研发计划(2020SF-027)。

摘　　要：目的针对医疗网络运行特点与可能经受的网络攻击威胁,提出一种基于入侵检测的主动防御方法。方法依据医疗网络系统结构,结合医疗系统网络安全风险状态和网络攻击的方式,模拟入侵检测系统(Intrusion Detection System,IDS)和攻击者的博弈过程,结合Nash-Q Learning算法,提出了一套医疗网络主动防御系统的设计方法与实现算法,并通过仿真实验验证算法的可行性。结果仿真验证结果表明,与随机选择的入侵检测策略相比,本文提出的算法在多种决策学习率下得到的入侵检测累计收益提高了30%~40%,且可根据当前网络资源可用程度与所面临网络安全威胁级别,动态适配安全防御配置参数,在保障网络整体运行效能前提下,实现网络安全防御的最大化。结论基于IDS的主动防御方法,可以根据网络风险预测,有效提升医疗系统的整体安全性。Objective Aiming at the characteristics of medical network operation and the possible threat of network attack,to propose an active defense method based on intrusion detection.Methods According to the structure of medical network system,combined with the network security risk state of medical system and the way of network attack,the game process between intrusion detection system(IDS)and attackers was simulated.Combined with Nash-Q Learning algorithm,a design method and implementation algorithm of active defense system for medical network were proposed,and the feasibility of the algorithm was verified by simulation experiments.Results The simulation validation results indicated that the algorithm proposed in this study exhibited a significant enhancement,ranging from 30%to 40%,in the cumulative intrusion detection gains compared to randomly selected intrusion detection strategies.Moreover,the algorithm demonstrated the ability to dynamically adapt security defence configuration parameters based on the current availability of network resources and the level of network security threats.This adaptive approach ensured the maximization of network security defence while concurrently preserving the overall operational efficiency of the network.Conclusion The proactive defence method based on IDS can effectively enhance healthcare systems’overall security by leveraging network risk prediction.

关 键 词：放疗医疗网络 入侵检测网络 随机博弈 Nash-Q Learning 资源配置 

分 类 号：R197.39[医药卫生—卫生事业管理]