摘要
The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are low, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases. Moreover, the interactions between IDS & vulnerability scan and firewall & IDS are discussed in detail.
为了解决基于攻击检测的综合联动控制问题,用博弈论方法对防火墙、入侵检测系统(IDS)和漏洞扫描技术的安全组合模型进行分析.采用逆序归纳法研究了仅配置IDS和漏洞扫描技术组合、配置所有技术组合的Nash均衡.结果表明,当IDS和漏洞扫描技术检测率较低时,公司不仅需要监测每个报警的用户,还需监测未报警的一部分用户;当IDS和漏洞扫描技术检测率足够高时,公司无需监测未报警用户,只需监测一部分报警的用户.在信息系统中增加配置防火墙会影响公司和黑客的收益,但黑客的最优策略没有变化,IDS的最优调查策略仅在一定情况下会改变.此外,讨论了IDS与漏洞扫描、防火墙与IDS的配置交互问题.
基金
The National Natural Science Foundation of China(No.71071033)
the Innovation Project of Jiangsu Postgraduate Education(No.CX10B_058Z)