摘要
将网络诱骗攻防视作一种可观察行为的多阶段信令博弈,运用信令博弈理论分步骤构建了四种网络诱骗攻防博弈模型,即正常服务系统、服务/蜜罐混合系统、两种发送信令的服务/蜜罐混合系统以及三种行动/两种信令的服务/蜜罐混合系统。信令博弈模型中,服务方发送正常信令或蜜罐信令,而攻击者选择访问、判断访问或不访问。通过求解信令博弈模型的贝叶斯均衡策略及均衡条件,推理分析了网络诱骗防御策略的有效性及其约束条件。在此基础上,进一步采用博弈仿真工具Gambit对网络诱骗攻防信令博弈过程进行了仿真测试,验证了博弈理论分析贝叶斯均衡策略的存在性和正确性。
The network decoy confrontation is regarded as a kind of observable behavior of a multi-stage signaling game. Four types of gaming models for decoy confrontation process were constructed step by step using signaling game theory, i.e. the normal service, the mixed system of normal service and honeypot, the mixed system with two kinds of signaling, and the mixed system with two kinds of signaling and three actions. In these signaling game models, the server sent a normal signaling or honeypot signaling as the sender, while the attacker chose to access, give up or access in condition as the receiver. The effectiveness and the effectiveness conditions of the network decoy strategy were demonstrated through solving the Bayesian equilibrium strategies and analyzing the equilibrium conditions. Gambit as a game simulation tool was used to simulate the signaling game process of network decoy confrontation, and the existence of the Bayesian equilibrium, the correctness of the theoretical analysis were validated.
出处
《系统仿真学报》
CAS
CSCD
北大核心
2016年第2期348-353,共6页
Journal of System Simulation
基金
国家自然科学基金(91438117
61309024)
关键词
信令博弈
网络诱骗防御
贝叶斯均衡
仿真
signaling game
network decoy defense
Bayesian equilibrium
simulation