KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Network Security Situation Assessment Method Based on Markov Game Model

  • Li, Xi (Information Engineering Department Ordnance Engineering College) ;
  • Lu, Yu (Information Engineering Department Ordnance Engineering College) ;
  • Liu, Sen (The 54th Research Institute of CETC) ;
  • Nie, Wei (College of Information Engineering Shenzhen University)
  • Received : 2017.05.10
  • Accepted : 2018.01.18
  • Published : 2018.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

In order to solve the problem that the current network security situation assessment methods just focus on the attack behaviors, this paper proposes a kind of network security situation assessment method based on Markov Decision Process and Game theory. The method takes the Markov Game model as the core, and uses the 4 levels data fusion to realize the evaluation of the network security situation. In this process, the Nash equilibrium point of the game is used to determine the impact on the network security. Experiments show that the results of this method are basically consistent with the expert evaluation data. As the method takes full account of the interaction between the attackers and defenders, it is closer to reality, and can accurately assess network security situation.

Keywords

References

  1. Gong Z H, Zhuo Y. "Research on Cyberspace Situational Awareness," Journal of Software, vol.21, no.7, pp.1605-1619, 2010.
  2. Boyer S, Dain O, Cunningham R. "Stellar: A fusion system for scenario construction and security risk assessment," in Proc. of the 13th IEEE Int'l Workshop on Information Assurance, pp.105-116, 2015.
  3. Ramaki A A, Khosravi-Farmad M, Bafghi A G. "Real time alert correlation and prediction using Bayesian networks," in Proc. of the ISCISC, pp.98-103, 2015.
  4. Wang C H, Chiou Y C. "Alert correlation system with automatic extraction of attack strategies by using dynamic feature weights," Int'l Journal of Computer and Communication Engineering, vol.5, no.1, pp.1-10, 2016. https://doi.org/10.17706/IJCCE.2016.5.1.1-10
  5. Jinxia Wei, Ru Zhang , Jianyi Liu, et al. "Defense Strategy of Network Security based on Dynamic Classification," Ksii Transactions on Internet and Information Systems, vol.9, no.12, pp.5116-5134, 2015. https://doi.org/10.3837/tiis.2015.12.021
  6. Xie L X, Wang Y C, Yu J B. "Network Security Situation Awareness Approach Based on Markov Game Model," J Tsinghua Univ (Sci & Technol), vol.53, no.12, pp.1750-1760, 2013.
  7. Li F W, Sun S, Zhu J, etal. "Situation Assessment Method based on Hidden Markov Model," Computer Engineering and Design, vol.36, no.7, pp.1706-1711, 2015.
  8. Wen Z C, Chen Z G. "Network security situation prediction method based on hidden Markov model," Journal of Central South University (Science and Technology), vol.46, no.10, pp.3689-3695, 2015.
  9. Xi R R, Yun X C, Zhang Y Z, etal. "An Improved Quantitative Evaluation Method for Network Security," Chinese Journal of Computers, vol.38, no.4, pp.749-758, 2015.
  10. Guan-Yu Hu, Zhi-Jie Zhou, Bang-Cheng Zhang, etal. "A method for predicting the network security situation based on hidden BRB model and revised CMA-ES algorithm," Applied Soft Computing, vol.48, pp.404-418, 2016. https://doi.org/10.1016/j.asoc.2016.05.046
  11. Bass T. "Multi sensor data fusion for next generation distributed intrusion detection systems," in Proc. of the'99 IRIS National Symp. on Sensor and Data Fusion. pp.24-27, 1999.
  12. Bass T. "Intrusion detection systems and multi sensor data fusion," Communications of the ACM, vol.43, no.4, pp.99-105, 2000. https://doi.org/10.1145/332051.332079
  13. Gad A, Farooq M. "Data fusion architecture for maritime surveillance," in Proc. of the Int'l Society on Information Fusion(ISIF), pp.448-455, 2002.
  14. Kadar I. "Knowledge representation issues in perceptual reasoning managed situation assessment," in Proc. of the FUSION, pp.13-15, 2005.
  15. Llinas J, Hall D. "An introduction to multi sensor data fusion," in Proc. of the ISCAS '98 - Proceedings of the 1998 IEEE International Symposium on Circuits and Systems, vol. 6, pp.537-540, 1998.
  16. Blasch E, Plano S. "DFIG level5 issues supporting situational assessment reasoning," in Proc. of the FUSION, pp.35-43, 2005.
  17. Zhang Y, Tan X B, Cui X L, etal. "Network Security Situation Awareness Approach Based on Markov Game Model," Journal of Software, vol.22, no.3, pp.495-508, 2011. https://doi.org/10.3724/SP.J.1001.2011.03751
  18. The snort project. "SNORT Users Manual,"

Cited by

  1. Optimal Network Defense Strategy Selection Method: A Stochastic Differential Game Model vol.2021, pp.None, 2021, https://doi.org/10.1155/2021/5594697