Method for selecting optimized protection strategy for network security

Abstract

The invention discloses a method for selecting an optimized protection strategy for network security and belongs to the technical field of the network security. The method for selecting the optimized protection strategy for the network security comprises the following steps of: 1) analyzing user configuration information, and acquiring host information, link information, service information, protection system information, economic cost information and property importance information in the attack-defense process; 2) performing statistic analysis and association analysis on the acquired information, and outputting an analysis result; 3) calculating the protection strategy performance and attacking strategy performance according to the analysis result; 4) establishing a static Bayesian game model for the attacking party and the defending party according to the user configuration information and the calculated result in the step 3); and 5) calculating Bayesian Nash equilibrium according to the established static Bayesian game model, and determining the protection strategy during the Bayesian Nash equilibrium as the network security protection strategy. Compared with the prior art, the method for selecting the optimized protection strategy for the network security integrates various factors to provide the optimized protection strategy for a network security manager.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method for selecting the best protection strategy for network security. Background technique [0002] Various attacks on the Internet, such as worm attacks and DDoS attacks, have caused huge damage to the normal use of the network. Researchers have proposed numerous protection mechanisms and strategies for the above-mentioned attacks. Various protection strategies have different characteristics and protection effects. Therefore, a unified performance evaluation method is needed to quantitatively evaluate various protection strategies in real time, and then guide the development of protection strategies. choose. In addition, the offensive and defensive sides will constantly adjust their strategies during the attack process to obtain the most beneficial effect. How to compare the effects of the offensive and defensive strategies in a confrontational situatio...

AI Technical Summary

Problems solved by technology

[0003] At present, there are three main methods for determining network security protection strategies based on the performance of attack and defense strategies: one is to use a test bed to simulate various attack and protection strategies and evaluate their effects to determine the best protection strategy, but the cost of the test bed is relatively high. And it cannot simulate the confrontation situation between the offensive and defensive parties, that is, the offensive and defensive parties constantly adjust their respective strategies to confront in the attack process in order to obtain the most beneficial effect; the second is to use typical actual data sets as the drive to analyze the offensive and defensive strategies in the attack process. The performance under the data set, and then determine the best network security protection strategy based on the performance, but the data set is generally lack of comprehensiveness and does not conform to the real-time attack and defense scenarios; the third is to use network simulation tools such as NS2, SSFNET, etc., Set the conditions for network attack and defense and collect the simulation result data to evaluate the effect of the attack and defense strategy, and then determine the best protection strategy based on the evaluation results. This method has relatively high requirements for operators, and the simulation results lack accuracy.

In addition, the above methods only evaluate the performance of the protection strategy, without considering the cost of its implementation. In reality, the selection and determination of the protection strategy should comprehensively consider the two factors of the strategy implementation cost and the strategy implementation benefit.

Images