微信服务号

微信订阅号

2025-4-24- 14
Home > Archive>Volume 22, Issue 3, 2011 >495-508. DOI:10.3724/SP.J.1001.2011.03751
PDF HTML XML Export Cite reminder
Network Security Situation Awareness Approach Based on Markov Game Model
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [22]
    • |
  • Related [20]
    • |
  • Cited by [7]
    • | |
  • Comments
    Abstract:

    To analyze the influence of propagation on a network system and accurately evaluate system security, this paper proposes an approach to improve the awareness of network security, based on the Markov Game Model (MGM). This approach gains a standard data of assets, threats, and vulnerabilities via fusing a variety of system security data collected by multi-sensors. For every threat, it analyzes the rule of propagation and builds a threat propagation network (TPN). By using the Game Theory to analyze the behaviors of threats, administrators, and ordinary users, it establishes a three player MGM. In order to make the evaluation process a real-time operation, it optimizes the related algorithm. The MGM can dynamically evaluate system security situation and provide the best reinforcement schema for the administrator. The evaluation of a specific network indicates that the approach is suitable for a real network environment, and the evaluation result is precise and efficient. The reinforcement schema can effectively curb the propagation of threats.

    Reference
    [1] Endsley MR. Situation awareness global assessment technique, In: NAECON, ed. Proc. of the IEEE ’88 National Aerospace and Electronics Conf. (NAECON’88). Dayton: IEEE, 1988. 789?795.
    [2] Bass T, Gruber D. A glimpse into the future of ID. http://www.usenix.org/publications/login/1999-9/features/future.html
    [3] Bass T. Intrusion detection systems and multi-sensor data fusion: Creating cyberspace situation awareness. Communications of the ACM, 2000,43(4):99?105. [doi: 10.1145/332051.332079]
    [4] Stephen L. The spinning cube of potential doom. Communications of the ACM, 2004,47(6):25?26. [doi: 10.1145/990680.990699]
    [5] Lakkaraju K, Yurcik W, Lee AJ. NVisionIP: NetFlow visualizations of system state for security situational awareness. In: Proc. of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. 2004. 65?72. [doi: 10.1145/1029208.1029219]
    [6] Yin XX, William Y, Michael T. VisFlowConnect: NetFlow visualizations of link relationships for security situational awareness. In: Proc. of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. 2004. 26?34. [doi: 10.1145/1029208.1029214]
    [7] AS Internet Graph. http://www.caida.org/research/topology/as_core_network/AS_Network.xml
    [8] Steinberg AN, Bowman CL, White FE. Revisions to the JDL data fusion model. In: SPIE, ed. Proc. of the Sensor Fusion: Architectures, Algorithms, and Applications, SPIE 3719. Orlando: SPIE, 1999. [doi: 10.1117/12.341367]
    [9] Endsley MR. Toward a theory of situation awareness in dynamic systems. Human Factors Journal, 1995,37(1):32?64. [doi: 10.1518/001872095779049543]
    [10] Chen XZ, Zheng QH, Guan XH, Lin CG. Quantitative hierarchical threat evaluation model for network security. Journal of Software, 2006,17(4):885?897 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/17/885.htm [doi: 10.1360/jos170885]
    [11] Hu W, Li JH, Shi JJ. A novel approach to cyberspace security situation based on the vulnerabilities analysis. In: WCICA, ed. Proc. of the 6th World Congress on Intelligent Control and Automation. 2006. [doi: 10.1109/WCICA.2006.1713284]
    [12] Zhao GS, Wang HQ, Wang J. Study on situation evaluation for network surivability based on grey relation analysis. MINI-MICRO Systems, 2006,27(10):1861?1864 (in Chinese with English abstract).
    [13] Seddigh N, Pieda P, Matrawy A, Nandy B, Lambadaris J, Hatfield A. Current trends and advances in information assurance metrics. In: Proc. of the 2nd Annual Conf. on Privacy, Security and Trust. 2004. 197?204.
    [14] Zhang Y, Tan XB, Xi HS. A novel approach to network security situation awareness based on multi-perspective analysis. In: Proc. of the 2007 Int’l Conf. on Computational Intelligence and Security (CIS 2007). 2007. 768?772. [doi: 10.1109/CIS.2007.160]
    [15] Zhang YZ, Fang BX, Chi Y, Yun XC. Risk propagation model for assessing network information systems. Journal of Software, 2007,18(1):137?145 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/18/137.htm [doi: 10.1360/jos180137]
    [16] GB/T 20984-2007. Information security technology — Risk assessment specification for information security. General Administration of Quality Supervision, Inspection and Quarantine of P.R.C, 2007 (in Chinese).
    [17] Hou GM, Li CJ. Managerial Game Theory. Beijing: Beijing Institute of Technology Press, 2004 (in Chinese).
    [18] Liu K. Applied Markov Decision Processes. Beijing: Tsinghua University Press, 2004 (in Chinese).
    [19] Sallhammar K, Knapskog SJ, Helvik BE. Using stochastic game theory to compute the expected behavior of attackers. In: Proc. of the 2005 Symp. on Applications and the Internet Workshops. 2005. [doi: 10.1109/SAINTW.2005.1619988]
    [20] Shen D, Chen G, Cruz JB, Haynes JL, Kruger M, Blasch E. A Markov game theoretic approach for cyber situational awareness. In: Dasarathy BV, ed. Proc. of the Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications, Vol.6571, 65710F. 2007.
    [21] Cui XL, Tan XB, Zhang Y, Xi HS. A Markov game theory—Based risk assessment model for network information system. In: Proc. of the 2008 Int’l Conf. on Computer Science and Software Engineering. 2008. [doi: 10.1109/CSSE.2008.949]
    [22] Tan XB, Qin GH, Zhang Y, Liang P. Network security situation awareness using exponential and logarithmic analysis. In: Proc. of the 5th Int’l Conf. on Information Assurance and Security. 2009. 149?152. [doi: 10.1109/IAS.2009.38]
    Comments
    Comments
    分享到微博
    Submit
Get Citation

张勇,谭小彬,崔孝林,奚宏生.基于Markov 博弈模型的网络安全态势感知方法.软件学报,2011,22(3):495-508

Copy
Share
Article Metrics
  • Abstract:6361
  • PDF: 12124
  • HTML: 0
  • Cited by: 0
History
  • Received:June 24,2009
  • Revised:October 10,2009
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2038078Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063