Go to DBLP homepageA probabilistic automata-based network attack-defense game model for data security by using security service chain
Abstract: In software defined security, virtual security functions (VSFs) are needed to be selected and combined to construct a security service chain (SSC) to achieve data security reinforcement. Traditional SSC construction is based on expert experience, typically lacking a systematic and automated approach. We found that game theory is a promising solution for addressing this limitation. To effectively reduce the security risk loss, defenders are required to understand attacks and make corresponding defense decisions under the limited resources. Since strategies of defenders and attackers are interdependent and their target is op-positional, it is a complex issue to obtain optimal defense strategies. This paper presents a network security optimal attack and defense decision-making method, which culminates in the construction of SSCs to ensure data security. Firstly, the problem of optimal defense strategies selection is defined and formalized, and the existence of equilibrium model of the mixed strategy Nash is proved. Secondly, this paper introduces a method of constructing a network attack-defense game model (NADGM) based on probabilistic automata. Then the attack and defense strategy selection algorithm are given based on the NADGM. Next, the method calculates the utility matrix under varied attack-defense strategies is proposed based on the common vulnerability scoring system. Meanwhile, the approach for solving mixed strategy Nash equilibrium is demonstrated. The construction of a security service chain based on NADGM is also given. Experimental results on real-world scenarios show that our proposed method can obtain the optimal defense strategies and construct SSC to safeguard data security.
Loading