关键词: 贝叶斯博弈, 混合策略, 风险分析, 纳什均衡, 收益函数

Abstract: Information System （IS） security risk is influenced by attackers and defenders, so it is necessary to consider the behaviors of both sides. To evaluate the risk level, an Attacks Prediction Model based on Static Bayesian Game （APM-SBG） is proposed. In this model, an improved payoff calculation method is presented, which takes the counterattack as well as cost parameters and benefit parameters of both sides’ strategies into account, and therefore the payoff could be calculated more accurately. Considering the uncertainty of strategy choice, Nash equilibrium of the game based on mixed strategy is analyzed to predict the behaviors of the attacker, and the result is credible. A new risk analysis method is proposed based on the attack behavior prediction and defense strategy. The example analysis proves the effectiveness of the model and algorithm.

Key words: Bayesian game, mixed strategy, risk analysis, Nash equilibrium, payoff function