Computer Engineering and Applications ›› 2015, Vol. 51 ›› Issue (11): 76-82.

Previous Articles     Next Articles

Application of static Bayesian game in information system risk analysis

ZHANG Jian, WANG Jindong, ZHANG Hengwei   

  1. PLA Information Engineering University, Zhengzhou 450004, China
  • Online:2015-06-01 Published:2015-06-12


张  健,王晋东,张恒巍   

  1. 解放军信息工程大学,郑州 450004

Abstract: Information System (IS) security risk is influenced by attackers and defenders, so it is necessary to consider the behaviors of both sides. To evaluate the risk level, an Attacks Prediction Model based on Static Bayesian Game (APM-SBG) is proposed. In this model, an improved payoff calculation method is presented, which takes the counterattack as well as cost parameters and benefit parameters of both sides’ strategies into account, and therefore the payoff could be calculated more accurately. Considering the uncertainty of strategy choice, Nash equilibrium of the game based on mixed strategy is analyzed to predict the behaviors of the attacker, and the result is credible. A new risk analysis method is proposed based on the attack behavior prediction and defense strategy. The example analysis proves the effectiveness of the model and algorithm.

Key words: Bayesian game, mixed strategy, risk analysis, Nash equilibrium, payoff function

摘要: 信息系统安全风险受到攻击方和防御方的共同影响,因此在分析安全风险时必须综合考虑双方的行为。由此提出一种基于静态贝叶斯博弈的安全风险预测模型(APM-SBG),在模型中提出了一种改进的收益矩阵计算方法,在综合考虑成本和收益参数的同时,将防御者的反击行为纳入考虑范畴,能够更加准确地计算攻防双方的支付。模型利用混合策略对博弈的均衡局势进行分析,在理性假设下对攻击方行为进行有效预测。提出了一种基于攻击预测和防御策略的信息系统安全风险的分析算法,实际算例分析证实了模型和分析方法的有效性。

关键词: 贝叶斯博弈, 混合策略, 风险分析, 纳什均衡, 收益函数