### Application of static Bayesian game in information system risk analysis

ZHANG Jian, WANG Jindong, ZHANG Hengwei

1. PLA Information Engineering University, Zhengzhou 450004, China
• Online:2015-06-01 Published:2015-06-12

### 静态贝叶斯博弈在信息系统风险分析中的应用

1. 解放军信息工程大学，郑州 450004

Abstract: Information System （IS） security risk is influenced by attackers and defenders, so it is necessary to consider the behaviors of both sides. To evaluate the risk level, an Attacks Prediction Model based on Static Bayesian Game （APM-SBG） is proposed. In this model, an improved payoff calculation method is presented, which takes the counterattack as well as cost parameters and benefit parameters of both sides’ strategies into account, and therefore the payoff could be calculated more accurately. Considering the uncertainty of strategy choice, Nash equilibrium of the game based on mixed strategy is analyzed to predict the behaviors of the attacker, and the result is credible. A new risk analysis method is proposed based on the attack behavior prediction and defense strategy. The example analysis proves the effectiveness of the model and algorithm.