Research Article
Network Situation Awareness Model Based on Incomplete Information Game
@INPROCEEDINGS{10.1007/978-3-031-30623-5_12, author={Hongbin Zhang and Yan Yin and Dongmei Zhao and Bin Liu and Yanxia Wang and Zhen Liu}, title={Network Situation Awareness Model Based on Incomplete Information Game}, proceedings={Security and Privacy in New Computing Environments. 5th EAI International Conference, SPNCE 2022, Xi’an, China, December 30-31, 2022, Proceedings}, proceedings_a={SPNCE}, year={2023}, month={4}, keywords={Situation awareness incomplete information attack-defense game vulnerability lifecycle state transition matrix}, doi={10.1007/978-3-031-30623-5_12} }- Hongbin Zhang
Yan Yin
Dongmei Zhao
Bin Liu
Yanxia Wang
Zhen Liu
Year: 2023
Network Situation Awareness Model Based on Incomplete Information Game
SPNCE
Springer
DOI: 10.1007/978-3-031-30623-5_12
Abstract
Game theory has been widely used in network security situational awareness. However, most of the currently proposed game-based offensive and defensive situational awareness methods are for traffic data, and there are fewer models or methods for analysis using vulnerability data. To overcome these issues, this paper proposes collecting periodic security vulnerability information in the network and utilizing the change in vulnerability status to achieve network security situational awareness. At this time, a network attack and defense game model based on incomplete information is proposed, which uses the state changes of the vulnerability life cycle to model the attack and defense behavior, calculates the benefits of both attack and defense through the evaluation of the exploitability of the vulnerability, and then quantifies the security situation value. We carried out the experiments using the vulnerability dataset, which was obtained by scanning the IP addresses of several enterprises in Hebei Province, China. The experimental results show that the approach of using network security vulnerabilities to assess network security status is feasible.
