基于攻防博弈的网络系统动态风险评估模型
打开文本图片集
中图分类号:TP393.0 文献标识码:A DO1:10.7535/hbkd.2025yx03012
A dynamic risk assessment model for network systems based on attack and defense game theory
ZHANGHongbin¹,MIJiamei1,ZUOJun²,LIUBin³ (1.SchoolofInformationScienceandEnginering,Hebei UniversityofScienceandTechnology,Shijazhuang,HebeiO5Ol8,China; 2.Department of Business Administration,Hebei Vocational University of Industry and Technology, Shijiazhuang,Hebei 050091,China; 3.Schoolof Economicsand Management,Hebei Universityof Scienceand Technology,Shijazhuang,Hebei O5oo18,China)
Abstract:A dynamic risk asessment model fornetwork systemsbasedonatack and defense gametheory was proposed to addresstheproblemthattheexisting modelsareoverlysimplifiedindealingwiththecomplexdependenciesandpotentialthreat pathsintheopensourcesoftware supplychain,anditis dificult tocope with the problem ofopen source risks in network systemsunder thebackgroundofthebigdata era.Firstly,systemtopologyinformation,opensourcecomponentinformation, andvulnerabilityinformation were integratedtobuildaknowledge graphofopensourcerisk propagation;Secondly,athreat pathgenerationalgorithm wasdesigned basedon knowledge graphstoacquirethreat paths,andthepotential risksof each threatpathwere evaluatedtoidentifythe mostlikelythreatpath;Finaly,the ideaof stochastic gametheory wasintroducedto establishNSRAM-RG,ariskassssment modelof network system basedonrisk game,toanalyzethegame behaviorsof the atacker and defender regarding the most likelythreat path.The knowledge graph was dynamically updated,and the risk of the network system wasquantitativelyevaluatedaccording totheutityfunction.Theexperimentalresultsshowthatfiting degree of the asessment results tothetrue values is beter than theHMMand AHP methods,which can more accurately respondto the risk changes of thesystem.The proposed model can effectively quantifyand asess the open source risk in the system,which provides a new idea for the security management of the open source software supply chain.
Keywords:network;open source software supply chain security; knowledge graph; stochastic game;risk assessment
伴随着大数据时代的到来,软件技术以及信息技术产业飞速发展,网络系统安全管理日益重要[1]。(剩余13474字)