基于成本分析的入侵检测响应模型

运用博弈论及信息安全技术有关理论,提出了一个基于成本分析的入侵响应投资模型,得出在此安全技术配置下博弈双方的最优策略,讨论了入侵响应的纳什均衡解,并通过成本分析从理论和实践两方面验证了此模型的合理性.针对现有入侵响应系统中不计成本就进行响应的问题,引入入侵损失和响应成本,通过比较二者关系,分析了系统管理员进行响应的条件成本,从而给出系统管理员灵活调整入侵响应的自适应策略,提高信息系统的安全性及抵抗攻击的能力,且避免不必要的资源浪费,实现信息保护和资源可用之间的平衡.

Intrusion detection response model based on cost-analysis

Applying the methodologies of game theory and network security,considering the decision interdependence of the players,a game model of intrusion response based on cost analysis was presented.The study showed the optimal strategies for the players in the deployment of security technique-Intrusion Detection System(IDS),discussed the Nash equilibrium solutions,and verified the model rationality by cost-analysis from the theoretic and empirical aspects.Focusing on the problem of intrusion response without considering cost now,the model was introduced damage cost and response cost.With comparison with the two kinds of cost,the conditional cost of responding was analyzed,thus an adaptive intrusion response strategy to system administrator was made.This method can illustrate the response policy of system administrator in the actual decision further,improve security and avoid wasting unnecessary resource,then achieve the balance between information protection and resource.