考量惡意攻擊情況下多階段防禦資源分配以最大化網路存活度之修復與資源重分配策略

Abstract

網際網路豐富了我們的生活，卻也為個人與企業帶來許多資訊安全威脅。由於網際網路使攻擊者能不限時間與地點的進行攻擊，所以難以保持網路系統能永久的安全。因此，如何評估網路存活度，是一個重要且值得探討的議題。在本篇論文中，我們提出了一個新的網路存活指標稱為平均網路分割度(Average Degree of Disconnectivity, Average DOD )。Average DOD指標結合機率的概念與DOD指標，以評估所有情況下之網路破壞程度，其值越大表示網路破壞的程度越高。 我們模擬一個網路攻防情境問題，並建立一個最佳化資源配置目標之數學模型，並以Average DOD指標評量網路在多階段攻防情境下的網路存活度，以提供網路營運者來預測網路攻防雙方最有可能採取的資源分配策略。在此情境中，每階段中攻擊者利用資源對網路中的節點進行攻擊；同時防禦者透過重新分配資源，並使用防禦資源於修復已被攻克的節點與防禦存活節點上。在求解過程中，採用了「梯度法」及「賽局」技巧協助尋找出攻防雙方的最佳化資源分配決策。

The Internet enriches our lives, but it also brings lots of threats to individuals and cooperates from information security. It is difficult to keep network safe forever because cyber attacker could launch attack through the network unlimited by time and space. Consequently, it is a more and more important and critical issue about how to efficiently evaluate network survivability. In this thesis, an innovative metric called Average Degree of Disconnectivity (Average DOD) is proposed. The Average DOD combining the concept of the probability calculated by contest success function with the DOD metric would be used to evaluate the damage degree of network. The larger value of the Average DOD, the more damage degree of the network would be. A multi-stage network attack-defense scenario as a mathematical model would be used to support network operators to predict that all the likelihood strategies both cyber attacker and network defender would take. In addition, the Average DOD would be used to evaluate damage degree of network. In each stage, the attacker could use the attack resources to launch attack on the nodes of network. On the other hand, the network defender could reallocate existed resources of defender to recover compromised nodes and allocate defense resources to protect survival nodes of network. In the process of problem solving, the “gradient method” and “game theory” would be adopted to find the optimal resource allocation strategies for both cyber attacker and network defender.