考量攻防雙方採用協同合作在多回合情境下最佳化資源配置策略之研究

Abstract

許多企業與組織利用網路管理內部私密資料以及與外部使用者聯繫，然而隨著使用者對網路依賴度的提升，資訊安全的問題也越演越烈，目前資訊安全領域的問題延伸觸角至企業中，其所能造成的損失也隨之增加。在這種情況下，如何以有限的資源，進行有效率的偵測攻擊者行為、預防攻擊事件甚至是阻擋攻擊者已經成為營運者必須正視的嚴峻問題，不僅防禦資源需要進行策略性的布建，亦須分配資源至網路節點上，並修復已經被攻克的節點以增強網路存活度。 目前統計較容易造成資料重大危害的攻擊方式為協同攻擊，但許多防禦者仍採用單一防禦的方式，為了因應攻擊者的策略變化．我們提出了協同防禦來加強防禦效果。然而，如何有效率的評估網路存活度是一個重要且值得探討的議題，我們採用平均網路分割度(Average Degree of Disconnectivity)作為衡量網路存活度的指標，並且將平均DOD指標結合機率的概念，用以評估網路的破壞程度，其值越大表示其網路破壞的程度越高。在我們的情境裡，考慮兩群玩家，他們會從中選出領導者來帶領防禦或是攻擊行為。 我們模擬一個多階段網路攻防問題，並建立最佳化資源配置策略之數學模型，且以平均DOD指標評量網路在攻防情境下的網路存活度，每一階段中，玩家皆可在更新網路弱點後再分配資源於網路中的節點以進行協同防禦或協同攻擊；此外，每回合皆可重新佈署資源於不同節點上以加強網路存活度或是修復已被攻克的節點。而在求解過程中我們使用了「窮舉法」以及「次梯度法」來協助搜尋雙方的最佳資源配置策略。

Many corporations and organizations conduct daily business through Internet. With the accumulating population using network, the problems of information security become a critical issue. Nowadays, the problems of network security have been extended from personal to organizational. Furthermore, the attack events bring more threat to business than before. Therefore, it is a significant problems to detect attack preference, prevent attack events and even deter the attackers in advance with limited resources for the corporations. The not only have to deploy the network with defense resources but also allocate resources to the attack event. Furthermore, the defender have to decide whether to repair the compromised nodes or not. Currently, the most common type of attack is collaborative attack but most of the defender still defend lonely. Therefore, we propose hierarchical collaborative，defense model to increase the defense effect and strengthen the network survivability. However, how to evaluate network survivability efficiently is an important issue. In our research, the Average Degree of Disconnectivity is adopted to measure the network survivability. We further combine the concept of Average DOD with probability. This method is used to evaluate the damage degree of the network. The larger the Average DOD value is, the higher the damage degree of the network. In our scenario, we take two groups of players into account, both of them choose a leader to lead the defense actions or attack actions. In the beginning, the defender does not know where the vulnerabilities are in the network until they encounter attack events. After they face the attack events, the defender begin to repair the network nodes in the next round. We develop a multi-round network attack-defense scenario and establish a mathematical model to optimize resource allocation and then predict the defender’s network survivability through the Average DOD value. In each round, the players could allocate the resources on the nodes after they update the information about the opponent. Furthermore, they could reallocate the defense resources and repair the compromised nodes. To solve the problem, the method base on subgradient and the exhaustive search would be adopted to find the optimal resources allocation strategies for both groups of players.