考量攻擊優先性以及多重偽裝方法下之資源分配策略

Abstract

隨著網路的發展，資訊系統已成為企業運作中不可取代的部分，然而網路雖然給來企業許多好處，但同時也讓企業遭受更多的威脅。一旦連上網路的系統在遭受網路攻擊後造成系統無法正常運作時，將造成企業莫大的財物損失以及商譽上的毀損。因此如何有效配屬資源以抵禦攻擊者將是重要的議題。本篇論文的防禦者的防禦策略中，除了傳統的防禦機制外，由於攻擊者和防禦者間的資訊是不完全的，因此偽裝成為另一種有效的防禦機制。透過偽裝，我們得以運用假節點降低真實節點被攻擊的機率以及分散攻擊的火力以達到保護真實節點不受到摧毀的目的。因此如何在真假節點以及額外的偽裝方法下有效的分配有限的防禦資源以抵禦存在網路上的攻擊將會是一個重要的議題。 有鑑於此，在這篇論文中，我們建構了一個考慮在攻方具有攻擊喜好或稱為攻擊優先性之惡意攻擊環境下，防禦者的目標是最大化系統殘存的工作能力而攻擊者的目標是最小化系統殘存的工作能力。在情境中，攻擊者可以於每次攻擊發動前，先行分配一部分的智慧資源於探索系統並得到對於真假節點可能性的評分。評分較高者，代表其為真實節點的可能性高，因而在攻擊階段，攻擊者便可以透過評分機制來選擇攻擊的目標並分配適當的攻擊資源。而對防禦者而言，防禦者除了可以部屬所謂的假節點外，尚有其他種類的偽裝資源得以用來干擾攻擊者對攻擊目標的評分。最終，我們採用競爭成功函數來衡量競爭的結果，並求得最佳解。

With the rapid growing of the Internet, information system has become an irreplaceable part of the businesses daily operation. However, although the Internet brings lots of advantages but also brings more threats to the businesses. It would create devastating financial and reputation damage to the business once the information system which is connected to the Internet is destroyed under cyber attack and caused the normal course of operations disrupted. Hence, it is important to efficiently allocate defense resource for the defender. In the defense strategy of the defender, besides traditional method to protect system, deception is another effective mechanism with the incomplete information between the defender and the attacker. Through deception, the false targets can be used to reduce the probability that the genuine targets are under attack and encounter less-attack effort to achieve the goal of protecting genuine targets from destruction. Therefore, it is an important issue to decide resources allocation strategies with the defense strategy includes false targets and additional deception under limited resources. For this reason, we construct a model under the malicious attack with attack preference and the objective of the defender is to maximize the residual working capability while the objective of the attacker is to minimize that value. In our attack-defense scenario, the attacker can allocate part of budgets into exploring the system to obtain the evaluation of whether the target is valuable. When the value of evaluation is higher, it is more likely to be a genuine target. Therefore, the attacker can choose the targets to attack based on the evaluation and allocate proper resources to attack in the attack phase. In the view of the defender, besides deploys false targets, additional deception mechanisms can be used to interfere the evaluation of the attacker. Finally, the contest success function is adopted to evaluate the result and get the optimal solution in this problem.