Article Preview
TopIntroduction
With the rapid development of Internet applications, the number of devices accessing the Internet has increased dramatically. Therefore, the amount of data to be processed and stored is growing, and the scale of network security data is becoming larger and more diverse. In the era of big data, the growth of massive data information makes the scale of nodes in the network larger and larger, leading to a more complex network topology. At the same time, the influence ability of each network node in the network topology also becomes more complex, and the uncertainty of the influence of network nodes increases. Once significant nodes are hacked, it causes massive network paralysis, as well as the rapid diffusion of security risks, resulting in a greater threat.
Cyberspace has become a battlefield for attackers and defenders, and the process of network attack-defense is a dynamic game. The defense capability achieved by the security protection facilities and methods based on static protection cannot meet the demand for network protection. In network security defense, the ideal defense strategy can resist all attacks' exploitation of weaknesses, but its defense cost is too high. With the idea of a dynamic game of attack-defense, finding a reasonable defense strategy to achieve a balance between defense cost and defense payoff has become an important research topic in network security defense.
The studies on attack-defense behavior analysis and defense strategy selection based on the game model have achieved certain results (Xiaoxue Liu et al., 2021). The existing studies mainly focus on two directions: game models based on complete information and game models based on incomplete information. The network attack-defense parties belong to the adversarial relationship, the game information of each other is difficult to grasp completely, so the game model based on incomplete information is more consistent with the actual network attack-defense scenarios.
In the dynamic attack-defense game with incomplete information, we still face challenges such as the complexity of network topology and diversification of attacks caused by massive data information. Identifying the existing risk of attacks and the possible attack paths, and limiting the diffusion of security risks is important for the attack-defense games and defense strategy selection.
To address the above issues, this paper proposes a Network Attack Risk Control framework (NARC) based on the game idea by evaluating the importance of communication nodes. The main contributions of this paper are as follows.
- 1.
A network topology-oriented node importance assessment model is proposed. The local static importance, local dynamic importance, and global importance of nodes are assessed using the centrality, the improved PageRank, and the K-CORE algorithms, respectively. Then a comprehensive assessment method of node importance is given.
- 2.
To discover potential attack paths, an attack risk diffusion network construction method is proposed, which combines vulnerability information to analyze attack intent. Based on this, the node attack-defense payoffs are calculated to obtain the importance of different nodes in the attack-defense game.
- 3.
An optimal defense node selection method based on the game theory idea is proposed. By optimizing the calculation method, it can solve the state explosion problem of traditional game theory methods in complex networks and improve the accuracy of defense strategy selection.
TopThe complex network topology, the diversified forms of attacks, and the enhanced uncertainty of attack paths pose a greater challenge to the identification and control of attack risks. In this paper, the possible network attack risks are analyzed from the perspective of topology and vulnerability attack graphs, and the impact of nodes on risk diffusion is calculated to provide a basis for security defense decisions. The research in this paper mainly involves three aspects, including network node topology importance assessment, attack risk diffusion, and attack risk control. The following is a review of related work.