Jisuanji kexue (Aug 2021)
Incomplete Information Game Theoretic Analysis to Defend Fingerprinting
Abstract
Fingerprinting,which is an important part of reconnaissance,the first stage of network attack killing chain,is the prerequisite of successful implementation of network attack.The promotion of the concept of active defense,especially deception defense,encourages the defenders to confuse the attackers by means of fingerprint information hiding and obfuscation,thus reducing the effectiveness of their network reconnaissance.Therefore,the defenders can obtain a certain first-mover advantage in the confrontation,and the confrontation of both sides is also advanced to the stage of reconnaissance.Deception is the strategic confrontation between the rational agents of both sides,game theory is a quantitative science to study the conflict and cooperation between rational decision players.It can model the players and actions of various defensive deception,and guide the defenders to make better use of deception technology.In this paper,the dynamic game model with incomplete information is used to analyze the interactive process from reconnaissance to attack.The possible perfect Bayesian Nash equilibrium are analyzed and calculated,and the equilibrium are discussed based on different scenarios.Suggestions are put forward for the defenders to optimize the deceptive strategy to achieve better anti-fingerprinting effect.
Keywords
