CAJ | 학술논문

为了解决基于攻击检测的综合联动控制问题,用博弈论方法对防火墙、入侵检测系统(IDS)和漏洞扫描技术的安全组合模型进行分析.采用逆序归纳法研究了仅配置IDS和漏洞扫描技术组合、配置所有技术组合的Nash均衡.结果表明,当IDS和漏洞扫描技术检测率较低时,公司不仅需要监测每个报警的用户,还需监测未报警的一部分用户；当IDS和漏洞扫描技术检测率足够高时,公司无需监测未报警用户,只需监测一部分报警的用户.在信息系统中增加配置防火墙会影响公司和黑客的收益,但黑客的最优策略没有变化,IDS的最优调查策略仅在一定情况下会改变.此外,讨论了IDS与漏洞扫描、防火墙与IDS的配置交互问题.
위료해결기우공격검측적종합련동공제문제,용박혁론방법대방화장、입침검측계통(IDS)화루동소묘기술적안전조합모형진행분석.채용역서귀납법연구료부배치IDS화루동소묘기술조합、배치소유기술조합적Nash균형.결과표명,당IDS화루동소묘기술검측솔교저시,공사불부수요감측매개보경적용호,환수감측미보경적일부분용호；당IDS화루동소묘기술검측솔족구고시,공사무수감측미보경용호,지수감측일부분보경적용호.재신식계통중증가배치방화장회영향공사화흑객적수익,단흑객적최우책략몰유변화,IDS적최우조사책략부재일정정황하회개변.차외,토론료IDS여루동소묘、방화장여IDS적배치교호문제.
The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are Iow, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases.Moreover, the interactions between IDS & vulnerability scan and firewall & IDS are discussed in detail.