基于贝叶斯攻击图的RFID系统安全博弈分析模型

doi:10.3969/j.issn.1006-2475.2024.07.014

摘要/Abstract

摘要： 针对RFID系统缺乏综合有效的风险管理与安全评估的问题，为了实现对RFID系统安全风险的有效分析以及对目标RFID系统整体风险状况的评估，本文提出一种基于贝叶斯攻击图的RFID系统安全博弈分析方法。在贝叶斯攻击图模型的基础上结合博弈思想对RFID系统的风险状况进行分析，将攻击者入侵系统的过程抽象为攻防双方的博弈模型。首先依据目标系统的相关信息确定攻防策略，并且通过对攻击者和防御者策略收益的计算，构建相应的攻防博弈矩阵，然后得出其纳什均衡状态，确定各参与者的最优策略，最后计算双方的期望收益，确定目标RFID系统的安全状态：若是攻击者期望收益大于防御者期望收益，则系统处于风险状态，反之系统则处于安全状态。实验结果表明，本文提出的博弈模型可以良好地实现对目标RFID系统的安全状况分析。

关键词: RFID, 贝叶斯攻击图, 安全博弈分析

Abstract: In view of the lack of comprehensive and effective risk management and security assessment of RFID systems， in order to achieve effective analysis of the security risks of RFID systems and the assessment of the overall risk status of target RFID systems， this paper proposes a Bayesian attack graph-based RFID system security game analysis method. On the basis of Bayesian attack graph model， combined with game thought， the risk situation of RFID system is analyzed， and the process of the attacker invading the system is abstracted into the game model of the attack and defense. This paper firstly determines the offensive and defensive strategy based on the relevant information of the target system， and constructs the corresponding offensive and defensive game matrix by calculating the strategic income of the attacker and the defender， then obtains the Nash equilibrium state， determines the optimal strategy of each participant， and finally calculates the expected income of both parties to determine the security state of the target RFID system: If the expected return of the attacker is greater than the expected return of the defender， the system is in the risk state; otherwise， the system is in the security state. The experiment results show that the game model proposed in this paper can well realize the security analysis of target RFID system.

Key words: , RFID, Bayesian attack graph, security game analysis

中图分类号:

TP393.08

马荟平1, 李鹏1, 2, 胡素君1. 基于贝叶斯攻击图的RFID系统安全博弈分析模型[J]. 计算机与现代化, 2024, 0(07): 93-99.

MA Huiping1, LI Peng1, 2, HU Sujun1. Security Game Analysis Model of RFID System Based on Bayesian Attack Graph[J]. Computer and Modernization, 2024, 0(07): 93-99.

参考文献

［1］周余阳，程光，郭春生. 基于贝叶斯攻击图的网络攻击面风险评估方法［J］. 网络与信息安全学报， 2018，4（6）:11-22.
［2］ WU H， GU Y， CHENG G， et al. Effectiveness evaluation method for cyber deception based on dynamic bayesian attack graph［C］// Proceedings of the 3rd International Conference on Computer Science and Software Engineering. ACM， 2020:1-9.
［3］杨英杰，冷强，常德显，等. 基于属性攻击图的网络动态威胁分析技术研究［J］. 电子与信息学报， 2019，41（8）:1838-1846.
［4］黄义夫. RFID系统安全检测关键技术研究［D］. 成都:电子科技大学， 2014.
［5］杨晓明. RFID攻击建模及安全技术研究［D］. 成都:电子科技大学， 2015.
［6］ HARISH V， CHRISVIN D S， THOTTUNGAL R. Overview of RFID security and its applications［C］// 2021 International Conference on Advancements in Electrical， Electronics， Communication， Computing and Automation （ICAECA）. IEEE， 2021. DOI: 10.119/ICAECA52838.2021.
9675754.
［7］黄可可. 面向物联网的RFID安全认证协议研究［D］. 扬州:扬州大学， 2020.
［8］李宇松. 浅析RFID系统安全防护［J］. 信息网络安全， 2021（S1）: 252-254.
［9］张恒巍，张健，韩继红，等. 基于博弈模型和风险矩阵的漏洞风险分析方法［J］. 计算机工程与设计， 2016，37（6）:1421-1427.
［10］ ANGERMEIER D， WESTER H， BEILKE K， et al. Security risk assessments: Modeling and risk level propagation［J］. ACM Transactions on Cyber-Physical Systems， 2023，7（1）:1-25.
［11］ WANG H， ZHU C H， SHEN Z H， et al. A network security risk assessment method based on a B_NAG model［J］. Computer Systems Science & Engineering， 2021，38（1）:103-117.
［12］ JAVORNÍK M， KOMÁRKOVÁ J， SADLEK L， et al. Decision support for mission-centric network security management［C］// 2020 IEEE/IFIP Network Operations and Management Symposium. IEEE， 2020. DOI：10.1109/NOMS47738.2020.9110261.
［13］ WANG R， GONG Q J， ZHEN K， et al. Research on RFID security evaluation method in smart meter［C］// 2020 IOP Conference Series: Earth and Environmental Science. IOP， 2020，645. DOI 10.1088/1755-1315/645/1/012081.
［14］ NAN X M， CHEN R Q， TIAN H T， et al. Network situation risk assessment based on vulnerability correlation analysis［C］// 2021 IEEE International Conference on Progress in Informatics and Computing. IEEE， 2021:330-334.
［15］金志刚，王新建，李根，等. 融合攻击图和博弈模型的网络防御策略生成方法［J］. 信息网络安全， 2021，21（1）:1-9.
［16］ SUN P Y， ZHANG H W， MA J Q， et al. A selection strategy for network security defense based on a time game model［C］// 2021 International Conference on Digital Society and Intelligent Systems （DSInS）. IEEE， 2021:223-228.
［17］ FEI J X， CHEN K， YAO Q G， et al. Security vulnerability assessment of power IoT based on business security［C］// Proceedings of the 2020 1st International Conference on Control， Robotics and Intelligent System. ACM， 2020:128-135.
［18］ MIN H， LI C Y. Construction of information security risk assessment model based on static game［C］// 2021 6th International Symposium on Computer and Information Processing Technology. IEEE， 2021:646-650.
［19］ SUN P Y， ZHANG H W， LI C W. Attack path prediction based on bayesian game model［J］. Journal of Physics： Conference Series， 2021，1955（1）. DOI: 10.1088/1742-6596/1955/1/012098.
［20］ LOUAI M， ECKHARD P. MAEVA: A framework for attack incentive analysis with application to game theoretic security assessment［C］// The 16th International Conference on Internet Monitoring and Protection. ICIMP， 2021:31-36.
［21］ JUSTINE C， PRASAD R R， THOMAS C. Game theoretical analysis of usable security and privacy［J］. Security and Privacy， 2021，4（5）. DOI: 10.1002/spy2.55.
［22］ WANG Z G， LU Y， LI X， et al. Optimal network defense strategy selection based on Markov Bayesian game［J］. KSII Transactions on Internet and Information Systems， 2019，13（11）: 67-77.
［23］张健，王晋东，张恒巍. 静态贝叶斯博弈在信息系统风险分析中的应用［J］. 计算机工程与应用， 2015，51（11）:76-82.
［24］李洋，刘天莺，朱建明，等. 基于Q学习与贝叶斯博弈的物联网安全［J］. 计算机工程与设计， 2022，43（4）:901-906.
［25］赵健，王瑞，李正民，等. 物联网系统安全威胁和风险评估［J］. 北京邮电大学学报， 2017，40（1）:135-139.
［26］韦早裕，吴鸣旦，马楠，等. 基于博弈模型的物联网系统漏洞风险评估［J］. 信息安全研究， 2018，4（10）:914-921.
［27］江建成，周中良，阮铖巍，等. 基于动态贝叶斯博弈的双机行为决策方法［J］. 计算机仿真， 2016，33（7）:95-98.

[1]	董重重, 赵聪, 吴悠, 张蕾, 张佳雯, 李志浩. 面向物联网终端设备的零信任动态评估方法[J]. 计算机与现代化, 2024, 0(11): 41-45.
[2]	王东岳, 刘浩. 基于多智能体遗传算法的云平台抗虚假数据注入攻击方法 #br# #br#[J]. 计算机与现代化, 2024, 0(04): 21-26.
[3]	游嘉靖1, 2, 何月顺1, 何璘琳1, 钟海龙1, 2. 基于AHP-CNN的加密流量分类方法[J]. 计算机与现代化, 2024, 0(04): 83-87.
[4]	肖航, 李鹏, 马荟平, 朱枫, . 基于随机Petri网的RFID系统安全性分析模型[J]. 计算机与现代化, 2023, 0(09): 105-114.