中圖分類號： TP393
文獻標(biāo)識碼： A
DOI： 10.19358/j.issn.2096-5133.2021.07.008
引用格式： 呂德龍，翁溪，周小為. 基于最優(yōu)停止理論的網(wǎng)絡(luò)欺騙防御策略優(yōu)化[J].信息技術(shù)與網(wǎng)絡(luò)安全，2021，40(7)：47-51.

Network deception defense strategy optimization based on optimal stopping theory

Abstract： Cyber deception defense has become an important means of active network defense. In the cyber deception defense system, the defender actively releases part of the effective information to confuse the attacker, and the deceived attacker will carry out further attacks in the deception trap environment until the attacker sees through the deception or the defender takes the initiative to expel the attacker. How to minimize the effective information released by the deceiving environment while achieving the effective defense effect，this papr analyzed the deception defense model and the optimal stopping theory problem model respectively, and established the element correspondence relationship between the deception defense model and the optimal stopping theory. Based on the optimal stopping theory, a model for maximizing information revenu was constructed. By analyzing the amount of information in each attack and the amount of effective information leakage, the model selects the ratio of the maximum amount of information to suppress subsequent attacks, solves the problem of maximizing information returns, and obtains the optimal suppression moment, that is, the optimal solution expression.

Key words : cyber deception defense；deception decision；optimal stopping theory；maximize information revenue Network and Information Security