Network Situation Awareness Model Based on Incomplete Information Game

Game theory has been widely used in network security situational awareness. However, most of the currently proposed game-based offensive and defensive situational awareness methods are for traffic data, and there are fewer models or methods for analysis using vulnerability data. To overcome these issues, this paper proposes collecting periodic security vulnerability information in the network and utilizing the change in vulnerability status to achieve network security situational awareness. At this time, a network attack and defense game model based on incomplete information is proposed, which uses the state changes of the vulnerability life cycle to model the attack and defense behavior, calculates the benefits of both attack and defense through the evaluation of the exploitability of the vulnerability, and then quantifies the security situation value. We carried out the experiments using the vulnerability dataset, which was obtained by scanning the IP addresses of several enterprises in Hebei Province, China. The experimental results show that the approach of using network security vulnerabilities to assess network security status is feasible.