Skip to main content

Advertisement

Springer Nature Link
Log in

A probabilistic automata-based network attack-defense game model for data security by using security service chain

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

In software defined security, virtual security functions (VSFs) are needed to be selected and combined to construct a security service chain (SSC) to achieve data security reinforcement. Traditional SSC construction is based on expert experience, typically lacking a systematic and automated approach. We found that game theory is a promising solution for addressing this limitation. To effectively reduce the security risk loss, defenders are required to understand attacks and make corresponding defense decisions under the limited resources. Since strategies of defenders and attackers are interdependent and their target is op-positional, it is a complex issue to obtain optimal defense strategies. This paper presents a network security optimal attack and defense decision-making method, which culminates in the construction of SSCs to ensure data security. Firstly, the problem of optimal defense strategies selection is defined and formalized, and the existence of equilibrium model of the mixed strategy Nash is proved. Secondly, this paper introduces a method of constructing a network attack-defense game model (NADGM) based on probabilistic automata. Then the attack and defense strategy selection algorithm are given based on the NADGM. Next, the method calculates the utility matrix under varied attack-defense strategies is proposed based on the common vulnerability scoring system. Meanwhile, the approach for solving mixed strategy Nash equilibrium is demonstrated. The construction of a security service chain based on NADGM is also given. Experimental results on real-world scenarios show that our proposed method can obtain the optimal defense strategies and construct SSC to safeguard data security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Algorithm 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data Availability

No datasets were generated or analysed during the current study.

References

  1. Landwehr, C.E.: History of us government investments in cybersecurity research: a personal perspective. In: 2010 IEEE Symposium on Security and Privacy, pp. 14–20 (2010)

  2. Zhu, Q., Rass, S.: Game theory meets network security: A tutorial. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2163–2165 (2018)

  3. Sun, P., Lan, J., Li, J., Guo, Z., Hu, Y.: Combining deep reinforcement learning with graph neural networks for optimal vnf placement. IEEE Commun. Lett. 25(1), 176–180 (2021)

    Article  Google Scholar 

  4. Samadi, R., Seitz, J.: Machine learning routing protocol in mobile iot based on software-defined networking. In: 2022 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 108–111 (2022)

  5. N, P.E., Kang, J., Yusof, K.M., Din, J.B., Kim, S.: Towards scalability of dense sensor networks: a software-defined networking approach. In: 2023 IEEE 16th Malaysia International Conference on Communication (MICC), pp. 1–5 (2023)

  6. Iqbal, W., Abbas, H., Daneshmand, M., Rauf, B., Bangash, Y.A.: An in-depth analysis of iot security requirements, challenges, and their countermeasures via software-defined security. IEEE Internet Things J. 7(10), 10250–10276 (2020)

    Article  Google Scholar 

  7. Reininger, M., Arora, A., Herwig, S., Francino, N., Hurst, J., Garman, C., Levin, D.: Bento: safely bringing network function virtualization to tor. In: Proceedings of the 2021 ACM SIGCOMM 2021 Conference. SIGCOMM ’21, pp. 821–835. Association for Computing Machinery, New York, NY, USA (2021)

  8. Jain, V., Chu, H.-T., Qi, S., Lee, C.-A., Chang, H.-C., Hsieh, C.-Y., Ramakrishnan, K.K., Chen, J.-C.: L25gc: a low latency 5g core network based on high-performance nfv platforms. In: Proceedings of the ACM SIGCOMM 2022 Conference. SIGCOMM ’22, pp. 143–157. Association for Computing Machinery, New York, NY, USA (2022)

  9. Xia, B., Li, C., Zhou, Z., Liu, J.: Research on deployment method of service function chain based on network function virtualization in distribution communication network. In: 2023 IEEE 6th Information Technology,Networking,Electronic and Automation Control Conference (ITNEC), vol. 6, pp. 1410–1414 (2023)

  10. Feng, S., Xiong, Z., Niyato, D., Wang, P., Han, Z., Kim, D.I.: Joint traffic routing and virtualized security function activation in wireless multihop networks. IEEE Trans. Veh. Technol. 68(9), 9205–9219 (2019)

    Article  MATH  Google Scholar 

  11. Doriguzzi-Corin, R., Scott-Hayward, S., Siracusa, D., Salvadori, E.: Application-centric provisioning of virtual security network functions. In: 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 276–279 (2017)

  12. Ali, A., Anagnostopoulos, C., Pezaros, D.P.: In-network placement of security vnfs in multi-tenant data centers. In: 2020 IEEE Symposium on Computers and Communications (ISCC), pp. 1–6 (2020)

  13. Liu, W., Qiu, X., Chen, P., Wen, X., He, X., Wang, D., Li, J.: Sdn oriented software-defined security architecture. Journal of Frontiers of Computer Science and Technology 1, 63–70 (2015)

    Google Scholar 

  14. Li, Z., Wang, X., Yi, B., Huang, M.: Network service conflict detection and avoidance mechanism based on vnf. Chinese J. Comput. 46(2), 385–399 (2023)

    MATH  Google Scholar 

  15. Wu, Y., Feng, G., Wang, N., Liang, H.: Game of information security investment: impact of attack types and network vulnerability. Expert Syst. Appl. 42(15–16), 6132–6146 (2015)

    Article  MATH  Google Scholar 

  16. Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: 2010 43rd Hawaii International Conference on System Sciences, pp. 1–10 (2010). IEEE

  17. Fang, F., Liu, S., Basak, A., Zhu, Q., Kiekintveld, C.D., Kamhoua, C.A.: Introduction to game theory. Game Theory and Machine Learning for Cyber Security, 21–46 (2021)

  18. Li, F.: Network security evaluation and optimal active defense based on attack and defense game model. In: 2023 International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE), pp. 1–7 (2023). IEEE

  19. Zhang, B., Chen, Z., Tang, W., Fan, Q., Yan, X., Wang, S.: Network security situation assessment based on stochastic game model. In: Advanced Intelligent Computing: 7th International Conference, ICIC 2011, Zhengzhou, China, August 11-14, 2011. Revised Selected Papers 7, pp. 517–525 (2012). Springer

  20. Wang, B., Li, X., Aguiar, L.P., Menasche, D.S., Shafiq, Z.: Characterizing and modeling patching practices of industrial control systems. Proc. ACM Meas. Anal. Comput. Syst. 1(1) (2017)

  21. Wu, Q., Xiao, Y., Liao, X., Lu, K.: \(\{\)OS-Aware\(\}\) vulnerability prioritization via differential severity analysis. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 395–412 (2022)

  22. Qin, Y., Xiao, Y., Liao, X.: Vulnerability intelligence alignment via masked graph attention networks. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 2202–2216 (2023)

  23. Jiang, Z., Gan, S., Herrera, A., Toffalini, F., Romerio, L., Tang, C., Egele, M., Zhang, C., Payer, M.: Evocatio: Conjuring bug capabilities from a single poc. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 1599–1613 (2022)

  24. Xia, S., Lin, F., Chen, Z., Tang, C., Ma, Y., Yu, X.: A bayesian game based vehicle-to-vehicle electricity trading scheme for blockchain-enabled internet of vehicles. IEEE Trans. Veh. Technol. 69(7), 6856–6868 (2020)

    Article  MATH  Google Scholar 

  25. Hu, M., Xie, Z., Wu, D., Zhou, Y., Chen, X., Xiao, L.: Heterogeneous edge offloading with incomplete information: a minority game approach. IEEE Trans. Parallel Distrib. Syst. 31(9), 2139–2154 (2020)

    Article  MATH  Google Scholar 

  26. Jiang, D.: Static, completely static, and rational games of complete information and their different nash equilibria. Int. J. Innov. Comput. Inform. Control 4(3), 651–659 (2008)

    MATH  Google Scholar 

  27. Beckery, S., Seibert, J., Zage, D., Nita-Rotaru, C., Statey, R.: Applying game theory to analyze attacks and defenses in virtual coordinate systems. In: 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN), pp. 133–144 (2011). IEEE

  28. Zhang, H., Mi, Y., Liu, X., Zhang, Y., Wang, J., Tan, J.: A differential game approach for real-time security defense decision in scale-free networks. Comput. Netw. 224, 109635 (2023)

  29. Zhang, H., Jiang, L., Huang, S., Wang, J., Zhang, Y.: Attack-defense differential game model for network defense strategy selection. IEEE Access 7, 50618–50629 (2018)

    Article  MATH  Google Scholar 

  30. Xu, X., Wang, G., Hu, J., Lu, Y.: Study on stochastic differential game model in network attack and defense. Security and Communication Networks 2020, 1–15 (2020)

    MATH  Google Scholar 

  31. Zhang, H., Mi, Y., Fu, Y., Liu, X., Zhang, Y., Wang, J., Tan, J.: Security defense decision method based on potential differential game for complex networks. Computers & Security 129, 103187 (2023)

  32. Jingwei, L., Jingju, L., Yuliang, L., Bin, Y., Kailong, Z.: Optimal defense strategy selection method based on network attack defense game mode. Computer Science 45(6), 117–123 (2018)

    MATH  Google Scholar 

  33. Lee, W., Fan, W., Miller, M., Stolfo, S.J., Zadok, E.: Toward cost-sensitive modeling for intrusion detection and response. J. Comput. Secur. 10(1–2), 5–22 (2002)

    Article  MATH  Google Scholar 

  34. Lye, K.-W., Wing, J.M.: Game strategies in network security. Int. J. Inf. Secur. 4, 71–86 (2005)

    Article  MATH  Google Scholar 

  35. Yan, G., Lee, R., Kent, A., Wolpert, D.: Towards a bayesian network game framework for evaluating ddos attacks and defense. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 553–566 (2012)

  36. Vidal, E., Thollard, F., Higuera, C., Casacuberta, F., Carrasco, R.C.: Probabilistic finite-state machines - part i. IEEE Trans. Pattern Anal. Mach. Intell. 27(7), 1013–1025 (2005)

    Article  MATH  Google Scholar 

  37. Vidal, E., Thollard, F., Higuera, C., Casacuberta, F., Carrasco, R.C.: Probabilistic finite-state machines - part ii. IEEE Trans. Pattern Anal. Mach. Intell. 27(7), 1026–1039 (2005)

    Article  MATH  Google Scholar 

  38. Rabin, M.O.: Probabilistic automata. Information and control 6(3), 230–245 (1963)

    Article  Google Scholar 

  39. Tzeng, W.-G.: A polynomial-time algorithm for the equivalence of probabilistic automata. SIAM J. Comput. 21(2), 216–227 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  40. Ron, D., Singer, Y., Tishby, N.: Learning probabilistic automata with variable memory length. In: Proceedings of the Seventh Annual Conference on Computational Learning Theory, pp. 35–46 (1994)

  41. Neumann, J., Morgenstern, O.: Theory of Games and Economic Behavior. Theory of games and economic behavior. Princeton University Press, Princeton, NJ, US (1947)

    MATH  Google Scholar 

  42. Nash, J.F., Jr.: Equilibrium points in n-person games. Proc. Natl. Acad. Sci. 36(1), 48–49 (1950)

    Article  MathSciNet  MATH  Google Scholar 

  43. NASH, J.: Non-cooperative games. Ann. Math. 54(2), 286–295 (1951)

  44. Chatterjee, B.: An optimization formulation to compute nash equilibrium in finite games. In: 2009 Proceeding of International Conference on Methods and Models in Computer Science (ICM2CS), pp. 1–5 (2009)

  45. Gupta, M., Gupta, B.: An ensemble model for breast cancer prediction using sequential least squares programming method (slsqp). In: 2018 Eleventh International Conference on Contemporary Computing (IC3), pp. 1–3 (2018). IEEE

  46. Gong, M., Zhao, F., Zeng, S., Li, C.: An experimental study on local and global optima of linear antenna array synthesis by using the sequential least squares programming. Appl. Soft Comput. 148, 110859 (2023)

  47. Fracas, P., Camarda, K.V., Zondervan, E.: Shaping the future energy markets with hybrid multimicrogrids by sequential least squares programming. Physical Sciences Reviews 8(1), 121–156 (2023)

    Article  MATH  Google Scholar 

  48. Nowak, M., Walkowski, M., Sujecki, S.: Conversion of cvss base score from 2.0 to 3.1. In: 2021 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1–3 (2021)

Download references

Author information

Authors and Affiliations

  1. Department of Software and Microelectronics, Peking University, Beijing, 100871, China

    Hao Liu & Zhonghai Wu

  2. National Engineering Research Center for Software Engineering, Peking University, Beijing, 100871, China

    Zhonghai Wu

  3. QiAnXin Technology Group Co., Ltd, Beijing, 100044, China

    Hao Liu & Chong Wang

Authors
  1. Hao Liu
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Chong Wang
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Zhonghai Wu
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

All authors wrote and reviewed the manuscript.

Corresponding author

Correspondence to Zhonghai Wu.

Ethics declarations

Competing Interests

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, H., Wang, C. & Wu, Z. A probabilistic automata-based network attack-defense game model for data security by using security service chain. World Wide Web 28, 11 (2025). https://doi.org/10.1007/s11280-024-01304-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11280-024-01304-0

Keywords