中图分类号： TP393
文献标识码： A
DOI： 10.19358/j.issn.2096-5133.2021.07.008
引用格式： 吕德龙，翁溪，周小为. 基于最优停止理论的网络欺骗防御策略优化[J].信息技术与网络安全，2021，40(7)：47-51.

Network deception defense strategy optimization based on optimal stopping theory

Abstract： Cyber deception defense has become an important means of active network defense. In the cyber deception defense system, the defender actively releases part of the effective information to confuse the attacker, and the deceived attacker will carry out further attacks in the deception trap environment until the attacker sees through the deception or the defender takes the initiative to expel the attacker. How to minimize the effective information released by the deceiving environment while achieving the effective defense effect，this papr analyzed the deception defense model and the optimal stopping theory problem model respectively, and established the element correspondence relationship between the deception defense model and the optimal stopping theory. Based on the optimal stopping theory, a model for maximizing information revenu was constructed. By analyzing the amount of information in each attack and the amount of effective information leakage, the model selects the ratio of the maximum amount of information to suppress subsequent attacks, solves the problem of maximizing information returns, and obtains the optimal suppression moment, that is, the optimal solution expression.

Key words : cyber deception defense；deception decision；optimal stopping theory；maximize information revenue Network and Information Security