Cybersecurity situational awareness method based on markov game theory
摘要
To address the challenges of evaluating threat propagation in network systems and proposing effective reinforcement strategies, this paper introduces a Cybersecurity Situational Awareness (CSA) method based on Markov game theory. By integrating security data from multiple sensors, the method normalizes information on assets, threats, and vulnerabilities for each identified threat and analyzes their propagation patterns to construct a corresponding Threat Propagation Network (TPN). A Markov game model is then developed, involving three entities: threat actors, system administrators, and ordinary users, which are analyzed through game-theoretic interactions. The model is optimized for real-time evaluation, providing continuous security assessments and recommending optimal reinforcement strategies for administrators. Experimental evaluations are conducted in a specific company network environment that includes DMZ servers, intranet VLANs, firewalls, routing devices, and a hardware intrusion detection system. The CSA system uses security monitoring data from this environment, including vulnerability scans, penetration testing, and intrusion-detection alarm logs, to compare the proposed Markov game model with a non-Markov-game baseline. The results demonstrate that the proposed method offers accurate, reliable assessments and more effective suppression of threat propagation, consistently achieving higher confidentiality values than the baseline. Existing cybersecurity methods typically fail to account for dynamic threat propagation and strategic interaction, leading to insufficient protection and inefficient response strategies. The contributions of this paper include the introduction of a dynamic, real-time security evaluation approach that integrates threat-propagation analysis with system-administrator strategy, offering robust game-theoretic model to assess network security from the perspectives of confidentiality, integrity, and availability. While the model provides real-time, accurate security assessments and identifies vulnerable network nodes for reinforcement, it also introduces increased computational demands due to the large state space of Markov game models, particularly in large-scale networks. Future work will focus on refining the model, exploring mixed-strategy equilibria to enhance decision-making, and continuously adjusting parameters in response to evolving network environments.