CN107483486A - Network defense strategy selection method based on stochastic evolutionary game model - Google Patents

Abstract

The invention belongs to the technical field of network security, and particularly relates to a network defense strategy selection method based on a stochastic evolutionary game model, including: building an asymmetric network attack and defense stochastic evolutionary game model based on a random dynamic system; The network attack and defense stochastic evolutionary game system is obtained from the differential equation; the Milstein method is used to numerically solve the network attack and defense stochastic evolutionary game system to obtain the equilibrium solution of the offensive and defensive evolution; for the equilibrium solution of the offensive and defensive evolution, according to the stability theorem of the solution of the stochastic differential equation, both the offensive and the defensive The stability analysis of the policy selection state is carried out, and the network security defense strategy in the equilibrium solution is output. The invention solves the problem that the traditional deterministic game model is not accurate enough in the selection of network defense strategies, can more accurately analyze the random dynamic evolution process between the attack and defense decision makers with bounded rationality, enhances the practicability of security defense strategy selection, and has great impact on network security defense. Technology has important guiding significance.

Description

Network defense strategy selection method based on stochastic evolutionary game model

technical field

The invention belongs to the technical field of network security, in particular to a method for selecting a network defense strategy based on a stochastic evolutionary game model.

Background technique

At present, the means of network attacks are increasingly complex, intelligent, and diversified, and the attack goals of attackers are also increasingly driven by economic interests. Facing many challenges in the field of cyberspace security, enhancing cybersecurity defense capabilities, and ensuring cyberspace security have become urgent issues to be solved. Game theory is a decision-making theory that studies the direct interaction between the behaviors of decision-making subjects. It has characteristics such as goal antagonism, relationship non-cooperation, and strategy dependence, which are consistent with the basic characteristics of network attack and defense. Therefore, applying game theory to the modeling and analysis of the network attack and defense process has become a research hotspot in recent years. However, the existing research results have a common feature, that is, all models and methods are established under deterministic attack and defense conditions. In the actual attack and defense process, the selection of attack means, the change of system operating environment and the interference of other external factors all have certain randomness. Therefore, considering random factors can improve the effectiveness and accuracy of models and methods.

The essence of network security lies in the confrontation between attack and defense. Therefore, it is of great practical significance to study and explore network security analysis methods and defense technology systems from the perspective of attack and defense confrontation. Game theory is a decision-making theory that studies the direct interaction between the behaviors of decision-making subjects. It has characteristics such as goal antagonism, relationship non-cooperation, and strategy dependence, which are consistent with the basic characteristics of network attack and defense. Therefore, applying game theory to the modeling and analysis of the network attack and defense process has become a research hotspot in recent years. Because most of the traditional game models are based on the premise that the actors are completely rational, which is inconsistent with the actual situation, the evolutionary game theory based on incomplete rationality is more in line with the reality of offensive and defensive confrontation. Due to the influence of various random interference factors, the deterministic game model reduces its practical application value. The network attack-defense evolutionary game model ADEGM (Attack-Defense Evolutionary Game Model) is expressed as a 4-tuple, ADEGM=(N,S,P,U), where N ₌ ( _ND ,NA ) is the participant space of the evolutionary game . Among them, N _D is the defending party, and N _A is the attacking party. S=(DS, AS) is the game strategy space. Among them, DS＝{DS ₁ , DS ₂ ,...DS _n } represents the optional policy set of the defender, and AS＝{AS ₁ , AS ₂ ,...AS _m } represents the optional policy set of the attacker. P=(p,q) is the set of game beliefs. Among them, p _i represents the probability that the attacker chooses the attack strategy AS _i , and q _j represents the probability that the defender chooses the defense strategy DS _j . U=(UD , U _A ) is _a collection of profit functions, which represents the game profit of the participants, and is jointly determined by the strategies of all the participants. The application of traditional game theory to the selection of network security defense strategies has the following disadvantages: (1) The premise assumption of complete rationality of actors in the classic game model does not match the actual situation. not perfectly rational individuals. Neglecting the actor's bounded rationality conditions will have a significant impact on the final game result, making the final game equilibrium result quite different from the reality, thus reducing the effectiveness of the model and method. (2) The traditional evolutionary game theory is based on replicating the dynamic learning mechanism. Decision makers adjust their own strategies through learning to maximize their own benefits, but they do not consider the interference of various random factors in the game process. In the actual attack and defense process, the selection of attack means, the change of system operating environment and the interference of other external factors all have certain randomness. Therefore, ignoring the consideration of random factors will reduce the effectiveness and accuracy of models and methods.

Contents of the invention

Aiming at the deficiencies in the prior art, the present invention provides a network defense strategy selection method based on a stochastic evolutionary game model, which solves the problem that the traditional deterministic game model is not accurate enough in network defense strategy selection, and can more accurately analyze the attack and defense of bounded rationality The stochastic dynamic evolution process among decision makers enhances the practicability and guiding significance of security defense strategy selection.

According to the design scheme provided by the present invention, a method for selecting a network defense strategy based on a stochastic evolutionary game model includes:

Based on the stochastic dynamical system, build an asymmetric network attack and defense stochastic evolutionary game model; and learn from Gaussian white noise, use Itó stochastic differential equation to obtain the network attack and defense stochastic evolutionary game system;

Using the Milstein method to numerically solve the network attack and defense stochastic evolutionary game system, and obtain the equilibrium solution of the attack and defense evolution;

Aiming at the equilibrium solution of the evolution of attack and defense, according to the stability theorem of the stochastic differential equation solution, the stability analysis of the strategy selection state of both the attacker and the defense is carried out, and the network security defense strategy in the equilibrium solution is output.

As mentioned above, the network attack and defense stochastic evolutionary game model is represented by quintuples.

Preferably, the network attack and defense stochastic evolution model ADEGM=(N,S,P,Δ,U), where N=(N _D ,NA ₎ is the participant space of the evolutionary game, N _D represents the defender, and N _A represents Attacker; S=(DS,AS) is the game strategy space, DS represents the optional strategy set of the defender, AS represents the optional strategy set of the attacker; P=(q,p) is the game belief set, q represents the defense The probability set that the attacker chooses different defense strategies, p represents the probability set that the attacker chooses different attack strategies; Δ={δ ₁ ,δ ₂ } is the set of random interference strength coefficients, δ ₁ represents the influence strength coefficient of random interference on the defender, δ ₂ represents the influence intensity coefficient of random interference on the attacker, and satisfies δ ₁ >0, δ ₂ >0; U=( _{UD , U A )} is the game revenue function set, _UD represents the defender’s game revenue, U _A represents the game income of the attacker, and the attack and defense income value is jointly determined by the strategy selected by the attack and defense decision-maker.

Preferably, the defender's optional policy set DS={DS ₁ , DS ₂ }, where DS ₁ indicates that the defender adopts a strong defense strategy, and DS ₂ indicates that the defender adopts a weak defense strategy; the attacker's optional policy set AS ={AS ₁ , AS ₂ }, wherein, AS ₁ indicates that the attacker implements a strong attack strategy, and AS ₂ indicates that the attacker implements a weak attack strategy.

Preferably, the acquisition of the network attack and defense stochastic evolutionary game system includes the following content:

A1) Construct the defender’s type space set D={d _i , i≥1}; construct the defender’s optional strategy space set DS={DS _j ,1≤j≤m}, where m is the attacker’s decision maker Number of optional strategies;

A2), according to the attack strategy selected by the attacker, select the defense strategy DS _i with the probability q _i , where, 1≤i≤m;

A3), calculate the average income of the defender Construct a set of offensive and defensive random interference strength coefficients Δ={δ ₁ ,δ ₂ }, where δ ₁ >0,δ ₂ >0;

A4), learn from Gaussian white noise and use stochastic differential equations to describe the random interference of the evolutionary game between the attacker and the defense, and obtain the random replication dynamic differential equations of the defender and the attacker;

A5) Simultaneously replicate the dynamic differential equations of the defender and the attacker to obtain a stochastic evolutionary game system for network attack and defense.

Preferably, in A3), the average income of the defender is calculated Including: Combining the network attack and defense game tree to obtain the game income matrix; according to the game income matrix, calculate the average income of both attacking and defending parties, among which, the average income of the defending party is the defense's expected payoff.

Preferably, in A5), the network attack and defense stochastic evolutionary game system is expressed as:

,

Among them, C _d represents the defense cost when the defender chooses a strong defense strategy; C _a represents the attack cost when the attacker chooses a strong attack strategy; V _a represents that when the defender chooses a weak defense strategy, the attacker chooses a strong attack The attack return that the strategy can obtain; V _ad represents the attack return that the attacker can obtain when the defender chooses a strong defense strategy, and satisfies V _a >V _ad ; q(t) and 1-q(t) respectively Indicates the number of defenders who choose different defense strategies and the proportion of people who choose different defense strategies as a function of time; ω(t) belongs to the one-dimensional standard Brownian motion, which describes the game evolution in the network attack and defense process is affected by random interference factors.

Preferably, obtaining an equilibrium solution of attack and defense evolution, specifically includes:

B1), carry out stochastic Taylor expansion to the stochastic evolution differential equations of both the defender and the attacker in the network attack and defense stochastic evolutionary game system according to the Itó stochastic differential equation;

B2), using the Milstein method to numerically solve the differential equations in the network attack-defense stochastic evolutionary game system, and obtain the corresponding attack-defense evolutionary equilibrium solution.

Further, in B1), the Itó stochastic differential equation is expressed as dx(t)=f(t,x(t))dt+g(t,x(t))dω(t), where t∈[t ₀ , T], x(t ₀ )=x ₀ , x ₀ ∈ R, ω(t) belongs to one-dimensional standard Brownian motion, obeys normal distribution N(0,t), dω(t) obeys normal distribution N( 0,Δt), where T represents the continuation of the time dimension, and R is a real number.

As mentioned above, the stability analysis is carried out on the strategy selection state of the attacking and defending parties to verify the evolutionary stability strategy of the random evolutionary game system of the network attack and defense, including: when satisfying and C _d ≥ 1, And when C _a -V _ad ≥ 1, there is a unique evolutionary stable strategy ESS(0,0) in the network attack and defense stochastic evolutionary game system; when satisfying And C _d -V _a +V _ad +1≤0, And when C _a -V _a +1≤0, there is a unique evolutionary stable strategy ESS(1,1) in the network attack and defense stochastic evolutionary game system.

Beneficial effects of the present invention:

The present invention aims at the problems of various random interference factors in the offensive and defensive game system, in order to improve the validity and accuracy of the model, by referring to the concept of Gaussian white noise, it describes the changes of the system operating environment and the network topology in the process of the offensive and defensive game As well as various random disturbances such as the change of offensive and defensive strategies, the traditional replication dynamic evolutionary game method is improved, and the nonlinear Itó stochastic differential equation is used to construct a random network offensive and defensive evolutionary game model under asymmetric conditions, which is used to describe the real-time random dynamic evolution of network offensive and defensive confrontation process; numerically solve the attack-defense stochastic differential equation, and analyze the stability of the strategy selection state of both the attacker and the defense according to the stability discriminant theorem of the stochastic differential equation, and determine the security defense strategy of the stochastic attack-defense evolutionary game model; finally, the different The impact of random interference of intensity on the evolution rate of attack and defense decision-making can provide certain technical guidance for network attack behavior prediction and security defense strategy selection. Compared with the prior art, the present invention can more accurately analyze the random dynamic evolution process between attack and defense decision makers with bounded rationality, and the practicability and guiding significance of security defense strategy selection are stronger.

Description of drawings:

Figure 1 is the existing basic network attack and defense game tree;

Fig. 2 is a schematic flow chart of the method of the present invention;

Fig. 3 is the schematic diagram of the network attack and defense game tree in the embodiment;

Fig. 4 is a schematic diagram of the acquisition process of the network attack and defense random evolution game system in the embodiment;

Fig. 5 is the schematic flow diagram of obtaining the equilibrium solution of the attack-defense evolution in the embodiment;

Figure 6 is the evolution trend diagram of the zero-solution stability strategy of the defender in the simulation example;

Figure 7 is the evolution trend diagram of the zero-solution stability strategy of the attacker in the simulation example;

Figure 8 is the evolution trend diagram of the zero-solution non-stable strategy of the defender in the simulation example;

Figure 9 is the evolution trend diagram of the zero-solution unstable strategy of the attacker in the simulation example.

detailed description:

In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions. The technical term involved in the embodiment is as follows:

Evolutionary Game Theory: Originated from Darwin's theory of biological evolution, it inherits the theoretical explanation of biology for species evolution. Starting from the condition of individual bounded rationality and taking group behavior as the research object, it expounds the development process and evolution of biological species. In selection, the evolutionary game process of biological behavior is explained. Through long-term trial and error, imitation and improvement, all players in the game will tend to a stable strategy, which may be stable in the group organization for a long time. This stable strategy equilibrium is very similar to the evolutionary stable strategy of biological evolution. , in order to achieve a relatively harmonious game equilibrium state. Replicator Dynamic: In a group composed of bounded rational players, players through continuous trial and error, learning, and improving their own strategies, make the strategy with a better game result than the average level gradually adopted by more players, so that the group In , the proportion of players using various strategies will change. Nash Equilibrium: In the game G={S ₁ ,…,S _n ; u ₁ ,…,u _n }, a strategy combination composed of each player’s strategy In , the strategy of any player i If the conditions are met: is true for any s _ij ∈ S _i , then it is called is a Nash equilibrium of the game G. Bounded Rationality: means that actors find the optimal strategy through game analysis during the game process, and will not deviate from the optimal choice due to forgetting, mistakes, willful and other reasons. In traditional game theory, it is generally assumed that the actor is completely rational, that is, the actor has limited ability to judge and choose, and will "make mistakes" in the decision-making process. Evolutionary Stable Strategy (ESS, EvolutionaryStable Strategy): It refers to a strategy that will not be invaded by mutants under a clear definition. It is an equilibrium strategy with real stability and strong predictive ability in the evolutionary game. It is a robust equilibrium concept in biological evolution theory that has strong anti-interference ability and can still "recover" after being disturbed, and is the core equilibrium concept in evolutionary game analysis.

The existing network attack-defense evolutionary game model ADEGM (Attack-Defense Evolutionary Game Model) can be expressed as a 4-tuple, ADEGM=(N,S,P,U), where N ₌ ( _ND ,NA ) is the participation in the evolutionary game In the space of attackers, N _D is the defender, and N _A is the attacker. S=(DS, AS) is the game strategy space, DS={DS ₁ ,DS ₂ ,…DS _n } means the defender’s optional strategy set, AS={AS ₁ ,AS ₂ ,…AS _m } means the attacker An optional policy set for . P=(p,q) is the game belief set, p _i represents the probability that the attacker chooses the attack strategy AS _i , and q _j represents the probability that the defender chooses the defense strategy DS _j . U=(UD , U _A ) is _a collection of profit functions, which represents the game profit of the participants, and is jointly determined by the strategies of all the participants. In the network attack and defense confrontation, the decision makers of the attacker A and the defender D have multiple strategies to choose from, assuming that the optional strategy sets of the decision makers of both the attacker and the defense are {AS ₁ , AS ₂ ... AS _m }, {DS ₁ ,DS ₂ …DS _n } (where m,n∈N and m,n≥2), at different stages of the game process, the probability of the strategy being adopted by the offensive and defensive decision-makers is different, and this probability is learning over time Under the action of the mechanism, it is constantly changing, so that the selection of offensive and defensive strategies forms a dynamic process of change. The formed offensive and defensive game tree is shown in Figure 1. pi represents the probability of choosing the attack strategy AS _i , and _{q j} represents the probability of choosing the defense strategy DS _j . When different strategies are used for offensive and defensive confrontation, corresponding offensive and defensive benefits will be generated. Among them, a _ij and b _ij represent the respective incomes of the attacker and the defender when taking AS _i and DS _j respectively. For the defender, there are n possibilities for strategy selection, and the decision maker selects each defense strategy DS _i with different probabilities q _i , but the whole strategy set satisfies the condition: q ₁ +q ₂ +…+q _n =1. Similarly, the attacker has m optional strategies for itself, and the decision maker selects each attack strategy AS _i with different probabilities p _i , and the entire strategy set satisfies: p ₁ +p ₂ +...+p _m =1.

Based on the above conditions, calculate the expected return of the defender's different defense strategies and average earnings

Since those with low defensive payoffs will learn to imitate the strategies chosen by those with high payoffs, for the alternative strategies {DS ₁ ,DS ₂ …DS _n } in the defensive strategy set, the proportion of people who choose different strategies will occur over time The change is represented by q _i (t), where q _i (t) represents the proportion of people who choose the defense strategy DS _i , and satisfies: For a specific defense strategy DS _i , the proportion of people who choose this strategy is a function of time, and its dynamic change rate can be expressed by the replication dynamic equation:

Similarly, for the optional strategies {AS ₁ , AS ₂ …AS _m } in the attacking party’s strategy set, the proportion of people who choose different strategies changes dynamically with time, which are represented by p _i (t), where p _i (t )Satisfy: Any optional attack strategy AS _i for the attacker can get the corresponding replication dynamic equation:

Combining the above two replication dynamic equations, let By solving, the equilibrium state point of the network attack and defense evolutionary game can be obtained, and the analysis and prediction of security defense strategy selection can be realized. However, evolutionary game theory is based on replicating the dynamic learning mechanism. Decision makers adjust their own strategies through learning to maximize their own benefits, but they do not consider the interference of various random factors in the game process. In the actual attack and defense process, the selection of attack means, the change of system operating environment and the interference of other external factors all have certain randomness. Therefore, ignoring the consideration of random factors will reduce the effectiveness and accuracy of models and methods. In view of this, an embodiment of the present invention provides a method for selecting a network defense strategy based on a stochastic evolutionary game model, as shown in FIG. 2 , including:

101. Based on the stochastic dynamic system, build an asymmetric network attack and defense stochastic evolution game model; and learn from Gaussian white noise, use Itó stochastic differential equation to obtain the network attack and defense stochastic evolution game system;

102. Use the Milstein method to numerically solve the network attack and defense stochastic evolutionary game system, and obtain the equilibrium solution of the attack and defense evolution;

103. For the equilibrium solution of the evolution of attack and defense, according to the stability theorem of the stochastic differential equation solution, the stability analysis of the strategy selection state of both the attack and defense is carried out, and the network security defense strategy in the equilibrium solution is output.

Solve the problem that the traditional determined game model is not accurate enough in the selection of network defense strategies. In order to improve the validity and accuracy of the model, the present invention draws on the concept of Gaussian white noise to describe various random disturbances such as system operating environment changes, network topology changes, and offensive and defensive strategy changes in the offensive and defensive game process. By constructing a stochastic network attack-defense evolutionary game model under asymmetric conditions, it is used to describe the real-time stochastic dynamic evolution process of network attack-defense confrontation. The Itó stochastic differential equations of the offensive and defensive sides are numerically solved, and the stability analysis of the strategy selection state of the offensive and defensive sides is carried out according to the stability discriminant theorem of stochastic differential equations. The model and method can more accurately describe the dynamic change process of network attack and defense strategy selection.

Based on the stochastic dynamical system, combined with the characteristics of network attack and defense, and based on evolutionary game theory, a stochastic evolutionary game model of asymmetric network attack and defense under the condition of bounded rationality is constructed. In another embodiment of the present invention, the network attack and defense stochastic evolutionary game model is represented by a quintuple. Furthermore, the network attack and defense stochastic evolution model ADEGM=(N,S,P,Δ,U), where N=(N _D ,NA ₎ is the participant space of the evolutionary game, _ND represents the defender, and N _A represents Attacker; S=(DS,AS) is the game strategy space, DS represents the optional strategy set of the defender, AS represents the optional strategy set of the attacker; P=(q,p) is the game belief set, q represents the defense The probability set that the attacker chooses different defense strategies, p represents the probability set that the attacker chooses different attack strategies; Δ={δ ₁ ,δ ₂ } is the set of random interference strength coefficients, δ ₁ represents the influence strength coefficient of random interference on the defender, δ ₂ represents the influence intensity coefficient of random interference on the attacker, and satisfies δ ₁ >0, δ ₂ >0; U=( _{UD , U A )} is the game revenue function set, _UD represents the defender’s game revenue, U _A represents the game income of the attacker, and the attack and defense income value is jointly determined by the strategy selected by the attack and defense decision-maker.

For the process of network attack and defense confrontation, for the convenience of analysis, the defense strategy is divided into strong defense strategy and weak defense strategy according to the degree of defense strength, and the optional strategy set DS of the defender is constructed = {DS ₁ , DS ₂ }, where DS ₁ indicates that the defender adopts a strong defense strategy, and DS ₂ indicates that the defender adopts a weak defense strategy. Similarly, for the attacker, the attack strategy is divided into strong attack strategy and weak attack strategy, and the optional strategy set AS={AS ₁ , AS ₂ } for the attacker is constructed, where AS ₁ means that the attacker implements a strong attack strategy , AS ₂ indicates that the attacker implements a weak attack strategy. Another embodiment of the present invention, as shown in Figure 4, the acquisition of the network attack and defense random evolution game system includes the following content:

201), constructing the defender's type space set D={d _i , i≥1}; constructing the defender's optional strategy space set DS={DS _j ,1≤j≤m}, where m is the attacker's decision maker Number of optional strategies;

202), for the attack strategy selected by the attacker, select the defense strategy DS _i with probability q _i , where, 1≤i≤m;

203), calculate the average income of the defender Construct a set of offensive and defensive random interference strength coefficients Δ={δ ₁ ,δ ₂ }, where δ ₁ >0,δ ₂ >0;

204), referring to Gaussian white noise and using stochastic differential equations to describe the random interference of the evolutionary game between the attacker and the defense, and obtaining the random replication dynamic differential equations of the defender and the attacker;

205), the random replication dynamic differential equations of the defender and the attacker simultaneously, and a random evolutionary game system of network attack and defense is obtained.

In the process of network offensive and defensive confrontation, at different stages of the game process, the probability of the strategy being adopted by the offensive and defensive decision makers is different, and the probability is constantly changing with the passage of time under the action of the learning mechanism, so that the selection of offensive and defensive strategies forms a dynamic process. . The corresponding network attack and defense game tree is shown in Figure 3. p represents the probability that the attacker chooses the attack strategy AS ₁ , 1-p represents the probability of selecting the attack strategy AS ₂ , and satisfies p∈[0,1]; q represents the defense is the probability of selecting defense strategy DS ₁ , 1-q represents the probability of selecting defense strategy DS ₂ , and satisfies q∈[0,1]. d _ij represents the defense revenue generated by the attack-defense strategy pair (AS _i , DS _j ), and a _ij represents the attack revenue value generated by the attack-defense strategy pair (AS _i , DS _j ). The revenue matrix of this game is shown in Table 1 .

Table 1 Network attack and defense game income matrix

Among them, V _n represents the fixed income that the information assets owned by the defender itself can bring;

C _d represents the defense cost required when the defender chooses a strong defense strategy;

C _a represents the attack cost required when the attacker chooses a strong attack strategy;

V _a represents the attack return that the attacker can obtain by choosing a strong attack strategy when the defender chooses a weak defense strategy;

V _ad represents the attack reward that the attacker can obtain by choosing a strong attack strategy when the defender chooses a strong defense strategy, and satisfies Va _a >V _ad .

In the game process, it is assumed that the cost of the weak attack and defense strategy is 0 relative to the strong attack and defense strategy.

Based on this, the expected return of the defender is calculated respectively and average earnings

In the process of offense and defense, as the game is repeated, different defense decision makers learn from each other and adjust their own strategies to optimize their own strategies. Therefore, the number of defenders who choose different defense strategies is changing dynamically, and the proportion of people who choose different defense strategies is a function of time, expressed as q(t) and 1-q(t) respectively. For the strong defense strategy (DS ₁ ), the following replication dynamic equation can be used to describe its dynamic evolution process:

Since 1-q(t)∈[0,1], it can be deduced that it will not affect the evolution result of defense strategy selection. Therefore, the above formula can be transformed into the following form:

Through the analysis, it can be seen that the rate of change of the proportion of defense decision makers choosing strategy DS ₁ over time The difference between the expected return of choosing a strong defense strategy and the expected return of a weak defense strategy into a positive correlation.

In order to describe the actual network attack and defense game process more accurately, the concept of Gaussian white noise is used for reference, and stochastic differential equations are used to describe various random disturbances in the game system, such as random changes in the defensive strategy of the defender, changes in the information system environment, and changes in the network structure. The random replication dynamic differential equation of the defender can be obtained

Similarly, for the attacker, the expected benefits of different attack strategies of the attacker can be obtained and average earnings

Then the evolutionary game replication dynamic equation of the attacker is obtained:

In the same way, the random replication dynamic differential equation of the attacker:

The stochastic replication dynamic differential equations of the offensive and defensive parties are Itó stochastic differential equations commonly used in stochastic analysis theory, which respectively represent the dynamic evolution process of the offensive and defensive parties. Among them, ω(t) belongs to the one-dimensional standard Brownian motion, that is, an irregular random The fluctuation phenomenon can well describe how the game evolution is affected by random disturbance factors in the process of network attack and defense. Given time t, ω(t) obeys normal distribution N(0,t); dω(t) represents random interference, when t>0 and step size h>0, its increment Δω(t)=ω (t+h)-ω(t) obeys normal distribution δ _i represents the random interference strength of both attackers and defenders, and satisfies δ _i >0. Therefore, the evolution of p(t) and q(t) also becomes a random process, so that the random replication dynamic differential equations of both attackers and defenders constitute a random attack and defense evolution system.

In the evolution process of the offensive and defensive game, there are many disturbance factors that affect the stability of the system, including both external factors and internal factors, each of which does not play a decisive role in system stability.

with It is determined that the values of p(t) and q(t) are between the interval [0,1], which is in line with its actual meaning.

with The maximum value is reached when and only when 1-q(t)=q(t) and 1-p(t)=p(t) are satisfied, that is, the disturbance is maximum. When the proportion of the number of people selected by the two defense strategies is the same, the stability of the system is most likely to be disturbed. On the contrary, if the proportions of the two defense strategies differ greatly, the disturbance is small.

Combining the stochastic replication dynamic differential equations of both offensive and defensive parties, the network offensive and defensive stochastic evolutionary game system can be obtained:

Since the stochastic attack-defense evolution differential equation system established above is composed of nonlinear Itó stochastic differential equations, the analytical solution of the equation cannot be directly obtained. For this reason, in another embodiment of the present invention, referring to FIG. 5, the attack-defense evolution is obtained Equilibrium solution, specifically including:

301), carry out stochastic Taylor expansion to the stochastic evolution differential equations of both the defender and the attacker in the network attack and defense stochastic evolutionary game system according to the Itó stochastic differential equation;

302), using the Milstein method to numerically solve the differential equation in the network attack and defense stochastic evolutionary game system, and obtain the corresponding attack and defense evolutionary equilibrium solution.

Combining the stochastic Taylor expansion and Itó stochastic formula, the dynamic differential equations of the random replication of the offensive and defensive sides are expanded and solved.

For Itó stochastic differential equation: dx(t)=f(t,x(t))dt+g(t,x(t))dω(t), where t∈[t ₀ ,T], x(t ₀ )=x ₀ , x ₀ ∈ R, ω(t) one-dimensional standard Brownian motion, obeys normal distribution N(0,t), and dω(t) obeys normal distribution N(0,Δt). Let h=(Tt ₀ )/N, t _n =t ₀ +nh, carry out the Itó stochastic differential equation and carry out stochastic Taylor expansion, and get

x(t _n+1 )＝x(t _n )+K ₀ f(x(t _n ))dt+K ₁ g(x(t _n ))+K ₁₁ M ¹ g(x(t _n ))+ K ₀₀ M ⁰ f(x(t _n ))+R

, where R represents the remainder of the expansion, and

K ₀ =h; K ₁ =Δω _n ;

On this basis, the Itó stochastic differential equation can be expressed as

Thus, the stochastic Taylor expansion of the stochastic evolutionary differential equation of the defender can be obtained

which is

Similarly, for the stochastic evolutionary differential equation of the attacker, random Taylor expansion can be obtained

Among them, R ₁ and R ₂ respectively represent the remainder of the offensive and defensive differential expansion. The stochastic Taylor expansion is the basis for the numerical solution of stochastic differential equations. In the solution process, the Euler method and the Milstein method are generally used to numerically solve the model. The solution process of the Euler method and the Milstein method are based on the Taylor expansion. Item gets. For the random evolutionary game model of network attack and defense established by the present invention, the Milstein method is used to numerically solve the attack and defense stochastic differential equation. The expression of the Milstein method is as follows:

According to the above formula, the numerical solution to the network attack and defense stochastic evolution differential equations (10) and (15) can be realized, and the corresponding attack and defense evolution equilibrium solution can be obtained.

Aiming at the equilibrium solution of the game system, according to the stability discriminant theorem of stochastic differential equations, the stability analysis of the strategy selection state of both attackers and defenders is carried out.

Given a stochastic differential equation:

dx(t)=f(t,x(t))dt+g(t,x(t))dω(t),x(t ₀ )=x ₀

Note that x(t)=x(t,x ₀ ) belongs to the solution of the above differential equation. For the convenience of analysis, it is assumed that x(t), f(t,x(t)), g(t,x(t)) are all is a scalar. Assuming that there is function V(t,x) and normal constants c ₁ , c ₂ satisfy

c ₁ |x| ^p ≤V(t,x)≤c ₂ |x| ^p ,t≥0.

(1) If there is a constant γ, satisfying:

LV(t,x)≤-γV(t,x),t≥0.

Then the p-th order moment expectation index of the zero solution of differential equation (21) is stable, and holds

E|x(t,x ⁰ )| ^p <(c ² /c ¹ )|x ⁰ | ^p e ^-γt ,t≥0.

(2) If there is a constant γ, satisfying:

LV(t,x)≥γV(t,x),t≥0.

Then the p-th order moment expectation index of the zero solution of differential equation (21) is unstable, and holds

E|x(t,x ⁰ )| ^p ≥(c ² /c ¹ )|x ⁰ | ^p e ^-γt ,t≥0.

According to the above content, the stability criterion of the stochastic attack-defense evolutionary system can be obtained through analysis.

For the stochastic evolutionary differential equation of the defender, let V(t,q(t))=q(t), q(t)∈[0,1], c ₁ =c ₂ =1, p=1, γ= 1, then LV(t,q(t))=f(t,q(t)), then satisfy:

(1) when And when C _d ≥ 1, the expected moment of the zero solution of stochastic differential equation (10) is exponentially stable;

(2) when And when C _d -V _a +V _ad +1≤0, the expected moment of the zero solution of stochastic differential equation (10) is exponentially unstable.

For the stochastic evolutionary differential equation of the defender, it is known that c ₁ =c ₂ =1, p=1, γ=1, V(t,q(t))=q(t), q(t)∈[0, 1], LV(t,q(t))=f(t,q(t))=q(t)[(V _a -V _ad )p(t)-C _d ], the defender’s random If the evolutionary differential equation satisfies the zero-solution expected moment exponential stability, it needs to satisfy

LV(t,q(t))≤-γV(t,q(t))

which is

q(t)[(V _a -V _ad )p(t)-C _d ]≤-q(t)

further can be obtained

q(t)[(V _a -V _ad )p(t)-(C _d -1)]≤0

It can be seen from q(t)∈[0,1],

(V _a -V _ad )p(t)-(C _d -1)≤0

And because V _a >V _ad , we can get

and satisfied

which is

And C _d ≥ 1. The proof is completed.

(2) To make the stochastic evolutionary differential equation of the defender satisfy the zero-solution expected moment exponential instability, it is necessary to satisfy

LV(t,q(t))≥γV(t,q(t))

which is

q(t)[(V _a -V _ad )p(t)-C _d ]≥q(t)

further can be obtained

q(t)[(V _a -V _ad )p(t)-(C _d +1)]≥0

From q(t)∈[0,1], we can get

(V _a -V _ad )p(t)-(C _d +1)≥0

According to V _a >V _ad can be obtained

and satisfied

which is

And C _d -V _a +V _ad +1≤0. The proof is completed.

From the above, it can be seen that when the conditions are met And when C _d ≥ 1, as the attack-defense game repeats, the network defender will eventually choose a weak defense strategy and reach an evolutionary stable state; on the contrary, when the condition is satisfied And when C _d -V _a +V _ad +1≤0, as the attack-defense game progresses, network defenders are more inclined to choose a strong defense strategy, and those who choose a weak defense strategy will constantly adjust their own strategy and choose a strong defense strategy, so that Maximize your own profit.

For the stochastic evolutionary differential equation of the attacker, let V(t,p(t))=p(t), p(t)∈[0,1], c ₁ =c ₂ =1, p=1, γ= 1, then LV(t,p(t))=f(t,p(t)), then satisfy:

(1) when And when C _a -V _ad ≥ 1, the expected moment of the zero solution of stochastic differential equation (15) is exponentially stable;

(2) when And when C _a -V _a +1≤0, the expected moment of the zero solution of stochastic differential equation (15) is exponentially unstable.

It can be seen from this that when the conditions And when C _a -V _ad ≥ 1, with the repetition of the offensive and defensive game, the network attacker will eventually choose a weak attack strategy, and the game system will reach an evolutionary stable state; when the condition is satisfied And when C _a -V _a +1 ≤ 0, the attacker is profitable. At this time, the attacker is more inclined to a strong attack strategy, and adjusts the strategy through continuous learning to maximize the profit.

Combining the above content of the stochastic evolutionary differential equations of the offensive and defensive sides, it can be seen that when the condition and C _d ≥ 1, And when C _a -V _ad ≥ 1, there is a unique evolutionary stable strategy ESS(0,0) in the network attack and defense game system, that is, the attacker implements a weak attack strategy, and the defender chooses a weak defense strategy; when the condition is met And C _d -V _a +V _ad +1≤0, And when C _a -V _a +1≤0, the game system has a unique evolutionary stable strategy ESS(1,1), that is, the attacker implements a strong attack strategy, and the defender chooses a strong defense strategy, which is constantly evolving with the actual network attack and defense confrontation Upgrades remain consistent.

The basic idea of obtaining the security defense strategy is to solve the evolutionary equilibrium of the game model based on the establishment of the attack-defense stochastic evolutionary game model, and select the security defense strategy based on the obtained evolutionary stable equilibrium solution. For the defender, this embodiment provides a security defense strategy selection algorithm based on stochastic evolutionary game theory, specifically as shown in Algorithm 1:

Algorithm 1: Security defense strategy selection algorithm based on stochastic evolutionary game model

Input: network attack and defense game tree

Output: security defense strategy

BEGIN

1. Initialize;

2. Construct the type space set D={d _i ,i≥1} of the defender;

3. Construct the defender's optional strategy space set DS={DS _j ,1≤j≤m};

4. According to the attack strategy selected by the attacker, select a reasonable defense strategy DS _i with probability q _i (1≤i≤m), where

5. According to the attack and defense strategy pair {AS _i , DS _j } selected by the attack and defense sides, the defense benefit value b _ij is obtained;

6. Calculate the expected return of each defense strategy Where n represents the number of strategies of the attacker;

7. Calculate the average benefit of the defender

8. Construct a set of offensive and defensive random interference strength coefficients Δ={δ ₁ ,δ ₂ }, where δ ₁ >0,δ ₂ >0;

9. Establish the dynamic evolution equation of the defender's random replication

10. Perform random Taylor expansion on the random evolutionary differential equation of the defender,

11. Use the Milstein method to numerically solve the offensive and defensive stochastic differential equations;

12. Output the security defense strategy in the equilibrium solution;

END

The time complexity of this algorithm mainly focuses on the solution of the stochastic differential equation, and its time complexity is O((m+n) ² ); the space consumption of this algorithm mainly focuses on the storage of the profit value and the intermediate results of the equilibrium solution. Its space complexity is O(nm).

In order to verify the effectiveness of the present invention, further analysis will be carried out through specific simulation experiments: for the stochastic attack-defense evolutionary game model and solution analysis process proposed by the invention, Matlab 2014 is used for numerical simulation. Assume that there are two optional strategies for both the attacker and the defender, AS={strong attack strategy, weak attack strategy}, DS={strong defense strategy, weak defense strategy}. In the simulation process, take the simulation step size h=0.01 to simulate the evolution process of the strategies of the attacking and defending parties under different conditions. Assume that the strategy selects the initial state as q(0)=0.5, p(0)=0.5. Given the income of the offensive and defensive game, by changing the random disturbance intensity coefficient δ _i of the offensive and defensive, observe the influence of the random disturbance intensity δ _i on the evolution of the game between the offensive and defensive parties.

(1) During the attack-defense game, assume that the attack cost is C _a = 10, the defense cost is C _d = 10, the asset income of the defender is V _n = 20, and the attack return when the defender chooses a weak defense strategy is V _a =10, when the defender chooses a strong defense strategy, the attack reward is V _ad =5. at this time, For the random evolution process of the defender, satisfy the zero-solution-moment exponential stability condition of the stochastic differential equation (10) And C _d ≥ 1, the network defender will tend to choose a weak defense strategy. As the game progresses, the defender will eventually stabilize at the evolution state of q(t) = 0, that is, all defenders choose a weak defense strategy.

For the strategy evolution of the defender, the Milstein method is used for numerical simulation, and the random disturbance intensity coefficients are set to δ ₁ = 0.5, δ ₁ = 2, δ ₁ = 5, which are used to analyze the evolution law of the defense strategy under different random disturbances. Figure 6 is the evolution trend diagram of the zero-solution stability strategy of the defender, where the abscissa N represents the number of samples, and the ordinate q(t) represents the proportion of strong defense strategies selected.

It can be seen from Figure 6 that the selection of the strong defense strategy of the defender presents certain fluctuations in the evolution process, indicating that the random interference in the system has a certain impact on the evolution of the defense strategy. In addition, as the interference intensity δ ₁ decreases, the number of simulations required for the evolution of the defense strategy to reach a steady state decreases (when δ ₁ =0.5, the defense strategy reaches a stable state after 16 simulations; and when δ ₁ =5, the simulation 31 times to reach a stable state), indicating that the smaller the interference intensity of random factors, the defender is more inclined to choose a weak defense strategy.

Similarly, for the random evolution process of the attacker, And C _a -V _ad = 5, satisfying the zero-moment exponential stability condition of the stochastic differential equation (15) And C _a -V _ad ≥ 1, the network attacker tends to choose to implement a weak attack strategy. As the game progresses, the attacker will eventually stabilize at the evolution state of p(t) = 0, that is, all attackers choose to implement a weak attack strategy Strategy.

Aiming at the strategy evolution of the attacker, the values of random disturbance strength coefficients δ ₂ =0.5, δ ₂ =2, and δ ₂ =5 are used to analyze the evolution law of the attack strategy under different random disturbances. Figure 7 shows the evolution trend of the attacker's zero-solution stability strategy, where the abscissa N represents the number of samples, and the ordinate p(t) represents the proportion of strong attack strategies selected and implemented.

It can be seen from Figure 7 that as the interference intensity δ ₂ decreases, the number of times that the strong attack strategy evolves to a steady state decreases (when δ ₂ =0.5, the attack strategy reaches a stable state after 16 simulations; and when δ ₂ =5, It takes 29 simulations to reach a steady state), indicating that the smaller the interference intensity of random factors, the more inclined the attacker is to choose a weak attack strategy.

(2) During the attack-defense game, assume that the attack cost is C _a = 4, the defense cost is C _d = 5, the asset income of the defender is V _n = 20, and the attack return when the defender chooses a weak defense strategy is V _a =15, when the defender chooses a strong defense strategy, the attack reward is V _ad =2. at this time, And C _d −V _a +V _ad +1=−7. For the random evolution process of the defender, satisfy the zero-solution-moment exponential instability condition of the stochastic differential equation (10) And C _d -V _a +V _ad +1≤0, the network defender will tend to choose a strong defense strategy. As the game progresses, the defender will eventually stabilize at the evolution state of q(t)=1, that is, all defenses choose a strong defense strategy.

Based on the above conditions, the Milstein method is used to numerically simulate the evolution of the defender's selection of a strong defense strategy, and the values of the random disturbance intensity coefficients are δ ₁ = 0.5, δ ₁ = 2, and δ ₁ = 5, which are used to analyze the The evolution law of the defense strategy. The evolution trend of the defender's zero-solution non-stable strategy is shown in Figure 8.

It can be seen from Figure 8 that the defense strategy selected by the defender presents certain fluctuations in the evolution process, indicating that the random interference in the system has a certain impact on the evolution of the defense strategy. In addition, as the interference intensity δ ₁ decreases, the more simulation times the defense strategy evolution needs to reach a steady state (when δ ₁ =0.5, the defense strategy reaches a stable state after 39 simulations; and when δ ₁ =5, the simulation 27 times to reach a stable state), indicating that the smaller the interference intensity of random factors, the more inclined the defender is to choose a weak defense strategy.

In the same way, And C _a -V _a +1=-10, for the random evolution process of the attacker, the zero-solution-moment exponential instability condition of stochastic differential equation (15) is satisfied And C _a -V _a +1<0, network attackers tend to choose to implement a strong attack strategy, as the game progresses, the attacker will eventually stabilize at the evolution state of p(t)=1, that is, all attackers choose to implement Strong network attack.

Aiming at the strategy evolution of the attacker, the values of random disturbance strength coefficients δ ₂ =0.5, δ ₂ =2, and δ ₂ =5 are used to analyze the evolution law of the attack strategy under different random disturbances. The evolution trend of the zero-solution non-stable strategy of the attacker is shown in Figure 9.

It can be seen from Figure 9 that as the interference intensity δ ₂ decreases, the number of times the strong attack strategy evolves to a steady state increases (when δ ₂ =0.5, the attack strategy reaches a stable state after 37 simulations; and when δ ₂ =5, It takes 24 simulations to reach a steady state), indicating that the smaller the interference intensity of random factors, the more inclined the attacker is to choose to implement a weak attack strategy.

In summary, different random disturbance intensities have different effects on the evolution rate of the attack-defense game system, and the greater the disturbance intensity, the defender is more inclined to choose a strong defense strategy, and the attacker is more inclined to choose a strong attack strategy. The experimental results are consistent with Systems in stochastic control theory pursue stability consistently. When there is random disturbance, the system prevents the disturbance from destroying the stability of the system by strengthening the strength of attack and defense. The present invention aims at the problems of various random interference factors in the offensive and defensive game system, in order to improve the validity and accuracy of the model, by referring to the concept of Gaussian white noise, it describes the changes of the system operating environment and the network topology in the process of the offensive and defensive game As well as various random disturbances such as the change of offensive and defensive strategies, the traditional replication dynamic evolutionary game method is improved, and the nonlinear Itó stochastic differential equation is used to construct a random network offensive and defensive evolutionary game model under asymmetric conditions, which is used to describe the real-time random dynamic evolution of network offensive and defensive confrontation process. The attack and defense stochastic differential equations are numerically solved, and the stability analysis of the strategy selection state of both the attacker and the defense is carried out according to the stochastic differential equation stability discriminant theorem, and a security defense strategy selection algorithm based on the stochastic attack and defense evolutionary game model is designed. The influence of different strengths of random interference on the evolution rate of attack and defense decision-making is verified by simulation, which can provide certain guidance for network attack behavior prediction and security defense strategy selection. Compared with the prior art, the present invention can more accurately analyze the random dynamic evolution process between attack and defense decision makers with bounded rationality, and the practicability and guiding significance of security defense strategy selection are stronger.

Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part.

The units and method steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the interchangeability of hardware and software, in the above description The composition and steps of each example have been generally described in terms of functions. Whether these functions are performed by hardware or software depends on the specific application and design constraints of the technical solution. Those of ordinary skill in the art may use different methods to implement the described functions for each particular application, but such implementation is not considered to exceed the scope of the present invention.

Those of ordinary skill in the art can understand that all or part of the steps in the above method can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium, such as: a read-only memory, a magnetic disk or an optical disk, and the like. Optionally, all or part of the steps in the above embodiments can also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiments can be implemented in the form of hardware, or can be implemented in the form of software function modules. The form is realized. The present invention is not limited to any specific combination of hardware and software.

The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the application. Therefore, the present application will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A network defense strategy selection method based on a random evolutionary game model is characterized by comprising the following steps:

constructing an asymmetric network attack and defense random evolution game model based on a random power system; by taking the reference of Gaussian white noise, obtaining a network attack and defense random evolutionary game system by using an It and an random differential equation;

the method comprises the steps that a Milstein method is adopted to carry out numerical solution on a network attack and defense random evolution game system, and equilibrium solution of attack and defense evolution is obtained;

aiming at the equilibrium solution of attack and defense evolution, the stability analysis is carried out on the strategy selection states of both the attack and defense parties according to the stability theorem of the random differential equation solution, and the network security defense strategy in the equilibrium solution is output.

2. The method for selecting the network defense strategy based on the random evolution game model as claimed in claim 1, wherein the network attack and defense random evolution game model is expressed by quintuple.

3. The method for choosing network defense strategy based on random evolution game model as claimed in claim 2, wherein the network attack and defense random evolution model ADEGM = (N, S, P, Δ, U), wherein N = (N) _D ,N _A ) Is the participant space of the evolving game, N _D Representing a defensive party, N _A Representing an attacker; s = (DS, AS) is a game policy space, DS denotes an optional policy set of defenders, AS denotes an optional policy set of attackers; p = (q, P) is a game belief set, q represents a probability set that a defender selects different defense strategies, and P represents a probability set that an attacker selects different attack strategies; Δ = { δ ₁ ,δ ₂ Is the set of random interference strength coefficients, δ ₁ Representing the strength factor, δ, of the effect of random disturbances on the defender ₂ Representing the influence intensity coefficient of random interference on an attacker and satisfying delta ₁ >0,δ ₂ >0；U＝(U _D ,U _A ) Is a set of game revenue functions, U _D Expressing the game income of defenders, U _A And the game income of the attackers is represented, and the value of the attack and defense income is jointly determined by the strategy selected by the attack and defense decision maker.

4. The method for choosing network defense strategies based on random evolution game model as claimed in claim 3, wherein the optional strategy set DS = { DS of defensive party ₁ ,DS ₂ In which DS is ₁ Indicating that defender adopted Strong defense strategy, DS ₂ Representing the defender to adopt a weak defense strategy; optional policy set AS = { AS for aggressor ₁ ,AS ₂ Where AS ₁ Representing attackers implementing a strong attack strategy, AS ₂ Representing an attacker implementing a weak attack strategy.

5. The method for selecting the network defense strategy based on the random evolutionary game model according to claim 4, wherein the obtaining of the network defense random evolutionary game system comprises the following contents:

a1 A (c), (c) constructing type space set D = { D) of defenders _i I is more than or equal to 1}; constructing defender-selectable policy space set DS = { DS _j J is more than or equal to 1 and less than or equal to m, wherein m is the number of strategies selectable by an attacker decision maker;

a2 Selected attack strategy for the attacker with probability q) _i Selecting a defense strategy DS _i Wherein, in the step (A),

a3 Computing average profit for defensive partyConstructing an attack and defense random interference intensity coefficient set delta = { delta = ₁ ,δ ₂ In which is delta ₁ >0,δ ₂ >0；

A4 The Gaussian white noise is used for reference, random interference of evolutionary game of an attack party and a defense party is described by adopting a random differential equation, and a randomly copied dynamic differential equation of the defense party and the attack party is obtained;

a5 And) randomly copying a dynamic differential equation of the simultaneous defense party and the attacking party to obtain the network attack and defense random evolution game system.

6. The method for choosing network defense strategy based on random evolution game model as claimed in claim 5, wherein the average profit of the defenders is calculated in A3)Comprises the following steps: acquiring a game income matrix by combining a network attack and defense game tree; calculating the average income of the attacking party and the defending party according to the game income matrix, wherein the average income of the defending party Is the expected revenue for the defender.

7. The method for selecting the network defense strategy based on the random evolution game model according to claim 5, wherein in A5), the network attack and defense random evolution game system is represented as:

，

wherein, C _d Representing the defense cost required by the defensive party when selecting the strong defense strategy; c _a Representing the attack cost required by an attacker for selecting a strong attack strategy; v _a When the defending party selects the weak defending strategy, the attacking party selects the attack return which can be obtained by the strong attacking strategy; v _ad When representing that the defense Fang Xuanqu is a strong defense strategy, the attacker selects the attack return which can be obtained by the strong attack strategy and meets the requirement of V _a >V _ad (ii) a q (t) and 1-q (t) respectively represent the functions of the number of defenders selecting different defense strategies and the proportion of the number of the defenders selecting different defense strategies with respect to time; omega (t) belongs to one-dimensional standard Brown motion and describes the influence of random interference factors on game evolution in the network attack and defense process.

8. The method for selecting the network defense strategy based on the random evolution game model according to claim 1, wherein the step of obtaining a balanced solution of attack and defense evolution specifically comprises the following steps:

b1 Performing random Taylor expansion on the random evolution differential equation of both a defense party and an aggressor in the network attack and defense random evolution game system according to It and the random differential equation;

b2 And) carrying out numerical solution on a differential equation in the network attack and defense random evolution game system by adopting a Milstein method to obtain a corresponding attack and defense evolution equilibrium solution.

9. The method for choosing network defense strategy based on random evolutionary game model in claim 8, wherein in B1), it is expressed as dx (t) = f (t, x (t)) dt + g (t, x (t)) d ω (t), where t e [ t ], (r) ] ₀ ,T]，x(t ₀ )＝x ₀ ，x ₀ e.R, ω (T) belongs to a one-dimensional standard Brown motion, obeying a normal distribution N (0,t), d ω (T) obeys a normal distribution N (0, Δ T), where T represents the continuation of the time dimensionAnd R is a real number.

10. The method for selecting the network defense strategy based on the random evolutionary game model as claimed in claim 7, wherein the strategy selection states of both the attacking and defending parties are subjected to stability analysis to verify the evolutionary stable strategy of the network attacking and defending random evolutionary game system, comprising: when it satisfiesAnd C _d ≥1，And C _a -V _ad When the network attack and defense random evolution game system is more than or equal to 1, a unique evolution stable strategy ESS (0,0) exists in the network attack and defense random evolution game system; when it is satisfied withAnd C _d -V _a +V _ad +1≤0，And C _a -V _a When +1 is less than or equal to 0, the network attack and defense random evolution game system has a unique evolution stable strategy ESS (1,1).