科研管理 ›› 2019, Vol. 40 ›› Issue (11): 164-174.

• 论文 • 上一篇    下一篇

网络空间安全视阈下恶意软件攻防策略研究

董坤祥1,谢宗晓2,甄杰3   

  1. 1山东财经大学 管理科学与工程学院,山东 济南250014;
    2中国金融认证中心,北京100054;
    3重庆工商大学 商务策划学院,重庆400067
  • 收稿日期:2016-09-13 修回日期:2018-06-15 出版日期:2019-11-20 发布日期:2019-11-25
  • 通讯作者: 谢宗晓
  • 基金资助:
    国家社会科学基金青年项目“强制性标准下企业信息安全外包与保险决策的协同机制及风险控制研究(17CGL019)”。

The offense-defense strategies against malware under the visual threshold of cyberspace security

Dong Kunxiang1, Xie Zongxiao2, Zhen Jie3   

  1. 1. School of Management Science and Engineering, Shandong University of Finance and Economics, Jinan 250014, Shandong, China;
    2. China Financial Certification Authority, Beijing 100054, China; 
    3. School of Business Planning, Chongqing Technology and Business University, Chongqing 400067, China
  • Received:2016-09-13 Revised:2018-06-15 Online:2019-11-20 Published:2019-11-25

摘要: 网络空间安全是国家安全和经济安全的基础。本文基于恶意软件的两种攻击方式和三种用户防治策略,构建网络空间安全视阈下恶意软件攻防的系统动力学模型,对攻防组合策略进行了交叉分析,并用调研数据验证了模型的有效性。研究发现:在恶意软件的预防、应对阶段,安全教育和安全工具投资可抑制恶意软件传播,减少系统安全脆弱性;恢复阶段的成本投入可减少用户损失;针对不同的防治目标,用户应采取不同的组合防治策略。最后提出的对策建议为用户实施有效的恶意软件防治提供理论与实践指导。

关键词: 网络空间安全, 恶意软件, 攻防策略, 系统动力学

Abstract: With the rapid development of information technology, the cyberspace which is composed of Internet, communication network, computer system, automation control system, digital equipment and its applications is changing the styles of people’s production and life, and improving the levels of enterprise automation and digitization. However, while enjoying the fruits of information technology, enterprises are also facing increasingly with complex cyberspace security threats. For example, frequency malware attacks and data breaches have led to the collapse of key infrastructure such as enterprise industrial control systems and information systems, which seriously endanger the digital assets and social reputation of the company. In order to deal with those problems, we explore how organizations and individuals should adopt the appropriate prevention strategies in response to both widespread attacks and quantitative attacks from malware to minimize enterprises’ security losses. The system dynamics method used in this paper is a useful tool to study complex information feedback systems. System dynamics method can analyze the attack and defense of malware from a dynamic, qualitative and quantitative perspective, which provides a way to explore the internal mechanism of malware attack and defense systems. So we applied the system dynamics method to analyze the hackers’ attack strategies and the users’ prevention strategies from the offense-defense perspective.
The existing literature on malware offensive and defensive research mainly focused on two aspects. One is the computer technology perspective, such as cryptography, detection technology, attack intention analysis and the attack, propagation and control of malware. The other is the economic management perspective. The literature has analyzed the economic protection strategies of organization and employees. However, the number of participants and prevention strategies of the literature is relatively one fold, who ignores the integrity of cyberspace security, the diversity of malware attacks and the combination of prevention strategies. So we attempt to integrate users, computers, attackers, security service providers and other entities from the perspective of cyberspace security by considering factors such as cost-benefit, technological progress and win-win cooperation, using the prevention and control requirements of ISO / IEC 27002:2013. Then we apply the system dynamics method, to analyze the effects of different prevention strategies in the process of malware attacks. Compared with the existing literature, this paper shows all the possible attacking types and defense strategies in the process of malware attack, which were comprehensively analyzed by the cross-over analysis of offense-defense strategies. The different characteristics of the attack modes are that the role of users and security service providers in the prevention process are considered in the malware propagation model. And the offense-defense strategies for information security in a dynamic perspective were built by using the system dynamics method, which could provide advice from the global view. The structure of this paper is described as follow.
Firstly, we described and analyzed three defense strategies, security education investment, tool investment and recovery investment, and ISO/IEC 27002:2013 standard requirements in the stage of prevention, response and recovery. Then based on the prevention strategies, malware infection process, ISO/IEC 27002:2013 standard requirements, literature and expert’s advice, we analyzed the causal feedback relationships of the malware attack and defense systems. According to the causal relationships between attackers, computers, security service providers and users, we proposed the attacking subsystem, malware infection subsystem, user’ protection subsystem and security service provider’s protection subsystem. Then the malware attacking offense-defense system dynamics models from the perspective of cyberspace were built up. And the equations and parameters of the models are confirmed according to the relationship between the various factors in the subsystem.
Secondly,we used the software of Vensim7 to simulate the dynamic model. The trends of widespread attacking and quantitative attacking of malware are simulated and analyzed according to parameters. The simulation results show that the number of infection computers is bigger in the quantitative attacking condition. And trends in security vulnerability, user loss, and security service provider stress over time are also more serious in quantitative attacking. Moreover, three defend users’ strategies’ performance of security education investment, security tool investment and recovery investment are evaluated and assessed. By the cross-over analysis of offense-defense strategies, we found that difference defended strategies should be taken in different protection stages.
Finally, based on the data of the UK’s enterprise cyberspace security status report, the stability and the reliability of the model results were verified, and the best malware prevention strategies under different target situations were further proposed: (1) Increasing security education investment and security tools investment could significantly reduce the spread of malware and the vulnerabilities in the stage of prevention and response. The recovery investment could reduce the losses in the recovery stage. (2) The combined strategies of security education investment and security tools investment is the best defend strategy, which can dramatically reduce the number of infected computers and vulnerability. Meanwhile, the combined strategy of security education investment, security tools investment and recovery investment works the best in reducing users’ losses. (3) In order to help user to adopt appropriate cyberspace security protection strategies, reduce the security vulnerability of user and improve their security defense capabilities, some countermeasures and suggestions were putted forward. First of all, the best choice for user is comprehensive defense. Only users emphasize the importance of cyberspace security in all aspects, which could reduce the vulnerability of the system and effectively prevent widespread attacks. Second, users should increase security education investment and tool investment in the early stage, which could effectively prevent most malware attacks. Once the system is attacked, users and security service providers should cooperate to reduce losses in time. And in the recovery stage, users should invest to recovery, and make good records to prevent similar security incidents in the future. Third, in order to effectively defend against malware attacks, the combination prevention strategies of security education investment and security tools investment should be adopted by the users, if the cost and defense effect are considered. If users’ goal is to minimize attacking losses the combination strategy of security education investment, security tool investment and recovery investment should be adopted. And in fact, users should also consider their market reputation. If users take investment to recover the loss, they would restore the reputation in the public immediately.

Key words:  cyberspace security, malware, offense-defense strategy, system dynamics