網際網路的普及和便利造成人們對網路的依賴,然而這也使得網路犯罪有機可乘。資訊竊取是造成最嚴重損失的網路犯罪之一,它不但造成金錢、財產之類的有形損失,還讓無形的企業及個人聲譽受損;因此如何幫助網際網路發展有效防禦策略,以降低資訊洩露的程度,就成了急需探討的研究議題。 在這篇論文中,我們將一個攻防情境轉化成二階的數學規劃問題;其中內層問題(AS模型)敘述一個惡意攻擊者該如何配置其有限攻擊資源到目標網路,以竊取最多的機敏資訊,而在外層問題(DRAS模型)中,目標網路的管理者則希望能有效配置其有限防禦資源,來將由資訊洩漏所引發的損失最小化。為了求得此問題的最佳解,我們採用以拉格蘭日鬆弛法為基礎的演算法來處理AS模型,而利用以次梯度法為基礎的演算法來處理DRAS模型。
Dependency on the Internet is giving cyber criminals increasing opportunities to steal information. Information theft, one of the most damaging cyber-crimes, not only causes property damage and monetary loss to victims, it can also ruin their reputations. As a result, research into developing defense strategies against information theft on the Internet is a pressing need. In this paper, we model an offence-defense scenario as a two-level mathematical programming problem. In the inner problem, defined by the AS model, an attacker allocates his limited attack power intelligently to the targeted network in order to steal as much valuable information as possible. Meanwhile, in the outer problem, defined by the DRAS model, the operator of the targeted network allocates limited defense resources appropriately to minimize the damage incurred by information theft. The Lagrangean relaxation-based algorithm is adopted to solve the AS problem, and a subgradient-based algorithm is proposed to solve the DRAS problem.