At present, there are many techniques for cyber security defense such as firewall, intrusion detection and cryptography. Despite decades of studies and experiences on this issue, there still exists a problem that we always pay great attention to technology while overlooking strategy. In the traditional warfare, the level of decision-making and the formulation of optimal strategies have a great effect on the warfare result. Similarly, the timeliness and quality of decision-making in cyber attack-defense also make great significance. Since the attackers and defenders are oppositional, the selection of optimal defense strategy with the maximum payoff is difficult. To solve this problem, the stochastic evolutionary game model is utilized to simulate the dynamic adversary of cyber attack-defense. We add the parameter $\lambda $ to the Logit Quantal Response Dynamics (LQRD) equation to quantify the cognitive differences of real-world players. By calculating the evolutionary stable equilibrium, the best decision-making approach is proposed, which makes a balance between defense cost and benefit. Cases studies on ransomware indicate that the proposed approach can help the defender predict possible attack action, select the related optimal defense strategy over time, and gain the maximum defense payoff.

中文翻译：

---

基于进化博弈的网络安全防御最优决策方法

目前，用于网络安全防御的技术有很多，如防火墙、入侵检测和密码学等。尽管在这个问题上有几十年的研究和经验，但仍然存在一个我们始终重技术轻战略的问题。在传统战争中，决策的水平和最优策略的制定对战争的结果有很大的影响。同样，网络攻防决策的及时性和质量也具有重要意义。由于攻击者和防御者是对立的，选择具有最大收益的最优防御策略是困难的。为了解决这个问题，利用随机演化博弈模型来模拟网络攻防的动态对手。我们将参数 $\lambda $ 添加到 Logit Quantal Response Dynamics (LQRD) 方程中，以量化现实世界玩家的认知差异。通过计算进化稳定均衡，提出最佳决策方法，在防御成本和收益之间取得平衡。勒索软件的案例研究表明，所提出的方法可以帮助防御者预测可能的攻击行为，随着时间的推移选择相关的最优防御策略，并获得最大的防御收益。