中文摘要：

为了提高网络入侵检测系统的性能,运用博弈论建立网络入侵报文取样模型.基于静态非合作博弈的分析思路,通过网络安全系统和网络攻击者调整自身的策略以取得最大化的效用,推导出混合策略Nash均衡的解析解,并根据该策略设计了网络报文动态取样算法（DDPSA）和集中式增量取样算法（CIPSA）,以等概率攻击、随机攻击和博弈攻击等3种方式的攻击报文来检验2种算法的性能.仿真结果表明,CIPSA算法比DDPSA算法更为有效.CIPSA算法在3种攻击方式下均有相同的取样成功率,不仅表明CIPSA算法的稳定性,也验证了入侵报文取样模型混合策略的合理性.

英文摘要：

In order to improve the performance of network intrusion detection systems,game theory is introduced to model intrusion packet sampling for network security.Based on the analysis approach of static non-cooperative game theory,the closed solution of the mixed strategy Nash equilibrium is derived by means such that both network defender and attacker adjusted their strategies to maximize their utility.A dynamic packets sampling algorithm（DDPSA） and a centralized increment packets sampling algorithm（CIPSA） are designed according to the mixed strategy.By the three intrusion packets sampling on equal-probability,randomness and game-theory attacking modes,the effectiveness of the both two algorithms are inspected.The results of simulation indicate that the CIPSA has more effective utilities than the DDSPA.Moreover,the CIPSA has the same packets sampling effectiveness under the three attacking modes,which indicate the stability of the CIPSA and the rationality of a mixed strategy in this network intrusion packet sampling model.