【作者】 曾霞；

【导师】 周四清；

【作者基本信息】 暨南大学 ， 信号与信息处理， 2010， 硕士

【摘要】 本文首先以经济学角度分析了形成软件漏洞市场的原因,根据软件漏洞市场主要参与者行为特征构造博弈模型,针对软件发布时间和漏洞数量,构造收益函数最大化模型,获得软件发布时间和漏洞数量之间的均衡值,对公开的漏洞市场模型进一步改进完善。本文主要工作如下：1.分析软件漏洞产生的原因,软件漏洞市场结构,以及软件漏洞市场参与者的行为特征,构建软件发布时间和漏洞数量之间的博弈模型,并求出最优均衡值。2.分析软件漏洞市场结构,针对软件漏洞信息市场理论模型中黑客利用漏洞信息攻击软件使用者的收益函数不够完善的缺陷,基于黑客与软件测试者之间竞争机制提出了一个改进模型,分析网络安全工作者如何以最优的投入水平,最有效地防御攻击者的攻击,并用matlab仿真得到最优投入水平与成本和收益之间的制约关系,对结果进行分析,为如何建立激励机制提供参考性建议。3.在软件漏洞信息被发现之后,引入软件漏洞补丁的的管理策略,主要从软件使用者角度分析消费者下载补丁的决策选择,讨论软件产品的定价,下载补丁的成本,可能遭遇的攻击损失等对消费者决策的影响,以更好地激励用户。此项研究为实现更有效地监控软件漏洞市场和更好地管理软件漏洞带来的安全问题提供一些参考。更多还原

【Abstract】 The formation reasons of software vulnerability market have been analyzed from economics at first, constructing the game model based on behaviors of the market major participants. Also, aiming at software release time and the number of vulnerabilities, a model which is based on maximizing the profit function has been set up for getting the equilibrium value on the two parameters and then the open vulnerabilities market model has also been improved. The main work can be described as three points below:1. By analysis of formation reasons of software vulnerabilities, market structure and behaviors of the market major participants, the game model has been constructed between the software release time and the number of vulnerabilities and optimal equilibrium has been equated.2. By analyzing the marketing structure of software vulnerabilities, an improved pattern has been advanced based on the competition mechanism between the hackers and testers, considering the defect where the hackers’profit function by attacking the software users through exploiting bugs in the current software bugs information market is inadequate. And then, the result has been received that how the network security workers investment in optimal level for preventing attackers effectively. The regulative relationship between optimal investment and cost-benefit is simulated and gained by matlab and finally concluded, preparing for the gain of incentive mechanism construction.3. When vulnerabilities information is found, software vulnerability patch management strategy has been introduced, which considers mainly on proportion of patch download that fixes flaws from software user’s point of view, discussing software pricing, patching costs, as well as influence of the consumer decision-making by attacking losses in order to encourage users. This research will provide good reference in the monitoring and management of the software bugs information market and the information security regarding to vulnerability more effectively.更多还原