The present invention relates to an
attack and defense
differential game-based
network security defense decision determination method and a device. The method comprises the steps of constructing a
state evolution model NIRM for network nodes according to an SIR model during the
network attack and defense process; according to a network node state migration path, acquiring a node state change
differential equation set based on the
state evolution model NIRM; according to the node state change
differential equation set, constructing an
attack and defense
differential game model ADDG; according to an
attack and defense return strategy and a corresponding execution cost, executing a revenue function of the attack party and the defense party during the
differential game process; according to the revenue function and the attack and defense differential game model ADDG, solving out a
saddle point strategy for the attack party and the defense party through the
dynamic planning method, determining an optimal defense strategy and outputting the optimal defense strategy. According to the technical scheme of the invention, the problem that actual requirements cannot be met through the traditional dynamic game
analysis method can be solved. Compared with the existing
network security defense strategy, the attack and defense process in the continuous and real-time engagement condition is analyzed. The timeliness, the pertinence and the guiding significance of
network defense decision results are better.