Xiaohu Liu's research while affiliated with State Key Laboratory of Mathematical Engineering and Advanced Computing and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (17)
Moving target defense (MTD) can break through asymmetry between attackers and defenders. To improve the effectiveness of cybersecurity defense techniques, defense requires not only advanced and practical defense technologies but effective, scientific decision-making methods. Due to complex attacker-defender interaction, autonomous, automatic, accur...
The current network security defense decision method is based on the principle of attack-defense confrontation and generally uses a random network model to project the real network. Most of the existing complex network defense decision methods consider a single defender while ignoring the confrontation and dependence between network attack and defe...
Most current game theory-based cybersecurity analysis methods use traditional game models, which do not meet realistic conditions of continuous dynamic changes in attack-defense behaviors and decision makers without perfect rationality, and therefore they adapt with difficulty to the practical requirements of cybersecurity threat assessment. This p...
Game theory is a powerful tool to study the decision-making problems in the conflict confrontation environment, which can provide a theoretical basis for solving the network defense decision-making problems. Firstly, the characteristics of network attack and defense game are refined, the network attack and defense game model is formally
defined. S...
Defense decision-making in cybersecurity has increasingly relied upon stochastic game processes that combine game theory with a Markov decision process (MDP). However, the MDP presumes that both attackers and defenders are perfectly rational and have complete information, which greatly limits the scope of application and guidance value of MDP to th...
Although the adversarial examples have achieved an incredible white-box attack rate, they tend to show poor transferability in black-box attacks. Date augmentation is considered to be an effective means of enhancing the adversarial examples transferability. To this end, based on translation transformation we propose a new method to generate more mo...
The basic hypothesis of evolutionary game theory is that the players in the game possess limited rationality. The interactive behavior of players can be described by a learning mechanism that has theoretical advantages in modeling the network security problem in a real society. The current network security evolutionary game model generally adopts a...
As the prerequisite for the attacker to invade the target network, Persistent Scan and Foothold Attack (PSFA) is becoming progressively more subtle and complex. Even worse, the static and predictable characteristics of traditional systems provide an asymmetric advantage for attackers in launching the PSFA. To reverse this asymmetric advantage and r...
Traditional deception-based cyber defenses (DCD) often adopt the static deployment policy that places the deception resources in some fixed positions in the target network. Unfortunately, the effectiveness of these deception resources has been greatly restricted by the static deployment policy, which also causes the deployed deception resources to...
Most network security research studies based on signaling games assume that either the attacker or the defender is the sender of the signal and the other party is the receiver of the signal. The attack and defense process is commonly modeled and analyzed from the perspective of one-way signal transmission. Aiming at the reality of two-way signal tr...
Citations
... This model is likely used to simulate or describe the dynamics of opinion formation within a community [24,25]. High-order implies that the dynamics of these agents are described by higher-order differential equations, which can make the system more complex [26,27]. The IoT refers to the interconnected network of physical devices (things) that can collect and exchange data over the internet. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/669487523192834-1536629672356_Q64/Tan-Jinglei-2.jpg)
... The system reach ability graph [35][36][37] can visually depict the state transitions of emergency events and the game situations with emergency decision-makers. The reachability graph is obtained based on Algorithm 1 and Algorithm 2. In the reach ability graph, 1 1 , 2 1 , 3 1 respectively represent the utility function values of rescuing through game stage selection methods σ₁ , σ₂ , σ₃ when the emergency event starts in state 1 1 , 2 1 , 3 1 respectively represent the utility function values of rescuing through game stage selection methods σ₁ , σ₂ , σ₃ when the emergency event starts in state K₂ ; when the emergency event is in state K₁ , the utility values of selecting rescue plans σ₁ , σ₂ in the first stage and rescue plans σ₁ , ,σ₃ in the second stage are 12 11 , 13 12 when the emergency event is in state K₂ , the utility values of selecting rescue plans σ₁ , σ₂ in the first stage and rescue plans σ₁ , σ₃ in the second stage are 12 21 , 13 22 . ...
... The approach involves using influence-related factors to divide a social network into distinct communities or groups, accomplished through a specific method or algorithm known as the sandwich method [38,39]. This method relies on a machine learning model called Graph Neural Networks (GNNs) and emphasizes its robustness, enabling it to handle diverse and changing conditions [40][41][42]. It also highlights an event-driven approach, where the coordination of IoT services is triggered and guided by events or occurrences, enhancing their responsiveness and flexibility [43,44]. ...
... Definition 1: M = (Q, U, G) is a net [10][11][12][13][14], where: ...
... There is currently no effective method to measure the hidden elements in the attacker-defender interaction. The accuracy of the description must be improved so as ensure the pertinence of MTD strategy selection [157]. Therefore, it is necessary to accurately model unknown attacks. ...
... (1) Analysis of plan generation Assuming the relationship between resources R{r₁ , r₂ , r₃ } and control rates are as shown in figures 6,7 and 8, determine the transportation situation of assumed resources based on the distribution of rescue points and disaster points, as shown in Table 9. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 Assuming that the emergency event and emergency management decision-makers engage in dynamic game behavior within a certain time frame, in this case, the game between the two parties is divided into two stages [38][39][40]. In the first stage h₁ of the game, the emergency management decision-maker has only one option, which is to transport resources R (20,30,30) from rescue point A to disaster point 1, denoted as strategy σ₁ . ...
... Most of the related work in deception games has not discussed reconnaissance in detail while building game models in a deceptive network. For example, Zhang et al. considered bypassing the scanning detection tool while forming a dynamic Markov differential game model [85]. Many articles including game models based on honeypot [38,25] or IDS [64] placement, modifying attack graphs by hiding or adding real or fake nodes [44,10], attacker engagement [33] based signaling games [48,50,25] and Stackelberg games [26,25,64] developed the deception games without discussing or including a detailed reconnaissance model. ...
... On the other hand, with a series of laws, regulations and standard specifications such as the "Network Security Law of the People's Republic of China" and "National Network Security Strategy", situational awareness has risen to a strategic level [4][5]. The competent units of home-related electric power network security are advocating, building and actively applying cyber security situational awareness technologies to meet the severe challenges of cyberspace security [6][7]. ...
... e system dynamically changes the IP addresses of real nodes and decoy nodes in the network through IP address randomization, which interferes with the attacker's identification of decoy nodes. Wang et al. [20] proposed a hybrid defense mechanism combining MTD and cyber deception defense and proposed a dynamic defense strategy generation algorithm to improve the effectiveness of the hybrid defense mechanism. e methods mentioned above solve traditional honeypots' static nature, but there are still two problems. ...
... For example, Dowling et al. [32] proposed an adaptive honeypot deployment strategy based on SARSA. Wang et al. [33] proposed a dynamic deployment strategy for intelligent honeypots based on Q-learning. Furthermore, Abay et al. [34] proposed a honey-data generation method based on deep learning. ...
