关键词: 变化挖掘, 强化学习, 多智能体博弈, 博弈Petri网, 网络攻防

Abstract: As an important research branch in process mining,change mining can be used in system security analysis,IPS security construction and other scenarios to judge possible unknown vulnerabilities from the generation of change regions.The traditional change mining algorithm pays more attention to the security of the business process,and cannot meet the needs of mining the effective change region formed by considering the security benefits of multiple parties in the scenario of a dynamic game such as security attack-defense.Aiming at this problem,a Game Petri Net based on Multi-Agent Reinforcement Learning (MARL-GPN) was proposed,to which the study of effective change regions of dynamic security models was dedicated.This new Game Petri net would first construct a benefit matrix according to each attack-defense event,and then the multi-agents would generate the current optimal response strategy according to the current state and the next trend of the opponent,and then reach the Nash equilibrium under the specified learning cycle to obtain the most optimal response strategy for both parties.The optimal activity trace was matched with the traditional change mining to obtain the effective change regions.The feasibility of the model was verified by taking a typical information security incident as an example.

Key words: change mining, reinforcement learning, multi-agent game, game Petri net, network attack-defense