为了解决基于攻击检测的综合联动控制问题,用博弈论方法对防火墙、入侵检测系统(IDS)和漏洞扫描技术的安全组合模型进行分析.采用逆序归纳法研究了仅配置IDS和漏洞扫描技术组合、配置所有技术组合的Nash均衡.结果表明,当IDS和漏洞扫描技术检测率较低时,公司不仅需要监测每个报警的用户,还需监测未报警的一部分用户;当IDS和漏洞扫描技术检测率足够高时,公司无需监测未报警用户,只需监测一部分报警的用户.在信息系统中增加配置防火墙会影响公司和黑客的收益,但黑客的最优策略没有变化,IDS的最优调查策略仅在一定情况下会改变.此外,讨论了IDS与漏洞扫描、防火墙与IDS的配置交互问题. In order to solve the problem of synthetic linkage control based on attack detection, the security combinatorial model of firewall, intrusion detection system (IDS) and vulnerability scanning technology is analyzed by using game theory method. By using reverse order induction method, the combination of IDS and vulnerability scanning technology is only studied. Configuring Nash Equalization for All Technology Combinations The results show that when IDS and VRO detection rates are low, companies not only need to monitor each user of the alert, but also some of the users who are not alarmed. When IDS and Vulnerability Scan Detection Rate When it’s high enough, companies do not need to monitor users who are not alarming, but only monitor some users. Adding firewalls to information systems can affect the profits of both companies and hackers, but the hackers’ optimal policy remains unchanged. IDS’s Best Surveillance Policy In certain circumstances will change.In addition, IDS and vulnerability scanning, firewall and IDS configuration interaction issues.