Multi-Player Evolutionary Game of Network Attack and Defense Based on System Dynamics

Abstract

We formalize the adversarial process between defender and attackers as a game and study the non-cooperative evolutionary game mechanism under bounded rationality. We analyze the long-term dynamic process between the attacking and defending parties using the evolutionary stable strategies derived from the evolutionary game model. First, we construct a multi-player evolutionary game model consisting of a defender and multiple attackers, formally describe the strategies, and construct a three-player game payoff matrix. Then, we propose two punishment schemes, i.e., static and dynamic ones. Moreover, through the combination of mathematical derivation with simulation, we obtain the evolutionary stable strategies of each player. Different from previous work, in this paper, we consider the influence of strategies among different attackers. The simulation shows that (1) in the static punishment scheme, increasing the penalty can quickly control the occurrence of network attacks in the short term; (2) in the dynamic punishment scheme, the game can be stabilized effectively, and the stable state and equilibrium values are not affected by the change of the initial values.

1. Introduction

As computer and network technologies develop, the informationization of society continues to expand rapidly. People’s lifestyles and business activities are gradually changing because of digitalization. Although the utilization of network technology has brought great convenience to society, individuals, enterprises, and other organizations are under the threat of malicious network attacks all the time. Figure 1 shows the number of European Union (EU) users attacked by financial malware from May 2020 to April 2021 [1]. Therefore, safeguarding personal privacy, industry development, and national security in networks are top priorities. More than half of global enterprises spend money to improve the security of their systems [2], and the cost of network security investment creates additional high overhead costs. However, at the same time, these enterprises still perceive their systems as being vulnerable. It follows that organizations, who are the defenders of network security, are constantly faced with the issue of controlling security investments.

The reasons why the number of network attacks is so high include the lack of awareness that users and enterprises have to protect themselves, the diversity of attack techniques, the lag of defense techniques, etc. In addition, the lack of a good network order is an indispensable factor [3]. Network security mainly guarantees external supervision by the legal regulations and internal protection by users and enterprises. Therefore, to further solve network security challenges, it is not enough to only focus only on the technical aspects, and to some extent, the research strategy is more important that technical research [4].

Since the state of network security is determined by the adversarial behavior of attackers and defenders, the characteristics of network attack and defense such as opposing goals, relying on strategies, and non-cooperation are the basic features of game theory. Therefore, game theory can be used to solve the complex problem of network security attacks and defense [5]. Roy et al. [6] pointed out that applying game theory to network security research is a perspective direction. However, most of the existing research was conducted under the assumption that game players were completely rational. In fact, in the real world, actual attack and defense parties are always boundedly rational. The corresponding approach for such type of game analysis is evolutionary game theory.

At present, many scholars have achieved results in the study of network security technologies [7] and qualitative analysis [8]. Evolutionary game theory has been widely used as a quantitative research method in the management field [9]. However, few articles use this approach to study the problem of multi-player games in network attack and defense. In this paper, our main objective is to develop a multi-player evolutionary game model for defender and attackers by analyzing the network attack and defense process and by evaluating potentially effective improvement strategies. We analyze the behavioral choices and payoff of the parties in the process based on evolutionary game theory according to the network attack and defense scenarios in enterprises and the strength of the punishment granted by laws and regulations. We simulate each player’s strategy changes and interaction effects using system dynamics (SD) [10], which are widely used in numerical simulations, and study the implementation effects of each strategy and the evolutionary stable equilibrium solution. The choice of the system dynamics approach in this study is based on the simulation capabilities of the SD model for complex systems. Complex systems are usually characterized by complex system structures, numerous influencing factors, and changes in various parameters within the system over time. SD is now successfully used in many strategies and decision analyses [11,12] and is a modeling approach that is suitable for dealing with long-term and periodic problems. Based on the evolutionary game system dynamics model for network attack and defense, this paper studies the problems that organizations face when governing network security from both qualitative and quantitative aspects. Moreover, this paper provides corresponding management suggestions and evaluates control the strategies that aim to stably control the network security situation in the long term.

The remainder of this paper is organized as follows: In Section 2, the literature review is introduced. In Section 3, the multi-player evolutionary game analysis of network attack and defense is presented. In Section 4, the stability of the two schemes is analyzed. In Section 5, the discussion and management implications based on the results are presented. Finally, the conclusion is described in Section 6.

2. Literature Review

Network attack-defense refers to the detection, intrusion, remote control, and data theft of a target network or information system by an attacker by some means, while the defender uses specific means of network protection to secure itself [13]. The essence of network security is an adversarial game between attackers and the defender. It is a significant challenge for the defender to choose the appropriate defense strategy in the face of complex attacks [14]. In recent years, scholars have used game models to analyze network attack and defense behaviors and to conduct research on defensive strategies and have achieved various results.

Network attack and defense game models include static games, dynamic games, and evolutionary games. Based on static game models, Feng et al. [15] and Jia et al. [16] studied the game problem against anti-jamming attacks and eavesdropping attacks and proposed a deception defense strategy based on the Stackelberg game. Yuan et al. [17] and Li et al. [18] studied interactive decision-making between defenders and attackers and analyzed the optimal solution for the decision under different types of budget constraints. Jakóbik et al. [19] studied attack and defense in the cloud computing environment adversarial game and the existence of its equilibrium solution. Carroll et al. [20] and Zhang et al. [21] used static Bayesian game theory to construct an offensive and defensive adversarial model to select the optimal defense strategy by solving a static Bayesian equilibrium. Based on dynamic game models, Laszka et al. [22] proposed a multi-attribute utility-based game model by assuming that the attacker knows all of the defender’s strategies. Zhu et al. [23] proposed a new state evolution model for network security based on the infectious disease model. Wang et al. [24] portrayed the possible dynamic characteristics of the attack and defense of the grid system in a controlled environment and proposed a boundary between attack and defense. However, these studies are based on the assumption that the individual player are completely rational and that the behavior of network attackers and defenders cannot actually be completely rational but are instead bounded by rational behavior. Ignoring the limit of finite rationality, the modeling and analysis of network attack and defense behaviors will deviate from the actual situation and will weaken the accuracy and guidance value of the obtained defense strategy selection methods.

Evolutionary game models can be used to analyze the behavior of bounded rational offensive and defensive games. In actual network attack and defense scenarios, the strategies of the defenders and attackers are constantly evolving, and evolutionary game theory is mainly used to study the interaction process of that takes place between the different strategies of the different parties [25,26,27]. Based on the evolutionary game model, Shi et al. [28] studied the policy selection of both attackers and defenders in honeypot defense and proposed optimizations. Feng et al. [29,30] developed a discrete strategy model to study the behavior of advanced persistent threats attacks and then discussed the dynamic stability of attack and defense policies. Hu et al. [31,32] studied optimal network defense strategy selection under incomplete information conditions for optimal network defense strategy selection. Huang et al. [33] analyzed the attack and defense costs in the network and model to study how to improve the overall network performance based on these costs. However, the papers mentioned above do not consider the interplay between attackers. The penalty to attackers varies depending on the number of attackers and whether the defender’s information is not time sensitive; the attacker’s expected gain decreases as the information spreads [34,35,36,37,38,39]. These articles provide references for this paper to analyze the strategies that defenders and attackers use during network security attack and defense.

The contributions of this paper are as follows.

1:

The model in this paper organically combines evolutionary game theory and system dynamics to analyze the game process of defenders and attackers during network attack and defense.

2:

Different from previous work, we consider the mutual influence between attackers instead of each attacker being independent, which is more in line with actual network attack and defense scenarios.

3:

The multi-player evolutionary game model that is established in this paper analyzes the strategic choices of each party in different schemes through system dynamics simulation combined with theoretical analysis, which provides essential strategic suggestions for organizations to govern network security problems.

3. Multi-Player Evolutionary Game Analysis of Network Attack and Defense

Evolutionary game theory was developed to overcome the drawbacks of traditional game theory in analyzing the bounded rationality of the participants and the dynamic process of the game [9,27]. In the of network attack and defense process, participants are bounded to rationality and dynamically change their strategies by observing and comparing their payoffs with those of others. Strategies are not obtained through rapid, instantaneous optimization calculations but instead need to undergo an adaptive adjustment process. Therefore, evolutionary game theory is more applicable to the study of network attack and defense scenarios, making the research closer to the actual situation.

3.1. Game Design and Description

Based on information security knowledge, different attackers and defenders in the network will have different predictions and decisions, leading to them gaining different benefits. Over time, each participant is continuously able to improve their security strategy by learning from the experience of the more successful ones, and then a new attack and defense scenario can be formed. The network security state is essentially determined by the adversarial behavior of both attackers and defender and its results. For example, attackers can use various techniques such as poisoning attacks, evasion attacks, model stealing attacks, etc., to disrupt the machine learning of online service platforms. These attacks are conducted online, during which the costs induced by the attackers include the research cost to determine the use of different attack techniques besides labor costs and the equipment costs. The attack techniques with higher success rates require more calculation and a longer amount of time in order to run the algorithm, which means the cost of the attack increases. By analyzing the network attack and defense processes, we are able to come to some realistic assumptions and are better able to further set up the payoff for each participant in order to simplify the analysis of the evolutionary game.

Assumption 1.

Both the defender and the attackers are bounded rationally and seek to maximize their profits. The two strategies that each participant can choose are mutually exclusive, and each participant will test their profits at all times to determine whether or not to change strategies.

Assumption 2.

After increasing the defensive investment, the defender has a defensive capability that is strong enough to detect an attacker’s behavior once an attacker attacks, resulting in there being no means that the attackers can use to escape from the defender’s punishment.

In this multi-player game, the defender chooses $\alpha$($0\le \alpha \le 1)$ as its strategy, where $\alpha$ denotes the probability of strengthening the defense. The larger the value of $\alpha$ is, the greater the probability that the defender will choose to increase the defensive investment. $\alpha =0$ means that the defender maintains the original defensive strength, and the original defensive cost of the defender is $m\left(m>0\right)$. Conversely, $\alpha =1$ indicates that the defender strictly strengthens the defense, and the defender needs to pay a higher defensive cost after strengthening the defense $d\left(d>m\right)$. In addition, the value of the defender’s information asset is $v\left(v>d\right)$, i.e., the value of the information asset is greater than the cost of its defense, and when the defender is breached, the defender’s reputation loss due to privacy leakage is $r\left(r>0\right)$.

The $n$ attackers choose ${\beta }_i(0 \le {\beta }_i \le 1$,$i=1,2,\dots ,n,n\in \mathrm{N}+$) as their attack strategy, where ${\beta }_i$ denotes the probability that the attacker chooses to attack. ${\beta }_i=0$ or 1 denotes whether the attacker does not attack or attacks, respectively. During the attack, $C_i\left(i=1,2,\dots ,n\right)$ shows the cost of the attack for the attacker($i$), including the cost of equipment, manpower, etc.

Assumption 3.

When$d>C_i>m$, the attacker($i$) can successfully breach the original defense strength but cannot successfully breach the reinforced defense strength and will be captured by the defender. If the defender captures the attacker($i$), the defender will punish the attacker($i$) according to the attacker($i$)’s attack level, which can be reflected from its attack cost. In particular, when more attackers than the number set by the defender all choose to attack, then the defender, in order to remedy the situation, penalizes each captured attacker according to its information asset value of$f=pv\left(p>0\right)$, where$p$is the penalty factor. When the number of attackersis less than the number set by the defender, then the defender’s penalty for each captured attacker($i$) is$f_i=p{C}_i(f_i>0,i=1,2,\dots ,n)$.

Assumption 4.

To model a realistic scenario, according to the value of information theory [40] and Reinhard Selten’s fair reward portfolio [41], for low timeliness information, the more people who obtain the same information, the lower the value of the information is. Moreover, the faster the person obtains information, i.e., the more costly it is, and the greater and benefit. Similarly, as more attackers that breach the defender’s defense, the lower the gain obtained by each attacker, and the one with higher attack cost can obtain the information faster and can achieve better gains; the gain needed for the attacker( $i$) to breach the defense is$\frac{C_{i}kv}{C_1+C_2+\cdots +C_n}$, where k is the gain factor of the value of information obtained by the attacker.

Figure 2 shows the multi-player game between the defender and attackers during the network attack and defense process. Among them, the defender can be an individual, enterprises, or other organizations with a large amount of private information, such as the shopping preferences of users on shopping websites, the health information of patients in hospital databases, and algorithms and parameters used by the network itself in machine learning service platforms. All of the private information is stored in the defender’s cloud servers and cannot be leaked. The attackers want to steal the defender’s private information through cyber technology such as targeted false advertising, making adversarial samples to damage the machine learning service platform, and so on, after which it will be used to gain benefits. A defender may be attacked by multiple attackers in reality, and each participant’s decision will affect the decisions of the other participants, so we set multiple attackers in for this game. In the network attack and defense process, the attackers are not entirely independent of each other, and they have different conditions and aim for different interests. Therefore, as the number of attackers increases, the interrelationship between the variables becomes more and more complex. This increases the difficulty of analyzing their evolutionary stability under various strategies. Since the relationship between the n attackers is non-cooperative, we can take any two attackers from the n attackers and can form a three-player game framework with the defender. After mathematical reasoning and simulations, it is easy to analyze the impact between the attackers and the defender and to analyze the impact between different attackers. All of the variables in the simplified multi-player game are shown in

Table 1. Meanings of the variables in the multi-player game.

Variables	Meanings of the Variables	Notes
$\alpha$	Probability of the defender choosing to strengthen the defense of the system	$0\le \alpha \le 1$
${\beta }_i$	Probability of the attacker($i$) choosing to attack the system	$0\le {\beta }_i\le 1,i=1,2,\dots ,n$
$C_i$	Cost of attack for the attacker($i$), including the cost of manpower, equipment, technical research, etc.	$C_i>0,i=1,2,\dots ,n$
$k$	Gain factor for attackers to obtain valuable information from the defender	$0<k<1$
$v$	Value of the defender’s information assets	$v>0$
$p$	Penalty factor for attackers	$p>0$
$m$	The original defensive cost of the defender	$0<m<C_i,i=1,2,\dots ,n$
$d$	Defensive cost after strengthening the defense	$C_i<d<v,i=1,2,\dots ,n$
$r$	Reputational loss when defender leaks information	$r>0$

; among them, the defender will increase the penalty when the number of attackers is not less than 2. Additionally, the payoff matrices for the two non-cooperative attackers and the defender are shown in

Table 2. Payoff matrix of the two non-cooperative attackers.

Strategy of Attacker (1)	Strategy of Attacker (2)
	Attack (β2)	Do not attack (1 − β2)
$\mathrm{Attack} ({\beta }_1)$	$-C_1+(1-\alpha )\frac{C_{1}vk}{C_1+C_2}-\alpha f;-C_2+(1-\alpha )\frac{C_{2}vk}{C_1+C_2}-\alpha f$	$-C_1+(1-\alpha )vk-\alpha f_1;0$
$\mathrm{Do} \mathrm{not} \mathrm{attack} (1-{\beta }_1)$	$0;-C_2+(1-\alpha )vk-\alpha f_2$	$0;0$

and

Table 3. Payoff matrix of the defender.

Strategy of Attackers	Strategy of Defender
	Strengthen the Defense (α)	Maintain the Original Defense (1 − α)
$\mathrm{Both} \mathrm{attackers} \mathrm{choose} \mathrm{to} \mathrm{attack} ({\beta }_1,{\beta }_2)$	$-d+2f$	$-m-vk-r$
$\mathrm{Only} \mathrm{attacker} \left(1\right) \mathrm{attacks} ({\beta }_1,1-{\beta }_1)$	$-d+f_1$	$-m-vk-r$
$\mathrm{Only} \mathrm{attacker} \left(2\right) \mathrm{attacks} (1-{\beta }_1,{\beta }_2)$	$-d+f_2$	$-m-vk-r$
$\mathrm{Both} \mathrm{attackers} \mathrm{choose} \mathrm{not} \mathrm{to} \mathrm{attack} (1-{\beta }_1,1-{\beta }_2)$	$-d$	$-m$

, respectively.

3.2. Game Solution

According to evolutionary game theory [42] and the payoff matrix in Table 2, the expected benefits $U_{{\beta }_1}$ that are obtained when the attacker(1) attacks and the expected benefits $U_{1-{\beta }_1}$ when it does not attack can be obtained separately as follows:

$$U_{{\beta }_1}={\beta }_2[-C_1+(1-\alpha )\frac{C_{1}vk}{C_1+C_2}-\alpha f]+(1-{\beta }_2)[-C_1+(1-\alpha )vk-\alpha f_1]$$

(1)

$$U_{1-{\beta }_1}={\beta }_2\cdot 0+(1-{\beta }_2)\cdot 0$$

(2)

Therefore, the expected average benefits for attacker (1) is:

$${\overline{U}}_{{\beta }_1,1-{\beta }_1}={\beta }_1{U}_{{\beta }_1}+(1-{\beta }_1)U_{1-{\beta }_1}$$

(3)

According to the ordinary differential equation algorithm [26] in the replication dynamic model, the replication dynamic equation for attacker (1) is:

$$\begin{array}{cc}\hfill F({\beta }_1)& =\frac{d{\beta }_1}{dt}={\beta }_1(U_{{\beta }_1}-{\overline{U}}_{{\beta }_1,1-{\beta }_1})={\beta }_1(1-{\beta }_1)(U_{{\beta }_1}-U_{1-{\beta }_1})\hfill \\ \hfill & \hfill ={\beta }_1(1-{\beta }_1)\{{\beta }_2[(1-\alpha )\frac{C_{1}vk}{C_1+C_2}-\alpha f]+(1-{\beta }_2)[(1-\alpha )vk-\alpha f_1]-C_1\}\end{array}$$

(4)

Likewise, the expected benefits $U_{{\beta }_2}$ when attacker (2) attacks and the expected benefits $U_{1-{\beta }_2}$ when it does not attack can be obtained separately as follows:

$$U_{{\beta }_2}={\beta }_1[-C_2+(1-\alpha )\frac{C_{2}vk}{C_1+C_2}-\alpha f]+(1-{\beta }_1)[-C_2+(1-\alpha )vk-\alpha f_2]$$

(5)

$$U_{1-{\beta }_2}={\beta }_1\cdot 0+(1-{\beta }_1)\cdot 0$$

(6)

Therefore, the replication dynamic equation for attacker (2) is:

$$\begin{array}{cc}\hfill F({\beta }_2)& =\frac{d{\beta }_2}{dt}={\beta }_2(U_{{\beta }_2}-{\overline{U}}_{{\beta }_2,1-{\beta }_2})={\beta }_2(1-{\beta }_2)(U_{{\beta }_2}-U_{1-{\beta }_2})\hfill \\ \hfill & ={\beta }_2(1-{\beta }_2)\{{\beta }_1[(1-\alpha )\frac{C_{2}vk}{C_1+C_2}-\alpha f]+(1-{\beta }_1)[(1-\alpha )vk-\alpha f_2]-C_2\}\hfill \end{array}$$

(7)

Likewise, according to Table 3, the expected benefits $U_{\alpha }$ that are obtained when the defender strengthens the defense and the expected benefits $U_{1-\alpha }$ that are when the defender maintains the original defensive strength can be obtained as follows, respectively:

$$U_{\alpha }={\beta }_1{\beta }_2(-d+2f)+{\beta }_1(1-{\beta }_2)(-d+2f)+(1-{\beta }_1){\beta }_2(-d+2f)+(1-{\beta }_1)(1-{\beta }_2)(-d)$$

(8)

$$\begin{array}{cc}\hfill U_{1-\alpha }& ={\beta }_1{\beta }_2(-m-vk-r)+{\beta }_1(1-{\beta }_2)(-m-vk-r)\hfill \\ \hfill & +(1-{\beta }_1){\beta }_2(-m-vk-r)+(1-{\beta }_1)(1-{\beta }_2)(-m)\hfill \\ \hfill & =({\beta }_1+{\beta }_2-{\beta }_1{\beta }_2)(-vk-r)-m\hfill \end{array}$$

(9)

Therefore, the replication dynamic equation for the defender is:

$$\begin{array}{cc}\hfill F(\alpha )& =\frac{d\alpha }{dt}=\alpha (U_{{\beta }_2}-{\overline{U}}_{{\beta }_2,1-{\beta }_2})=\alpha (1-\alpha )(U_{\alpha }-U_{1-\alpha })\hfill \\ \hfill & =\alpha (1-\alpha )[{\beta }_1{\beta }_2(2f-f_1-f_2-vk-r)+{\beta }_1(f_1+vk+r)+{\beta }_2(f_2+vk+r)-d+m]\hfill \end{array}$$

(10)

In summary, the above multi-player evolutionary game in the network attack and defense process can be indicated by the following set of replicated dynamic equations:

$$\{\begin{array}{l}F(\alpha )=\alpha (1-\alpha )[{\beta }_1{\beta }_2(2f-f_1-f_2-vk-r)+{\beta }_1(f_1+vk+r)+{\beta }_2(f_2+vk+r)-d+m]\hfill \\ F({\beta }_1)={\beta }_1(1-{\beta }_1)\{{\beta }_2[(1-\alpha )\frac{C_{1}vk}{C_1+C_2}-\alpha f]+(1-{\beta }_2)[(1-\alpha )vk-\alpha f_1]-C_1\}\hfill \\ F({\beta }_2)={\beta }_2(1-{\beta }_2)\{{\beta }_1[(1-\alpha )\frac{C_{2}vk}{C_1+C_2}-\alpha f]+(1-{\beta }_1)[(1-\alpha )vk-\alpha f_2]-C_2\}\hfill \end{array}$$

(11)

Set $F(\alpha )=F({\beta }_1)=F({\beta }_2)$, we can obtain the local equilibrium solution as: $E_1{(0, 0, 0)}^{\mathrm{T}}$, $E_2{(0, 0, 1)}^{\mathrm{T}}$, $E_3{(0, 1, 0)}^{\mathrm{T}}$, $E_4{(0, 1, 1)}^{\mathrm{T}}$, $E_5{(1, 0, 0)}^{\mathrm{T}}$, $E_6{(1, 0, 1)}^{\mathrm{T}}$, $E_7{(1, 1, 0)}^{\mathrm{T}}$, $E_8{(1, 1, 1)}^{\mathrm{T}}$, $E_9{(\frac{-C_2+kv}{kv+f_2}, 0, \frac{d-m}{r+kv+f_2})}^{\mathrm{T}}$, $E_{10}{(0, -\frac{(C_1+C_2)(C_2-kv)}{C_{1}kv}, -\frac{(C_1+C_2)(C_1-kv)}{C_{2}kv})}^{\mathrm{T}}$, $E_{11}{(\frac{-C_1{}^2-C_1{C}_2+C_{1}kv}{C_{1}f+C_{2}f+C_{1}kv}, \frac{-d+m+r+kv+f_2}{-2f+f_2}, 1)}^{\mathrm{T}}$, $E_{12}{(\frac{-C_1+kv}{f_1+kv}, \frac{d-m}{f_1+r+kv}, 0)}^{\mathrm{T}}$, $E_{13}{(\frac{-C_1{C}_2-C_2{}^2+C_{2}kv}{C_{1}f+C_{2}f+C_{2}kv}, 1, \frac{-d+m+f_1+r+kv}{-2f+f_1})}^{\mathrm{T}}$, and $\alpha , {\beta }_1, {\beta }_2\in [0, 1]$.

Friedman proposed that the stability of the system replicating the equilibrium point of the dynamic equations was obtained by analyzing the Jacobian matrix and the eigenvalues of the system at the equilibrium solution [43]. According to Lyapunov’s stability theory, the system is stable if all of the characteristic values have non-positive real parts; otherwise, the system is unstable. The Jacobian matrix of the replicated dynamic equations (11) is:

$$J=\left[\begin{array}{l}{J}_{11}\hspace{1em} J_{12}\hspace{1em} J_{13}\\ J_{21}\hspace{1em} J_{22}\hspace{1em}\hspace{1em}{J}_{23}\\ J_{31}\hspace{1em} J_{32}\hspace{1em}\hspace{1em}{J}_{33}\end{array}\right]$$

(12)

Of which,

Jacobian matrix definitions	Details
$J_{11}=\frac{\partial F(\alpha )}{\partial \alpha }$	$\begin{array}{l}(1-\alpha )[-d+m+(f_1+r+kv){\beta }_1+(r+kv+f_2){\beta }_2+(2f-f_1-r-kv-f_2){\beta }_1{\beta }_2]\\ -\alpha [-d+m+(f_1+r+kv){\beta }_1+(r+kv+f_2){\beta }_2+(2f-f_1-r-kv-f_2){\beta }_1{\beta }_2]\end{array}$
$J_{12}=\frac{\partial F(\alpha )}{\partial {\beta }_1}$	$(1-\alpha )\alpha [f_1+r+kv+(2f-f_1-r-kv-f_2){\beta }_2]$
$J_{13}=\frac{\partial F(\alpha )}{\partial {\beta }_2}$	$(1-\alpha )\alpha [f_2+r+kv+(2f-f_1-r-kv-f_2){\beta }_1]$
$J_{21}=\frac{\partial F({\beta }_1)}{\partial \alpha }$	$(1-{\beta }_1){\beta }_1[(-f_1-kv)(1-{\beta }_2)+(-f-\frac{C_{1}kv}{C_1+C_2}){\beta }_2]$
$J_{22}=\frac{\partial F({\beta }_1)}{\partial {\beta }_1}$	$\begin{array}{l}(1-{\beta }_1)\{-C_1+[kv(1-\alpha )-f_1\alpha ](1-{\beta }_2)+[\frac{C_{1}kv(1-\alpha )}{C_1+C_2}-f\alpha ]{\beta }_2\}\\ -{\beta }_1\{-C_1+[kv(1-\alpha )-f_1\alpha ](1-{\beta }_2)+[\frac{C_{1}kv(1-\alpha )}{C_1+C_2}-f\alpha ]{\beta }_2\}\end{array}$
$J_{23}=\frac{\partial F({\beta }_1)}{\partial {\beta }_2}$	$(1-{\beta }_1){\beta }_1[-kv(1-\alpha )+\frac{C_{1}kv(1-\alpha )}{C_1+C_2}-f\alpha +f_1\alpha ]$
$J_{31}=\frac{\partial F({\beta }_2)}{\partial \alpha }$	$(1-{\beta }_2){\beta }_2[(-kv-f_2)(1-{\beta }_1)+(-f-\frac{C_{2}kv}{C_1+C_2}){\beta }_1]$
$J_{32}=\frac{\partial F({\beta }_2)}{\partial {\beta }_1}$	$(1-{\beta }_2){\beta }_2[-kv(1-\alpha )+\frac{C_{2}kv(1-\alpha )}{C_1+C_2}-f\alpha +f_2\alpha ]$
$J_{33}=\frac{\partial F({\beta }_2)}{\partial {\beta }_2}$	$\begin{array}{l}(1-{\beta }_2)\{-C_2+[kv(1-\alpha )-f_2\alpha ](1-{\beta }_1)+[\frac{C_{2}kv(1-\alpha )}{C_1+C_2}-f\alpha ]{\beta }_1\}\\ -{\beta }_2\{-C_2+[kv(1-\alpha )-f_2\alpha ](1-{\beta }_1)+[\frac{C_{2}kv(1-\alpha )}{C_1+C_2}-f\alpha ]{\beta }_1\}\end{array}$

Then, by taking the eight pure strategy points as examples and by substituting them into the Jacobi matrix (12), the eigenvalues of the Jacobi matrix corresponding to the equilibrium solutions can be obtained separately, as shown in

Table 4. The eigenvalues of the Jacobi matrix.

Equilibrium Solution	λ1	λ2	λ3
$E_1{(0, 0, 0)}^{\mathrm{T}}$	$-d+m$	$-C_1+kv$	$-C_2+kv$
$E_2{(0, 0, 1)}^{\mathrm{T}}$	$-d+m+r+kv+f_2$	$-C_1+C_{1}kv/(C_1+C_2)$	$-C_2+kv$
$E_3{(0, 1, 0)}^{\mathrm{T}}$	$-d+m+r+kv+f_1$	$C_1-kv$	$-C_2+C_{2}kv/(C_1+C_2)$
$E_4{(0, 1, 1)}^{\mathrm{T}}$	$-d+m+r+kv+2f$	$C_1-C_{1}kv/(C_1+C_2)$	$C_2-C_{2}kv/(C_1+C_2)$
$E_5{(1, 0, 0)}^{\mathrm{T}}$	$d-m$	$-C_1-f_1$	$-C_2-f_2$
$E_6{(1, 0, 1)}^{\mathrm{T}}$	$d-m-r-kv-f_2$	$-C_1-f$	$C_2+f_2$
$E_7{(1, 1, 0)}^{\mathrm{T}}$	$d-m-r-kv-f_1$	$C_1+f_1$	$-C_2-f$
$E_8{(1, 1, 1)}^{\mathrm{T}}$	$d-m-r-kv-2f$	$C_1+f$	$C_2+f$

.

If and only if ${\lambda }_1, {\lambda }_2, {\lambda }_3\le 0$, then the above equilibrium solution will reach a steady state. This is because there are certain comparative relationships among variables in the real world, for example, the attackers’ attack cost $C_i$ should be less than the maximum value $kv$ obtained when the attack is successful, i.e., $-C_i+kv>0$; the defenders’ defense cost $d$ after strengthening the defense should not be greater than the lost information value $kv$, i.e., $-d+kv\ge 0$. According to the analysis of the results in Table 4, it is clear that there is no evolutionary stabilization strategy (ESS) in $E_1\sim E_8$.

For the analysis of hybrid strategy $E_9\sim E_{13}$, it is impossible to determine whether there is ESS in the above equilibrium solution because a variety of factors jointly influence the evolutionary equilibrium states of the defender and the attackers. As such it can be combined with computer simulation to analyze the evolution of the network security attack and defense in the real world. The primary function of the model analysis is to capture the essence of the problem, analyze the influence of various factors, and find the final solution to the problem. Therefore, when the model analysis cannot use theoretical analysis alone to achieve our purpose, simulation can simulate the effect of implementing different strategies and can conduct scientific predictive analysis.

3.3. Game Analysis Based on System Dynamics

The system dynamics approach is based on feedback control theory. It uses computer simulation technology as a tool that can effectively combine quantitative and qualitative analysis to establish a simulation platform. The system dynamics approach allows for the deep study of the information feedback behavior in complex systems through these methods as well as the search and study the relevant influencing factors within the system [11]. The simulation of evolutionary games with system dynamics for related problems allows for a holistic examination of the dynamic properties behind the game equilibrium globally. In contrast, evolutionary game theory analysis plays a crucial role in modeling and formulating the corresponding decisions [9,44].

According to the above assumptions and analysis, this paper uses Vensim DSS v5.6a to construct an evolutionary game model for network attack and defense, which is comprised of three sub-systems: the defender, attacker (1), and attacker (2), as shown in Figure 3. The rectangles represent level variables that show the cumulative results. The valves represent the rate variables showing the physical flows of the items feeding into or depleting the model. The other variables are exogenous and auxiliary variables. This model includes 3 level variables, 3 rate variables, 8 exogenous variables, and 15 auxiliary variables. Setting the functional relationship between all of the variables depends on the above equations, Equations (1)–(10).

The basic parameters of the model are set as follows: INITIAL TIME = 0, FINAL TIME = 50, TIME STEP = 0.25, Integration Type: Euler. The initial values of the exogenous variables in the SD model are shown in

Table 5. The initial values of exogenous variable.

Variables	Meanings of the Variables	Initial Values
$C_1$	Cost of attack for attacker ($1$), including the cost of manpower, equipment, etc.	8
$C_2$	Cost of attack for attacker ($2$), including the cost of manpower, equipment, etc.	11
$k$	Gain factor for attackers to obtain defender’s valuable information	0.8
$v$	The value of the defender’s information assets	20
$p$	Penalty factor for attackers	0.7
$m$	The original defensive cost of the defender	2
$d$	Defensive cost after strengthening the defense	14
$r$	Reputational loss when defender leaks information	8

.

In the set of replicated dynamic equations in (11), make $F(\alpha )=F({\beta }_1)=F({\beta }_2)=0$; ten equilibrium solutions can be obtained as follows: $E_1{(0, 0, 0)}^{\mathrm{T}}$, $E_2{(0, 0, 1)}^{\mathrm{T}}$, $E_3{(0, 1, 0)}^{\mathrm{T}}$, $E_4{(0, 1, 1)}^{\mathrm{T}}$, $E_5{(1, 0, 0)}^{\mathrm{T}}$, $E_6{(1, 0, 1)}^{\mathrm{T}}$, $E_7{(1, 1, 0)}^{\mathrm{T}}$, $E_8{(1, 1, 1)}^{\mathrm{T}}$, $E_9{(0.37037, 0.405405, 0)}^{\mathrm{T}}$, $E_{10}{(0, 0.742188, 0.863636)}^{\mathrm{T}}$, where $E_1\sim E_8$ are pure strategy equilibrium solutions, and $E_9$ and $E_{10}$ are mixed strategy equilibrium solutions.

The simulation results that are obtained in the next step after substituting $E_{10}$ into the system dynamics model as an example are shown in Figure 4. This result demonstrates that the defender, attacker (1), and attacker (2) are not actively changing their own strategy choices and are in a relatively stable situation. However, whether $E_{10}$ is an ESS still needs to be tested. A population adopting ESS should be sufficient to resist small mutations [42]. We made a tiny mutation in the initial strategy of attacker (2), i.e., we changed the defender’s $\alpha$ from 0 to 0.01, and the model was re-simulated, the results of which are shown in Figure 5.

It can be seen from Figure 4 that when the defender maintains a low defense cost, that is, when they cannot prevent attackers from obtaining information, the attack probability of attacker (2) is greater than the attack probability of attacker (1) because the attack cost of attacker (2) is greater than the attack cost of attacker (1). This indicates that when the defenders are unable to act, more attackers will be attracted to the opportunity to choose to pay a higher attack cost. However, when defenders act, the attackers tend to adopt a lower-cost attack strategy. Further, the results in Figure 5 show that $E_{10}$ is not an ESS, and the equilibrium state of $E_{10}$ is broken when the defender’s initial value of $\alpha$ changes abruptly, and the strategic choices of the other two players are in a fluctuating and unstable state. The reason for this phenomenon is that the defender’s payoff increases after a sudden change in its strategy, and the defender keeps changing its strategy, causing attacker (1) and attacker (2) to change their strategies according to their payoffs. Similarly, we checked the equilibrium state of the other nine strategies and found that $E_1\sim E_9$ are also not ESS according to the simulation results.

In summary, using SD when simulating multi-player evolutionary games to depict network attack and defense is a practical way to analyze the stability of equilibrium solutions. The state of the system is in equilibrium when the defender, attacker (1), and attacker (2) maintain their original strategies, and this state will not change based on an increase in the simulation time. By that time, the attacker with the high attack cost would rather attack the defender with a low defensive cost. However, this equilibrium is unstable and will be broken once a sudden change in one player’s strategy has been made, which indicates that all of the equilibria are not ESS. Therefore, there is no ESS in this game process, and the attackers’ behavior will not be effectively controlled the act at within a certain amount of time.

4. Stability Control Schemes of Network Attack and Defense

When the system is volatile and unstable, it is difficult for organizations to develop an effective supervision strategy. Therefore, there is a need to study how to control the stability of the system to propose more effective countermeasures.

4.1. Static Penalty Scheme

The most common management strategy that is used by scholars who study network attack and defense games is to increase the cost incurred to the attackers or to increase the penalty for the attackers. In the above model, adjusting the defender’s penalty intensity to the attackers, i.e., the defender’s penalty factors to the attackers are changed from $p=0.7$ to $p=1.0$ and $p=1.3$, and the initial strategies of the three players are set as $\alpha =0.5$, ${\beta }_1=0.5$, ${\beta }_2=0.5$. The strategy choices of the defender and attacker (1) under different penalty strengths are shown in Figure 6 and Figure 7.

The simulation results in Figure 6 illustrate that the frequency and amplitude of the fluctuations in the probability of the defender’s enhanced defense during the evolutionary game increase with the increase of the penalty factor. Similarly, it can be seen from Figure 7 that the attack probability of attacker (1) decreases when the penalty factor increases during the same time period; however, the frequency and amplitude of the attack probability of attacker 1 fluctuates during the evolutionary game increases when the penalty factor increases. Because of the increased penalty, attacker (1) will change his strategy quickly and more thoroughly to limit the damage caused by the penalty, which is when the defender will also make the corresponding changes.

In general, only increasing the penalty factor does not effectively suppress the volatility of the players’ strategic choices, and there is still no ESS in the game. In addition, increasing the penalty for the attackers can curb the attackers’ attacks in the short term, and as the penalty increases, the attack probability of attacker (1) decreases more quickly. The attackers will choose not to attack because of the increase in the penalty, but the players cannot maintain this strategic choice; this approach can only achieve results in the short term, when there is still volatility in this game and after the amplitude has increased. For a similar problem, it has been shown that increasing the penalty in a mixed strategy game cannot actually change the equilibrium point of the punished actor’s violation probability [9]. The strategy of increasing the penalty is widely used in reality because it can reduce the equilibrium point of the punished actor in the short run, but the strategy ignores the effect of increasing the penalty on the payoff matrix of the game players, which makes the game process more challenging to control.

4.2. Dynamic Penalty Scheme

In order to suppress fluctuations in the evolutionary game process, many studies correlate penalties with the performance of the player [44,45]. Therefore, in a dynamic penalty scheme, the defender imposes a dynamic penalty based on the probability of strengthening its defense and the behavior of the attackers. That is to say that the higher the attackers’ attack probability is, the greater the penalty, and at the same time, the less the defender invests in defense costs, the greater the penalty to the attackers will be, improving the deteriorating situation for both attackers and defenders, as shown in the three formulas that below:

$${f^{\prime }}_1=p{C}_1{\beta }_1{q}_1(1-\alpha ), {f^{\prime }}_2=p{C}_2{\beta }_2{q}_2(1-\alpha ), f^{\prime }=pv{\beta }_1{\beta }_{2}q(1-\alpha )$$

(13)

where $q_1$ is the adjustment factor for attacker (1), $q_2$ is the adjustment factor for attacker (2), and $q$ is the adjustment factor when both players attack simultaneously; here, all of these values are set to 4. The modified system dynamics model is shown in Figure 8.

Set the initial strategy of defender, attacker (1) and attacker (2) to $\alpha =0.1,$ ${\beta }_1=0.4,$ and ${\beta }_2=0.9$, and $\alpha =0.5, {\beta }_1=0.5, {\beta }_2=0.5$; the simulation results are shown in Figure 9 and Figure 10.

By observing Figure 9 and Figure 10, it can be seen that in the dynamic penalty scheme, even though the initial strategies are different, the three players, the defender, attacker (1), and attacker (2), will continue to play the game over time and will eventually stabilize at $E^{*}(0.3684, 0.4039, 0)$, thus eliminating the fluctuations in the previous static penalty scheme model and making it converge to a point; then $E^{*}$, is the equilibrium solution that makes the evolutionary game stable.

It is then necessary to further verify the accuracy of $E^{*}$. By substituting ${f^{\prime }}_1$, ${f^{\prime }}_2$ and $f^{\prime }$ into the equation in Equation (11), a new replicated dynamic equations can be obtained as:

$$\{\begin{array}{l}F(\alpha )=\alpha (1-\alpha )\left\{\begin{array}{c}{\beta }_1{\beta }_2[(112{\beta }_1{\beta }_2-22.4{\beta }_1-30.8{\beta }_2)(1-\alpha )-24]\\ +{\beta }_1[22.4{\beta }_1(1-\alpha )+24]+{\beta }_2[30.8{\beta }_2(1-\alpha )+24]-12\end{array}\right\}\hfill \\ F({\beta }_1)={\beta }_1(1-{\beta }_1)[{\beta }_2(1-\alpha )(\frac{128}{19}-56{\beta }_1{\beta }_2\alpha )+(1-{\beta }_2)(1-\alpha )(16-22.4{\beta }_1\alpha )-8]\hfill \\ F({\beta }_2)={\beta }_2(1-{\beta }_2)[{\beta }_1(1-\alpha )(\frac{176}{19}-56{\beta }_1{\beta }_2\alpha )+(1-{\beta }_1)(1-\alpha )(16-30.8{\beta }_2\alpha )-11]\hfill \end{array}$$

(14)

In the set of the replicated dynamic equations (14), make $F^{\prime }(\alpha )=F^{\prime }({\beta }^1)=F^{\prime }({\beta }^2)=0$; eight pure strategy equilibrium solutions and three mixed strategy equilibrium solutions can be obtained as follows: ${E^{\prime }}_1{(0, 0, 0)}^{\mathrm{T}}$, ${E^{\prime }}_2{(0, 0, 1)}^{\mathrm{T}}$, ${E^{\prime }}_3{(0, 1, 0)}^{\mathrm{T}}$, ${E^{\prime }}_4{(0, 1, 1)}^{\mathrm{T}}$, ${E^{\prime }}_5{(1, 0, 0)}^{\mathrm{T}}$, ${E^{\prime }}_6{(1, 0, 1)}^{\mathrm{T}}$, ${E^{\prime }}_7{(1, 1, 0)}^{\mathrm{T}}$, ${E^{\prime }}_8{(1, 1, 1)}^{\mathrm{T}}$, ${E^{\prime }}_9{(0, 0.742188, 0.863636)}^{\mathrm{T}}$, ${E^{\prime }}_{10}{(0.200271, 0, 0.36401)}^{\mathrm{T}}$, ${E^{\prime }}_{11}{(0.368436, 0.403858, 0)}^{\mathrm{T}}$.

The Jacobian matrix of the replicated dynamic equations (14) is:

$$J^{\prime }=\left[\begin{array}{l}{J^{\prime }}_{11}\hspace{1em} {J^{\prime }}_{12}\hspace{1em} {J^{\prime }}_{13}\\ {J^{\prime }}_{21}\hspace{1em} {J^{\prime }}_{22}\hspace{1em}\hspace{1em}{J^{\prime }}_{23}\\ {J^{\prime }}_{31}\hspace{1em} {J^{\prime }}_{32}\hspace{1em}\hspace{1em}{J^{\prime }}_{33}\end{array}\right]$$

(15)

Of which,

Jacobian matrix definitions	Details
${J^{\prime }}_{11}=\frac{\partial F^{\prime }(\alpha )}{\partial \alpha }$	$\begin{array}{l}(1-\alpha )\alpha [-22.4{\beta }_1{}^2-30.8{\beta }_2{}^2+{\beta }_1{\beta }_2(22.4{\beta }_1+30.8{\beta }_2-112{\beta }_1{\beta }_2)]+(1-\alpha )\{-12+{\beta }_1[24+22.4(1-\alpha ){\beta }_1]\\ +{\beta }_2[24+30.8(1-\alpha ){\beta }_2]+{\beta }_1{\beta }_2[-24+(1-\alpha )(-22.4{\beta }_1-30.8{\beta }_2+112{\beta }_1{\beta }_2)]\}-\alpha \{-12+{\beta }_1[24+22.4(1-\alpha ){\beta }_1]\\ +{\beta }_2[24+30.8(1-\alpha ){\beta }_2]+{\beta }_1{\beta }_2[-24+(1-\alpha )(-22.4{\beta }_1-30.8{\beta }_2+112{\beta }_1{\beta }_2)]\}\end{array}$
${J^{\prime }}_{12}=\frac{\partial F^{\prime }(\alpha )}{\partial {\beta }_1}$	$(1-\alpha )\alpha \{24+44.8(1-\alpha ){\beta }_1+(1-\alpha ){\beta }_1{\beta }_2(-22.4+112{\beta }_2)+{\beta }_2[-24+(1-\alpha )(-22.4{\beta }_1-30.8{\beta }_2+112{\beta }_1{\beta }_2)]\}$
${J^{\prime }}_{13}=\frac{\partial F^{\prime }(\alpha )}{\partial {\beta }_2}$	$(1-\alpha )\alpha \{24+61.6(1-\alpha ){\beta }_2+(1-\alpha ){\beta }_1(-30.8+112{\beta }_1){\beta }_2+{\beta }_1[-24+(1-\alpha )(-22.4{\beta }_1-30.8{\beta }_2+112{\beta }_1{\beta }_2)]\}$
${J^{\prime }}_{21}=\frac{\partial F^{\prime }({\beta }_1)}{\partial \alpha }$	$(1-{\beta }_1){\beta }_1[-22.4(1-\alpha ){\beta }_1(1-{\beta }_2)-(16-22.4\alpha {\beta }_1)(1-{\beta }_2)-56(1-\alpha ){\beta }_1{\beta }_2{}^2-{\beta }_2(\frac{128}{19}-56\alpha {\beta }_1{\beta }_2)]$
${J^{\prime }}_{22}=\frac{\partial F^{\prime }({\beta }_1)}{\partial {\beta }_1}$	$\begin{array}{l}(1-{\beta }_1){\beta }_1[-22.4(1-\alpha )\alpha (1-{\beta }_2)-56(1-\alpha )\alpha {\beta }_2{}^2]+(1-{\beta }_1)[-8+(1-\alpha )(16-22.4\alpha {\beta }_1)(1-{\beta }_2)\\ +(1-\alpha ){\beta }_2(\frac{128}{19}-56\alpha {\beta }_1{\beta }_2)]-{\beta }_1[-8+(1-\alpha )(16-22.4\alpha {\beta }_1)(1-{\beta }_2)+(1-\alpha ){\beta }_2(\frac{128}{19}-56\alpha {\beta }_1{\beta }_2)]\end{array}$
${J^{\prime }}_{23}=\frac{\partial F^{\prime }({\beta }_1)}{\partial {\beta }_2}$	$(1-{\beta }_1){\beta }_1[-(1-\alpha )(16-22.4\alpha {\beta }_1)-56(1-\alpha )\alpha {\beta }_1{\beta }_2+(1-\alpha )(\frac{128}{19}-56\alpha {\beta }_1{\beta }_2)]$
${J^{\prime }}_{31}=\frac{\partial F^{\prime }({\beta }_2)}{\partial \alpha }$	$(1-{\beta }_2){\beta }_2[-30.8(1-\alpha )(1-{\beta }_1){\beta }_2-56(1-\alpha ){\beta }_1{}^2{\beta }_2-(1-{\beta }_1)(16-30.8\alpha {\beta }_2)-{\beta }_1(\frac{176}{19}-56\alpha {\beta }_1{\beta }_2)]$
${J^{\prime }}_{32}=\frac{\partial F^{\prime }({\beta }_2)}{\partial {\beta }_1}$	$(1-{\beta }_2){\beta }_2[-56(1-\alpha )\alpha {\beta }_1{\beta }_2-(1-\alpha )(16-30.8\alpha {\beta }_2)+(1-\alpha )(\frac{176}{19}-56\alpha {\beta }_1{\beta }_2)]$
${J^{\prime }}_{33}=\frac{\partial F^{\prime }({\beta }_2)}{\partial {\beta }_2}$	$\begin{array}{l}[-30.8(1-\alpha )\alpha (1-{\beta }_1)-56(1-\alpha )\alpha {\beta }_1{}^2](1-{\beta }_2){\beta }_2+(1-{\beta }_2)[-11+(1-\alpha )(1-{\beta }_1)(16-30.8\alpha {\beta }_2)\\ +(1-\alpha ){\beta }_1(\frac{176}{19}-56\alpha {\beta }_1{\beta }_2)]-{\beta }_2[-11+(1-\alpha )(1-{\beta }_1)(16-30.8\alpha {\beta }_2)+(1-\alpha ){\beta }_1(\frac{176}{19}-56\alpha {\beta }_1{\beta }_2)]\end{array}$

Substituting ${E^{\prime }}_1\sim {E^{\prime }}_{10}$ into the Jacobi matrix (14) separately, the calculated results all have eigenvalues that are larger than 0, so none of the values of ${E^{\prime }}_1\sim {E^{\prime }}_{10}$ are an evolutionarily stable equilibrium solution. Substituting ${E^{\prime }}_{11}$ into the matrix, we obtain:

$$J^{\prime }({E^{\prime }}_{11})=\left[\begin{array}{l}-0.850131 \hspace{1em} 8.24349\hspace{1em} 2.79229\\ -4.4252 \hspace{1em} -1.25489 -0.901696\\ \hspace{1em} 0 \hspace{1em}\hspace{1em}\hspace{1em} 0\hspace{1em} \hspace{1em}\hspace{1em}\hspace{1em} -2.61329\end{array}\right]$$

(16)

The characteristic values of the matrix (16) are ${\lambda }_1=-1.05251+6.0364i$, ${\lambda }_2=-1.05251-6.0364i$, and ${\lambda }_3=-2.61329$, and the real parts of the characteristic values are all less than 0, so ${E^{\prime }}_{11}{(0.368436, 0.403858, 0)}^{\mathrm{T}}$ is the ESS of this system.

In summary, the simulation results of the system dynamics are consistent with the results solved by means of mathematical methods, and the ESS can be accurately obtained by adopting the SD model to simulate the evolutionary game process. The dynamic penalty scheme effectively suppresses the fluctuations, and there is a stable evolutionary equilibrium point in the model. Additionally, due to the low timeliness of the defender’s information, the high-attack cost incurred by the attacker does not generate a high enough profit when taking that risk in the presence of a low-cost attacker, so the high-attack cost attacker (2) chooses not to attack at the steady-state. The defender only needs to pay a lower defense cost to deal with a low attack cost attacker in this condition. This scheme can effectively ameliorate the deteriorating situation of the attacking and defending players.

5. Discussion and Managerial Implications

Network security assurance is the basis for the sustainable development of all industries. The governance of network security is a complex problem that integrates the knowledge of several disciplines, and game theory has been applied to the field of computer networks for a long time. Much of the existing literature mainly focuses on the security technology perspective and static analysis of the game among stakeholders while ignoring the dynamic game process under bounded rationality. These studies cannot completely solve the dilemma of escalating input from multiple players in attack and defense. In the network attack and defense process, the players are finitely rational, and their strategic choices are not static or unchanging, and instead, their strategies change dynamically change according to their expected payoffs. Moreover, this paper uses system dynamics and evolutionary game theory to model network attack and defense, and the model conforms to the laws of network attack and defense in reality. Through simulation analysis, we found that the model can intuitively explain the reason why the attack and defense in network security governance will escalate, which shows that the model has objective scientific value. On this basis, we analyze the implementation effect of different punishment schemes on the game process and game equilibrium.

When the punishment scheme is static, the above simulation results show that increasing the punishment generated to the attackers can quickly control the aggressive behavior of the attackers in the short term. However, it will increase the fluctuations in the attackers’ aggressive behavior in the long term and will make the game process more challenging to control. In addition, this phenomenon is also common in reality. For example, when the network security environment is poor and when network attacks are frequent, companies will continue to increase their defense costs, and organizations may introduce strict laws and regulations as the first response, an example of this may be companies spending more money to buy security services and the European Union enacting the “EU Cybersecurity Act” [46]. If attackers still choose to attack after these steps have been taken, then they will be punished by the legal system. Attackers will be aware of this information and will thus adjust their strategies and will reduce their violations of these rules by observing and comparing expected profits, thus effectively controlling the network security situation. However, with the improvement of the network security environment, organizations will gradually relax attacker prevention because the enforcement of securing enterprise network security and legal regulations will objectively increase the costs that are incurred to organizations. It is at this stage that the likelihood of attackers attacking increases, which, in turn, causes the deterioration of the network security environment. Ultimately, this process leads to repeated fluctuations and oscillating developments in the network security situation. This explains the fluctuations observed in Figure 1 to some extent.

The existing repeated fluctuations and seismic developments make it difficult for organizations to develop effective strategies, and blindly increasing penalties will not achieve better enforcement results. Moreover, the number of attackers remains in relatively small, and in this case, it is not economical to simply increase defense costs. Therefore, a suitable punishment scheme is not to simply increase the penalty to improve the network security environment, as this method cannot effectively control the attack behavior and the need to avoid the fluctuations that already exist in the multi-player game.

In addition, from the simulation results of the above two schemes, it can be seen that the static punishment scheme can reduce the attack probability of the attackers in the short term and can quickly play a role in improving the network security environment, but the strategic choices of the defender and attackers will continue to fluctuate. In other words, an evolutionarily stable strategy does not exist in the game. In addition, the frequency and magnitude of fluctuations vary with the initial values of some variables, and simply changing the penalty intensity can only obtain the effect in the short term and does not suppress fluctuations; instead, in the long run, it increases the fluctuations of the attackers’ strategy choices making it difficult to control the practical problem effectively. While the dynamic punishment scheme can effectively suppress the fluctuations that already exist in the game and can reduce uncertainty, the stable states and equilibrium values are not affected by changes in the initial values of the variables. Therefore, in order to stabilize and control the network security situation and to reduce the occurrence of network security attacks, organizations can organically combine the static punishment scheme and the dynamic punishment scheme according to the main objectives in different periods when choosing strategies and when formulating laws and regulations—reducing the probability of attackers attacking while avoiding the fluctuations that already exist in the game in order to stably control the network security situation.

6. Conclusions

In this paper, we built a network attack model based on a multi-player evolutionary game model. The system dynamics simulation and theoretical analysis were combined to verify their correctness. We also analyzed the strategic choices of each player in different schemes and obtained the following conclusions: When the defender uses the static penalty scheme, the strategy choices of the defender and the attackers will continue to fluctuate; when the defender uses the dynamic penalty scheme, the fluctuating states of the game process of the defender and the attackers are effectively suppressed, and there is an evolutionary stabilization strategy for the game process. Static penalty schemes can reduce the attack rate of the attackers in the short term, and dynamic penalty schemes can effectively suppress the fluctuations that exist in the game. The system dynamics model that is provided in this paper is generalizable and can be used as a reference for other network attack and defense models. This study does not give the specific implementation measures of various punishment schemes, nor does it consider cooperation among attackers. Our future research will further explore these two aspects.