全球网络威胁日趋严峻,信息安全漏洞逐渐成为各国网络空间安全战略的重要内容,信息安全众测平台作为漏洞发掘的重要途径,提高其运作效率具有重要意义。本文运用演化博弈理论,基于临时团队构建了有限理性的众测平台中白帽子间安全知识共享的复制动态模型,分析不同的参数对进化稳定策略的影响及实现知识共享的均衡条件。研究结果表明:临时团队内白帽子间进行安全知识共享与安全知识共享成本、信任度、固有安全知识量、安全知识增值率、安全知识漏洞转化率、团队平均漏洞奖励率和获得团队奖励的概率等有关；降低知识共享成本、提高白帽子的共享能力和意愿,并且建立有效的奖惩机制对信息安全众测平台临时团队白帽子间安全知识共享有明显的促进作用。

The global network threat is becoming more and more serious. Information security vulnerabilities have gradually become an important part of Cyberspace Security Strategies of various countries. As an important way to exploit vulnerabilities, information security crowd-testing platform is of great significance to improve its operational efficiency. Based on evolutionary game theory and temporary team, this paper constructs a replication dynamic model of security knowledge sharing among white hats who are limited rational on crowd-testing platform and analyses the influence of different parameters on evolutionary stability strategy and the equilibrium conditions for knowledge sharing. The results show that security knowledge sharing among white hats in temporary teams is related to cost, trust, intrinsic security knowledge, value-added rate of security knowledge, conversion rate of security knowledge vulnerabilities, average team vulnerability reward rate and the probability of team reward, etc. It can reduce the cost of knowledge sharing, improve the ability and willingness of sharing white hats, and establish an effective system. The reward and punishment mechanism can obviously promote the sharing of security knowledge among the temporary teams of the public information security platform.

F204

教育部人文社会科学研究规划“第三方平台信息安全知识共享：参与动机和披露机制对共享行为的影响研究”(编号：16YJA630001)