一种基于拟态防御的差异化反馈调度判决算法

高明; 罗锦; 周慧颖; 焦海; 应丽莉

doi:10.11959/j.issn.1000-0801.2020146

您当前的位置：

首页 >

文章列表页 >

一种基于拟态防御的差异化反馈调度判决算法

研究与开发 | 更新时间：2024-06-05

- 一种基于拟态防御的差异化反馈调度判决算法
- A differential feedback scheduling decision algorithm based on mimic defense
- 电信科学 2020年36卷第5期页码：73-82
- 作者机构：
- 作者简介：
  
  [ "高明（1979- ），男，博士，浙江工商大学信息与电子工程学院副教授、网络系主任，主要研究方向为新型网络体系架构及工业互联网" ]
  [ "罗锦（1996- ），男，浙江工商大学信息与电子工程学院硕士生，主要研究方向为新型网络体系架构及工业互联网" ]
  [ "周慧颖（1997- ），女，浙江工商大学信息与电子工程学院硕士生，主要研究方向为新型网络体系架构及工业互联网" ]
  [ "焦海（1995- ），男，浙江工商大学信息与电子工程学院硕士生，主要研究方向为新型网络体系架构及工业互联网" ]
  [ "应丽莉（1997- ），女，浙江工商大学信息与电子工程学院硕士生，主要研究方向为新型网络体系架构及工业互联网" ]
- 基金信息：
  
  国家重点研发计划基金资助项目;The National Key Research and Development Program of China(2017YFB0803202);国家自然科学基金资助项目;The National Natural Science Foundation of China(61871468);浙江省自然科学基金资助项目;Zhejiang Provincial Natural Science Foundation of China(LY18F010006);浙江省新型网络标准与应用技术重点实验室项目(2013E10012);浙江省重点研发计划基金资助项目(2019C01056);浙江省重点研发计划项目;The Key Research and Development Program of Zhejiang under Grant(2020C01079)
- DOI：10.11959/j.issn.1000-0801.2020146
  中图分类号： TP393
- 网络出版日期：2020-05，
  
  纸质出版日期：2020-05-20
- 稿件说明：
移动端阅览
高明, 罗锦, 周慧颖, 等. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020,36(5):73-82.

Ming GAO, Jin LUO, Huiying ZHOU, et al. A differential feedback scheduling decision algorithm based on mimic defense[J]. Telecommunications science, 2020, 36(5): 73-82.
高明, 罗锦, 周慧颖, 等. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020,36(5):73-82. DOI： 10.11959/j.issn.1000-0801.2020146.

Ming GAO, Jin LUO, Huiying ZHOU, et al. A differential feedback scheduling decision algorithm based on mimic defense[J]. Telecommunications science, 2020, 36(5): 73-82. DOI： 10.11959/j.issn.1000-0801.2020146.

摘要

面对服务路径的安全性问题，根据拟态防御理论里的基于动态异构冗余（dynamic heterogeneous redundancy，DHR）模型的服务功能链部署拟态防御体系架构，并结合服务路径部署的实际需求，提出了一种基于拟态防御的差异化反馈调度判决算法。首先依据调度算法中执行体集的异构度及安全防御系数，从执行体池中筛选出适合拟态防御场景的调度器，然后根据判决算法的可靠度系数及多数判决算法选出判决器，最后，对本文算法与普通的调度算法、判决算法进行仿真分析。仿真结果表明，本文算法可有效地提升系统的防御能力，保障服务路径配置的安全。

Abstract

Facing the security problem of the service path

according to the service function chain deployment mimic defense architecture based on dynamic heterogeneous redundancy (DHR) model in the mimic defense theory

and combined with the actual needs of the service path deployment

a differential feedback scheduling decision algorithm based on mimic defense was proposed. Firstly

according to the heterogeneity of the executive set in the scheduling algorithm and the security defense coefficient

the scheduler suitable for the mimic defense scenario was selected from the executive pool

and then the decider was selected according to the reliability coefficient of the decision algorithm and the majority decision algorithm. The proposed algorithm

common scheduling algorithm and decision algo rithm were simulated and analyzed. Simulation results show that the proposed algorithm can effectively improve the system’s defense capabilities and ensure the security of the service path configuration.

关键词

Keywords

references

TOURRILHES J , SHARMA P , PETTIT J , et al . SDN and OpenFlow evolution:a standards perspective [J ] . Computer , 2014 , 47 ( 11 ): 22 - 29 .

KUŹNIAR M , PEREŠÍNI P , KOSTIĆ D , et al . Methodology,measurement and analysis of flow table update characteristics in hardware OpenFlow switches [J ] . Computer Networks , 2018 , 4 ( 11 ): 5 - 16 .

吴琼 . 基于 SDN 的服务链的研究与实现 [D ] . 成都:西南交通大学 , 2017 .

WU Q . Research and implementation of service chain based on SDN [D ] . Chengdu:Southwest Jiaotong University , 2017 .

周桥 . 基于SDNFV的服务功能链部署优化技术研究 [D ] . 郑州:信息工程大学 , 2017 .

ZHOU Q . Research on service function chain deployment optimization technology based on SDN [D ] . Zhengzhou:Information Engineering University , 2017 .

PORRAS P , SHIN S , YEGNESWARAN V , et al . A security enforcement kernel for OpenFlow networks [C ] // Proceedings of the HotSDN Workshop at SIG-COMM . New York:ACM Press , 2012 : 121 - 126 .

CHEUNG S , FONG M , PORRAS P , et al . Securing the software-defined network control layer [J ] . 2015 :

KAUR R , SINGH A , SINGH S , et al . Security of software defined networks:taxonomic modeling,key components and open research area [C ] // Proceedings of International Conference on Electrical,Electronics,and Optimization Techniques (ICEEOT) . Piscataway:IEEE Press , 2016 .

SONCHACK J , AVIV A J , KELLER E , et al . POSTER:OFX:enabling OpenFlow extensions for switch-level security applications [C ] // Proceedings of ACM SIGSAC Conference on Computer＆ Communications Security . New York:ACM Press , 2015 .

MIN J X . Research on mimic defense in cyberspace [J ] . Journal of Information Security , 2016 , 1 ( 4 ): 1 - 10 .

GUO W B , LI F . Research on Web application security vulnerability scanning technology [J ] . Information Communications , 2017 ( 12 ): 123 - 124 .

SHI L Y , LI Y , MA M F . New progress in honeypot technology research [J ] . Journal of Electronics ＆ Information Technology , 2019 , 41 ( 2 ): 249 - 259 .

MA H L , YI P , JIANG Y K , et al . Mimic defense architecture of router based on dynamic heterogeneous redundant algorithm [J ] . Journal of Information Security , 2017 , 2 ( 1 ): 29 - 42 .

仝青 , 张铮 , 张为华 , 等 . 拟态防御Web服务器设计与实现 [J ] . 软件学报 , 2017 , 28 ( 4 ): 883 - 897 .

TONG Q , ZHANG Z , ZHANG W H , et al . Design and implementation of mimic defense Web server [J ] . Journal of Software , 2017 , 28 ( 4 ): 883 - 897

URGO M , VANCZA J . A branch-and-bound approach for the single machine maximum lateness stochastic scheduling problem to minimize the value-at-risk [J ] . Flexible Services and Manufacturing Journal , 2019 ( 31 ): 472 - 496 .

QIU D H , LI H , SUN J L . Measuring software similarity based on structure and property of class diagram [C ] // Proceedings of Sixth International Conference on Advanced Computational Intelligence.[S.l.:s.n] . 2013 : 75 - 80 .

WANG Z P , HU H C , CHENG G Z . A DNS framework design based on mimic security defense [J ] . Electronic Journal , 2017 , 45 ( 11 ): 6 - 9 .

胡腾 , 李观文 , 周华春 . 面向服务的数据中心安全框架 [J ] . 电信科学 , 2018 , 34 ( 1 ): 8 - 16 .

HU T , LI G W , ZHOU H C . Service-oriented security framework for datacenter networks [J ] . Telecommunications Science , 2018 , 34 ( 1 ): 8 - 16 .

浏览量

415

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

5G网络量子安全算法应用研究

基于改进长短期记忆网络的新能源场站网络安全评估方法研究

基于RPA技术的网络安全运营自动化实践应用研究

天地一体化网络安全挑战及创新方案

信息通信技术若干发展趋势