基于拟态防御架构的服务功能链执行体动态调度方法

李传煌; 唐晶晶; 陈泱婷; 雷睿; 陈超; 王伟明

doi:10.11959/j.issn.1000-0801.2022070

您当前的位置：

首页 >

文章列表页 >

基于拟态防御架构的服务功能链执行体动态调度方法

研究与开发 | 更新时间：2024-06-05

- 基于拟态防御架构的服务功能链执行体动态调度方法
- Dynamic scheduling method of service function chain executors based on the mimic defense architecture
- 电信科学 2022年38卷第4期页码：101-112
- 作者机构：
- 作者简介：
  
  [ "李传煌（1980− ），男，博士，浙江工商大学教授、硕士生导师，主要研究方向为软件定义网络、开放可编程网络、边缘计算、人工智能应用等" ]
  [ "唐晶晶（1998− ），女，浙江工商大学硕士生，主要研究方向为软件定义网络、人工智能应用" ]
  [ "陈泱婷（1998− ），女，浙江工商大学硕士生，主要研究方向为软件定义网络、人工智能应用" ]
  [ "雷睿（1996− ），男，浙江工商大学硕士生，主要研究方向为软件定义网络、人工智能应用" ]
  [ "陈超（1986− ），男，博士，浙江工商大学副教授、硕士生导师，主要研究方向为下一代无线通信网络技术、网络编码、机器/深度学习等" ]
  [ "王伟明（1964− ），男，博士，浙江工商大学教授、硕士生导师，主要研究方向为新一代网络架构、开放可编程网络" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61871468);国家自然科学基金资助项目;The National Natural Science Foundation of China(62111540270);浙江省新型网络标准与应用技术重点实验室项目(2013E10012)
- DOI：10.11959/j.issn.1000-0801.2022070
  中图分类号： TP393
- 网络出版日期：2022-04，
  
  纸质出版日期：2022-04-20
- 稿件说明：
移动端阅览
李传煌, 唐晶晶, 陈泱婷, 等. 基于拟态防御架构的服务功能链执行体动态调度方法[J]. 电信科学, 2022,38(4):101-112.

Chuanhuang LI, Jingjing TANG, Yangting CHEN, et al. Dynamic scheduling method of service function chain executors based on the mimic defense architecture[J]. Telecommunications science, 2022, 38(4): 101-112.
李传煌, 唐晶晶, 陈泱婷, 等. 基于拟态防御架构的服务功能链执行体动态调度方法[J]. 电信科学, 2022,38(4):101-112. DOI： 10.11959/j.issn.1000-0801.2022070.

Chuanhuang LI, Jingjing TANG, Yangting CHEN, et al. Dynamic scheduling method of service function chain executors based on the mimic defense architecture[J]. Telecommunications science, 2022, 38(4): 101-112. DOI： 10.11959/j.issn.1000-0801.2022070.

摘要

面对静态、滞后的传统防御技术无法有效应对新型网络攻击的问题，根据拟态安全防御理论，提出了一种建立在数据转发层面的拟态服务功能链（mimic service function chain，MSFC）防御架构，基于该架构进一步提出了一种基于判决反馈的执行体动态调度方法。该方法以判决器反馈的异常执行体信息、执行体的异构度以及系统的实际负载量作为调度影响因素，使调度方法可以根据网络实际变化进行自适应调整。此外，该调度方法利用判决反馈对调度时间进行调整，以达到系统花费与安全性的最佳平衡，降低了系统的资源开销。仿真结果表明，该调度方法可以在平衡系统花费与安全性的基础上，选出更符合当前网络需求的高异构度执行体集合，从而提升系统的安全性及可靠性。

Abstract

Faced with the problem that static and lagging traditional defense technologies cannot effectively deal with new network attacks

according to the theory of mimetic security defense

a defense architecture of mimic service function chain (MSFC) based on the data forwarding level was proposed

and an execution dynamic scheduling method based on the decision feedback was further proposed.The method took the abnormal executor information fed back by the decision maker

the heterogeneity of executors and the actual load of the system as the scheduling influencing factors

so that the scheduling method can be adjusted adaptively according to the actual changes of the network.In addition

the scheduling method used decision feedback to adjust the scheduling time

so as to achieve the best balance between system cost and security

and reduce the resource overhead of the system.Simulation results showed that the scheduling method can select a set of highly heterogeneous actuators that better meet the current network requirements on the basis of balancing the system cost and security

so as to improve the security and reliability of the system.

关键词

Keywords

references

RFC . Service function chaining (SFC) architecture [R ] . 2015 .

李天龙 . 多域网络安全服务编排系统的设计与实现 [D ] . 北京:北京交通大学 , 2018 .

LI T L . The design and implement of multi-domain network security service orchestration system [D ] . Beijing:Beijing Jiaotong University , 2018 .

RFC . Forwarding and control element separation (ForCES) protocol specification [R ] . 2010 .

BIFULCO R , CANONICO R , BRUNNER M , et al . A practical experience in designing an OpenFlow controller [C ] // Proceedings of 2012 European Workshop on Software Defined Networking . Piscataway:IEEE Press , 2012 : 61 - 66 .

Table of contents [EB ] . 2006 .

JAIN R , PAUL S . Network virtualization and software defined networking for cloud computing:a survey [J ] . IEEE Communications Magazine , 2013 , 51 ( 11 ): 24 - 31 .

GUERZONI R , . Network functions virtualization an introduction,benefits,enablers,challenges and call for action [C ] // SDN and OpenFlow World Congress,St Louis .[S.l.:s.n. ] , 2012 .

CHOWDHURY N M M K , BOUTABA R . A survey of network virtualization [J ] . Computer Networks , 2010 , 54 ( 5 ): 862 - 876 .

宋永春 . 基于 SDN 的设备间服务链设计与实现 [D ] . 兰州:兰州大学 , 2017 .

SONG Y C . The design and realization of equipment service-chain in SDN [D ] . Lanzhou:Lanzhou University , 2017 .

IETF . Problem statement for service function chaining:RFC 7498 [S ] . 2018 .

OKTIAN Y E , LEE S , LEE H . Mitigating Denial of Service (DoS) attacks in OpenFlow networks [C ] // Proceedings of 2014 International Conference on Information and Communication Technology Convergence (ICTC) . Piscataway:IEEE Press , 2014 : 325 - 330 .

JABEUR N , MOH A N S , BARKIA M M . A bully approach for competitive redundancy in heterogeneous wireless sensor network [J ] . Procedia Computer Science , 2016 ( 83 ): 628 - 635 .

邬江兴 . 网络空间拟态安全防御 [J ] . 保密科学技术 , 2014 ( 10 ): 1 , 4 - 9 .

WU J X . Cyberspace pseudo security defense [J ] . Secrecy Science and Technology , 2014 ( 10 ): 1 , 4 - 9 .

马海龙 , 伊鹏 , 江逸茗 , 等 . 基于动态异构冗余机制的路由器拟态防御体系结构 [J ] . 信息安全学报 , 2017 , 2 ( 1 ): 29 - 42 .

MA H L , YI P , JIANG Y M , et al . Dynamic heterogeneous redundancy based router architecture with mimic defenses [J ] . Journal of Cyber Security , 2017 , 2 ( 1 ): 29 - 42 .

马海龙 , 江逸茗 , 白冰 , 等 . 路由器拟态防御能力测试与分析 [J ] . 信息安全学报 , 2017 , 2 ( 1 ): 43 - 53 .

MA H L , JIANG Y M , BAI B , et al . Tests and analyses for mimic defense ability of routers [J ] . Journal of Cyber Security , 2017 , 2 ( 1 ): 43 - 53 .

DURANTE L , SENO L , VALENZA F , et al . A model for the analysis of security policies in service function chains [C ] // Proceedings of 2017 IEEE Conference on Network Softwarization (NetSoft) . Piscataway:IEEE Press , 2017 .

XIE J C , YI P , ZHANG Z , et al . A service function chain deployment scheme based on heterogeneous backup [C ] // Proceedings of 2018 IEEE 18th International Conference on Communication Technology (ICCT) . Piscataway:IEEE Press , 2018 .

JAJODIA S , GHOSH A K , SWARUP V , et al . Moving Target Defense [M ] . New York,NY : Springer New York , 2011 .

OKHRAVI H , HOBSON T , BIGELOW D , et al . Finding focus in the blur of moving-target techniques [J ] . IEEE Security ＆Privacy , 2014 , 12 ( 2 ): 16 - 26 .

CADAR C , AKRITIDIS P , COSTA M , et al . Data randomization [R ] . 2008 .

邬江兴 , 李军飞 . 一种异构功能等价体调度装置及方法:CN106161417A [P ] . 2016 .

WU J X , LI J F . A heterogeneous functional equivalent scheduling device and method:CN106161417A [P ] . 2016 .

QI C , WU J X , HU H C , et al . Dynamic-scheduling mechanism of controllers based on security policy in software-defined network [J ] . Electronics Letters , 2016 , 52 ( 23 ): 1918 - 1920 .

季新生 , 徐水灵 , 刘文彦 , 等 . 一种面向安全的虚拟网络功能动态异构调度方法 [J ] . 电子与信息学报 , 2019 , 41 ( 10 ): 2435 - 2441 .

JI X S , XU S L , LIU W Y , et al . A security-oriented dynamic and heterogeneous scheduling method for virtual network function [J ] . Journal of Electronics ＆ Information Technology , 2019 , 41 ( 10 ): 2435 - 2441 .

王禛鹏 . 拟态网络操作系统调度与裁决机制研究及实现 [D ] . 郑州:战略支援部队信息工程大学 , 2017 .

WANG Z P . Research on the scheduling and decision-making mechanism of mimic network operating system [D ] . Zhengzhou:Information Engineering University , 2017 .

王宇 . 网络主动防御与主动防御网络 [J ] . 保密科学技术 , 2014 ( 11 ): 27 - 34 .

WANG Y . Cyber active defense and active defense network [J ] . Secrecy Science and Technology , 2014 ( 11 ): 27 - 34 .

浏览量

404

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于微服务架构的粒度可变服务功能链映射算法

基于改进灰狼优化算法的服务功能链映射算法

5G+时代的软件定义安全技术架构研究与实践

有限异构资源条件下的工业控制拟态调度算法

一种基于拟态防御的差异化反馈调度判决算法