拟态多执行体调度算法研究进展

朱正彬; 刘勤让; 刘冬培; 王崇

doi:10.11959/j.issn.1000-436x.2021072

您当前的位置：

首页 >

文章列表页 >

拟态多执行体调度算法研究进展

综述 | 更新时间：2024-06-06

- 拟态多执行体调度算法研究进展
- Research progress of mimic multi-execution scheduling algorithm
- 通信学报 2021年42卷第5期页码：179-190
- 作者机构：
  
  信息工程大学信息技术研究所，河南郑州 450002
- 作者简介：
  
  [ "朱正彬（1996- ），男，湖北荆门人，信息工程大学博士生，主要研究方向为网络空间安全、网络主动防御" ]
  [ "刘勤让（1975- ），男，河南商丘人，博士，信息工程大学研究员，主要研究方向为网络空间安全、宽带信息网络及芯片设计" ]
  [ "刘冬培（1985- ），男，湖南长沙人，博士，信息工程大学助理研究员，主要研究方向为SoC芯片测试与验证" ]
  [ "王崇（1995- ），男，河北邯郸人，信息工程大学博士生，主要研究方向为拟态防御、缓存侧信道防御" ]
- 基金信息：
  
  国家核高基重大专项基金资助项目(2017ZX01030301)
- DOI：10.11959/j.issn.1000-436x.2021072
  中图分类号： TP309
- 网络出版日期：2021-05，
  
  纸质出版日期：2021-05-25
- 稿件说明：
移动端阅览
朱正彬, 刘勤让, 刘冬培, 等. 拟态多执行体调度算法研究进展[J]. 通信学报, 2021,42(5):179-190.

Zhengbin ZHU, Qinrang LIU, Dongpei LIU, et al. Research progress of mimic multi-execution scheduling algorithm[J]. Journal on communications, 2021, 42(5): 179-190.
朱正彬, 刘勤让, 刘冬培, 等. 拟态多执行体调度算法研究进展[J]. 通信学报, 2021,42(5):179-190. DOI： 10.11959/j.issn.1000-436x.2021072.

Zhengbin ZHU, Qinrang LIU, Dongpei LIU, et al. Research progress of mimic multi-execution scheduling algorithm[J]. Journal on communications, 2021, 42(5): 179-190. DOI： 10.11959/j.issn.1000-436x.2021072.

摘要

拟态防御是一种基于动态异构冗余架构的新型主动防御技术，具有内在不确定、异构、冗余及负反馈等特性，从而能显著提高系统稳健性和安全性。其中多执行体调度算法是拟态防御技术的关键，其优劣直接影响拟态系统抵抗基于已知或未知漏洞后门攻击的能力。基于此，首先介绍了拟态调度算法技术和目标，然后从调度对象、调度数量及调度时机这3个方面对调度算法研究现状进行了分析总结，最后展望了拟态调度算法未来的研究方向与趋势。

Abstract

Mimic defense is the new active defense technology based on the dynamic heterogeneous redundant architecture.With inherent uncertainty

heterogeneous

redundant and negative feedback features

it can significantly improve the robustness and security of system.Among them

the scheduling algorithm is the key to mimic defense technology

which advantages and disadvantages directly affect the ability of system to resist attacks based on known or unknown vulnerabilities.Based on this

the principle and goal of mimic scheduling algorithm were firstly introduced.Then the state-of-the-art of mimic scheduling algorithms were analyzed and summarized from three aspects

such as scheduling object

scheduling quantity and scheduling timing.Finally

the future research direction and trend of mimic scheduling algorithms were prospected.

关键词

Keywords

references

OPPLIGER R . Internet security [J ] . Communications of the ACM , 1997 , 40 ( 5 ): 92 - 102 .

ROBERTO D P , LUIGI V M . Intrusion detection systems [M ] . Berlin : Springer Science ＆ Business Media , 2008 .

PANDA B K , PRADHAN M , PRADHAN S K . Intrusion prevention system [M ] . Network Security Attacks and Countermeasures . IGI Global , 2016 .

GHAFFARIAN S M , SHAHRIARI H R . Software vulnerability analysis and discovery using machine-learning and data-mining techniques [J ] . ACM Computing Surveys , 2017 , 50 ( 4 ): 1 - 36 .

HOSSEINI S , . Fingerprint vulnerability:a survey [C ] // 2018 4th International Conference on Web Research . Piscataway:IEEE Press , 2018 : 70 - 77 .

PERDISCI R , DAGON D , LEE W , et al . Misleading worm signature generators using deliberate noise injection [C ] // 2006 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2006 : 17 - 31 .

REIS C , BARTH A , PIZANO C . Browser security:lessons from google chrome [J ] . Queue , 2009 , 7 ( 5 ): 3 - 8 .

魏帅 , 张辉华 , 苏野 , 等 . 基于高阶异构度的大数裁决算法及性能分析 [J ] . 计算机工程 , 2020 , 51 ( 1 ): 1 - 7 .

WEI S , ZHANG H H , SU Y , et al . Majority voting algorithm and per-formance analysis based on high level heterogeneity [J ] . Computer En-gineering , 2020 , 51 ( 1 ): 1 - 7 .

沈昌祥 , 张大伟 , 刘吉强 , 等 . 可信3.0战略:可信计算的革命性演变 [J ] . 中国工程科学 , 2016 , 18 ( 6 ): 53 - 57 .

SHEN C X , ZHANG D W , LIU J Q , et al . The strategy of TC 3.0:a revolutionary evolution in trusted computing [J ] . Engineering Science , 2016 , 18 ( 6 ): 53 - 57 .

CONG J , SARKAR V , REINMAN G , et al . Customizable domain-specific computing [J ] . IEEE Design ＆ Test of Computers , 2011 , 28 ( 2 ): 6 - 15 .

ZHENG J J , NAMIN A S . A survey on the moving target defense strategies:an architectural perspective [J ] . Journal of Computer Science and Technology , 2019 , 34 ( 1 ): 207 - 233 .

CHO J H , SHARMA D P , ALAVIZADEH H , et al . Toward proactive,adaptive defense:a survey on moving target defense [J ] . IEEE Communications Surveys ＆ Tutorials , 2020 , 22 ( 1 ): 709 - 745 .

JAFARIAN J H , AL-SHAER E , DUAN Q . An effective address mutation approach for disrupting reconnaissance attacks [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 12 ): 2562 - 2577 .

JAFARIAN J H , AL-SHAER E , DUAN Q . Adversary-aware IP address randomization for proactive agility against sophisticated attackers [C ] // 2015 IEEE Conference on Computer Communications . Piscataway:IEEE Press , 2015 : 738 - 746 .

LUO Y B , WANG B S , CAI G L . Effectiveness of port hopping as a moving target defense [C ] // 2014 7th International Conference on Security Technology . Piscataway:IEEE Press , 2014 : 7 - 10 .

AZAB M , ELTOWEISSY M . ChameleonSoft:software behavior encryption for moving target defense [J ] . Mobile Networks and Applications , 2013 , 18 ( 2 ): 271 - 292 .

SAKIC E , ÐERIĆ N , KELLERER W . MORPH:an adaptive framework for efficient and Byzantine fault-tolerant SDN control plane [J ] . IEEE Journal on Selected Areas in Communications , 2018 , 36 ( 10 ): 2158 - 2174 .

KAMPANAKIS P , PERROS H , BEYENE T . SDN-based solutions for moving target defense network protection [C ] // Proceedings of IEEE International Symposium on a World of Wireless,Mobile and Multimedia Networks . Piscataway:IEEE Press , 2014 : 1 - 6 .

TORQUATO M , VIEIRA M . Moving target defense in cloud computing:a systematic mapping study [J ] . Computers ＆ Security , 2020 , 92 : 101742 .

邬江兴 . 网络空间拟态防御研究 [J ] . 信息安全学报 , 2016 , 1 ( 4 ): 1 - 10 .

WU J X . Research on cyber mimic defense [J ] . Journal of Cyber Secu-rity , 2016 , 1 ( 4 ): 1 - 10 .

MANADHATA P K , WING J M . An attack surface metric [J ] . IEEE Transactions on Software Engineering , 2011 , 37 ( 3 ): 371 - 386 .

马海龙 , 江逸茗 , 白冰 , 等 . 路由器拟态防御能力测试与分析 [J ] . 信息安全学报 , 2017 , 2 ( 1 ): 43 - 53 .

MA H L , JIANG Y M , BAI B , et al . Tests and analyses for mimic de-fense ability of routers [J ] . Journal of Cyber Security , 2017 , 2 ( 1 ): 43 - 53 .

宋克 , 刘勤让 , 魏帅 , 等 . 基于拟态防御的以太网交换机内生安全体系结构 [J ] . 通信学报 , 2020 , 41 ( 5 ): 18 - 26 .

SONG K , LIU Q R , WEI S , et al . Endogenous security architecture of Ethernet switch based on mimic defense [J ] . Journal on Communica-tions , 2020 , 41 ( 5 ): 18 - 26 .

卢振平 , 陈福才 , 程国振 . 基于贝叶斯-斯坦科尔伯格博弈的 SDN安全控制平面模型 [J ] . 网络与信息安全学报 , 2017 , 3 ( 11 ): 40 - 49 .

LU Z P , CHEN F C , CHENG G Z . Secure control plane for SDN using Bayesian Stackelberg games [J ] . Chinese Journal of Network and In-formation Security , 2017 , 3 ( 11 ): 40 - 49 .

WANG W , LI G S , GAI K K , et al . Modelization and analysis of dynamic heterogeneous redundant system [J ] . Concurrency and Computation Practice and Experience , 2020 , 35 ( 2 ): 35 - 43 .

HU H C , WU J X , WANG Z P , et al . Mimic defense:a designed-in cybersecurity defense framework [J ] . IET Information Security , 2018 , 12 ( 3 ): 226 - 237 .

PARHAMI B . Voting algorithms [J ] . IEEE Transactions on Reliability , 1994 , 43 ( 4 ): 617 - 629 .

JAMALI N , SAMMUT C . Majority voting:material classification by tactile sensing using surface texture [J ] . IEEE Transactions on Robotics , 2011 , 27 ( 3 ): 508 - 521 .

LEUNG Y W . Maximum likelihood voting for fault-tolerant software with finite output-space [J ] . IEEE Transactions on Reliability , 1995 , 44 ( 3 ): 419 - 427 .

MCALLISTER D F , SUN C E , VOUK M A . Reliability of voting in fault-tolerant software systems for small output-spaces [J ] . IEEE Transactions on Reliability , 1990 , 39 ( 5 ): 524 - 534 .

REIS G A , CHANG J , VACHHARAJANI N , et al . SWIFT:software implemented fault tolerance [C ] // International Symposium on Code Generation and Optimization . Piscataway:IEEE Press , 2005 : 243 - 254 .

彭浩 , 陆阳 , 孙峰 , 等 . 副版本不可抢占的全局容错调度算法 [J ] . 软件学报 , 2016 , 27 ( 12 ): 3158 - 3171 .

PENG H , LU Y , SUN F , et al . Fault tolerant global scheduling with non-preemptive backups [J ] . Journal of Software , 2016 , 27 ( 12 ): 3158 - 3171 .

AVIZIENIS A . The N-version approach to fault-tolerant software [J ] . IEEE Transactions on Software Engineering , 1985 , SE-11 ( 12 ): 1491 - 1501 .

CASTRO M , LISKOV B . Practical Byzantine fault tolerance and proactive recovery [J ] . ACM Transactions on Computer Systems , 2002 , 20 ( 4 ): 398 - 461 .

VERONESE G S , CORREIA M , BESSANI A N , et al . Efficient Byzantine fault-tolerance [J ] . IEEE Transactions on Computers , 2013 , 62 ( 1 ): 16 - 30 .

邬江兴 . 网络空间拟态防御导论 [M ] . 北京 : 科学出版社 , 2017 .

WU J X . Introduction to cyberspace mimic defense [M ] . Beijing : Science Press , 2017 .

刘勤让 , 林森杰 , 顾泽宇 . 面向拟态安全防御的异构功能等价体调度算法 [J ] . 通信学报 , 2018 , 39 ( 7 ): 188 - 198 .

LIU Q R , LIN S J , GU Z Y . Heterogeneous redundancies scheduling algorithm for mimic security defense [J ] . Journal on Communications , 2018 , 39 ( 7 ): 188 - 198 .

韩进 , 臧斌宇 . 软件相异性对于系统安全的有效性分析 [J ] . 计算机应用与软件 , 2010 , 27 ( 9 ): 273 - 275 , 300 .

HAN J , ZANG B Y . Analyzing the effectiveness of software diversity for system security [J ] . Computer Applications and Software , 2010 , 27 ( 9 ): 273 - 275 , 300 .

姚文斌 , 杨孝宗 . 相异性软件组件选择算法设计 [J ] . 哈尔滨工业大学学报 , 2003 , 35 ( 3 ): 261 - 264 .

YAO W B , YANG X Z . Design of selective algorithm for diverse software components [J ] . Journal of Harbin Institute of Technology , 2003 , 35 ( 3 ): 261 - 264 .

吕迎迎 , 郭云飞 , 王禛鹏 , 等 . SDN 中基于历史信息的负反馈调度算法 [J ] . 网络与信息安全学报 , 2018 , 4 ( 6 ): 45 - 51 .

LYU Y Y , GUO Y F , WANG Z P , et al . Negative feedback scheduling algorithm based on historical information in SDN [J ] . Chinese Journal of Network and Information Security , 2018 , 4 ( 6 ): 45 - 51 .

张震骁 . 拟态防御动态调度策略研究 [D ] . 郑州:郑州大学 , 2018 .

ZHANG Z X . Research on dynamic scheduling strategy for mi-mic defense [D ] . Zhengzhou:Zhengzhou University , 2018 .

LI J F , WU J X , HU Y X , et al . DSL:dynamic and self-learning schedule method of multiple controllers in SDN [J ] . ETRI Journal , 2017 , 39 ( 3 ): 364 - 372 .

沈丛麒 , 陈双喜 , 吴春明 , 等 . 基于信誉度与相异度的自适应拟态控制器研究 [J ] . 通信学报 , 2018 , 39 ( S2 ): 173 - 180 .

SHEN C Q , CHEN S X , WU C M , et al . Adaptive mimic defensive controller framework based on reputation and dissimilarity [J ] . Journal on Communications , 2018 , 39 ( S2 ): 173 - 180 .

王晓梅 , 杨文晗 , 张维 , 等 . 基于BSG的拟态Web服务器调度策略研究 [J ] . 通信学报 , 2018 , 39 ( S2 ): 112 - 120 .

WANG X M , YANG W H , ZHANG W , et al . Research on scheduling strategy of mimic Web server based on BSG [J ] . Journal on Communi-cations , 2018 , 39 ( S2 ): 112 - 120 .

李传煌 , 任云方 , 汤中运 , 等 . SDN中服务部署的拟态防御方法 [J ] . 通信学报 , 2018 , 39 ( S2 ): 121 - 130 .

LI C H , REN Y F , TANG Z Y , et al . Mimic defense method for service deployment in SDN [J ] . Journal on Communications , 2018 , 39 ( S2 ): 121 - 130 .

TWU P , MOSTOFI Y , EGERSTEDT M . A measure of heterogeneity in multi-agent systems [C ] // 2014 American Control Conference . Piscataway:IEEE Press , 2014 : 3972 - 3977 .

张杰鑫 , 庞建民 , 张铮 , 等 . 面向拟态构造Web服务器的执行体调度算法 [J ] . 计算机工程 , 2019 , 45 ( 8 ): 14 - 21 .

ZHANG J X , PANG J M , ZHANG Z , et al . Executors scheduling al-gorithm for Web server with mimic structure [J ] . Computer Engineer-ing , 2019 , 45 ( 8 ): 14 - 21 .

GARCIA M , BESSANI A , GASHI I , et al . Analysis of operating system diversity for intrusion tolerance [J ] . Software:Practice and Experience , 2014 , 44 ( 6 ): 735 - 770 .

普黎明 , 刘树新 , 丁瑞浩 , 等 . 面向拟态云服务的异构执行体调度算法 [J ] . 通信学报 , 2020 , 41 ( 3 ): 17 - 24 .

PU L M , LIU S X , DING R H , et al . Heterogeneous executor schedul-ing algorithm for mimic cloud service [J ] . Journal on Communications , 2020 , 41 ( 3 ): 17 - 24 .

WU Z Q , WEI J . Heterogeneous executors scheduling algorithm for mimic defense systems [C ] // 2019 IEEE 2nd International Conference on Computer and Communication Engineering . Piscataway:IEEE Press , 2019 : 279 - 284 .

QIU D H , LI H , SUN J L . Measuring software similarity based on structure and property of class diagram [C ] // 2013 Sixth International Conference on Advanced Computational Intelligence . Piscataway:IEEE Press , 2013 : 75 - 80 .

顾泽宇 , 张兴明 , 林森杰 . 基于安全策略的负载感知动态调度机制 [J ] . 计算机应用 , 2017 , 37 ( 11 ): 3304 - 3310 .

GU Z Y , ZHANG X M , LIN S J . Load-aware dynamic scheduling mechanism based on security strategies [J ] . Journal of Computer Ap-plications , 2017 , 37 ( 11 ): 3304 - 3310 .

高明 , 罗锦 , 周慧颖 , 等 . 一种基于拟态防御的差异化反馈调度判决算法 [J ] . 电信科学 , 2020 , 36 ( 5 ): 73 - 82 .

GAO M , LUO J , ZHOU H Y , et al . A differential feedback scheduling decision algorithm based on mimic defense [J ] . Telecommunications Science , 2020 , 36 ( 5 ): 73 - 82 .

LU Z P , CHEN F C , CHENG G Z , et al . Towards a dynamic controller scheduling-timing problem in software-defined networking [J ] . China Communications , 2017 , 14 ( 10 ): 26 - 38 .

GUO W , WU Z Q , ZHANG F , et al . Scheduling sequence control method based on sliding window in cyberspace mimic defense [J ] . IEEE Access , 2019 , 8 : 1517 - 1533 .

魏帅 , 于洪 , 顾泽宇 , 等 . 面向工控领域的拟态安全处理机架构 [J ] . 信息安全学报 , 2017 , 2 ( 1 ): 54 - 73 .

WEI S , YU H , GU Z Y , et al . Architecture of mimic security processor for industry control system [J ] . Journal of Cyber Security , 2017 , 2 ( 1 ): 54 - 73 .

QI C , WU J X , HU H C , et al . Dynamic-scheduling mechanism of controllers based on security policy in software-defined network [J ] . Electronics Letters , 2016 , 52 ( 23 ): 1918 - 1920 .

HU H C , WANG Z P , CHENG G Z , et al . MNOS:a mimic network operating system for software defined networks [J ] . IET Information Security , 2017 , 11 ( 6 ): 345 - 355 .

李军飞 . 软件定义网络中拟态防御的关键技术研究 [D ] . 郑州:战略支援部队信息工程大学 , 2019 .

LI J F . Research on key technologies of mimic defense in soft-ware-defined network [D ] . Zhengzhou:Information Engineering Uni-versity , 2019 .

PARZEN E . On estimation of a probability density function and mode [J ] . The Annals of Mathematical Statistics , 1962 , 33 ( 3 ): 1065 - 1076 .

LIPOWSKI A , LIPOWSKA D . Roulette-wheel selection via stochastic acceptance [J ] . Physica A:Statistical Mechanics and Its Applications , 2012 , 391 ( 6 ): 2193 - 2196 .

TAMADA H . Java birthmarks:detecting the software theft [J ] . IEICE Transactions on Information and Systems , 2005 , 88 ( 9 ): 2148 - 2158 .

PARK H , CHOI S , LIM H I , et al . Detecting code theft via a static instruction trace birthmark for Java methods [C ] // 2008 6th IEEE International Conference on Industrial Informatics . Piscataway:IEEE Press , 2008 : 551 - 556 .

BAXTER I D , YAHIN A , MOURA L , et al . Clone detection using abstract syntax trees [C ] // Proceedings of International Conference on Software Maintenance . Piscataway:IEEE Press , 1998 : 368 - 377 .

浏览量

342

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于深度学习的拟态裁决方法研究

拟态路由器BGP代理的设计实现与形式化验证

对抗智能干扰的主动防御技术

面向持久性连接的自适应拟态表决器设计与实现

基于高阶异构度的执行体动态调度算法