自适应的时空多样性联合调度策略设计

仝青; 郭云飞; 霍树民; 王亚文; 蔄羽佳; 张凯

doi:10.11959/j.issn.1000-436x.2021119

您当前的位置：

首页 >

文章列表页 >

自适应的时空多样性联合调度策略设计

学术论文 | 更新时间：2024-06-05

- 自适应的时空多样性联合调度策略设计
- Design of self-adaptive spatio-temporal diversity joint scheduling strategy
- 通信学报 2021年42卷第7期页码：12-24
- 作者机构：
  
  1. 信息工程大学信息技术研究所，河南郑州 450015
  2. 中国人民解放军32066部队，云南昆明 652200
  3. 中国人民解放军31401部队，山东日照 276800
- 作者简介：
  
  [ "仝青（1992− ），女，河南郑州人，信息工程大学博士生，主要研究方向为网络空间主动防御等" ]
  [ "郭云飞（1963− ），男，河南郑州人，信息工程大学教授、博士生导师，主要研究方向为网络空间安全等" ]
  [ "霍树民（1985− ），男，山西长治人，博士，信息工程大学副研究员，主要研究方向为网络空间安全、人工智能安全等" ]
  [ "王亚文（1990− ），男，河南郑州人，博士，信息工程大学助理研究员，主要研究方向为云计算安全、网络主动防御等" ]
  [ "蔄羽佳（1990− ），女，河北邯郸人，中国人民解放军 32066 部队工程师，主要研究方向为网络安全等" ]
  [ "张凯（1986− ），男，山东肥城人，中国人民解放军 31401 部队助理工程师，主要研究方向为云计算安全等" ]
- 基金信息：
  
  国家自然科学基金资助项目(62072467);国家自然科学基金创新群体基金资助项目(61521003);国家重点研发计划基金资助项目(2018YFB0804004)
- DOI：10.11959/j.issn.1000-436x.2021119
  中图分类号： TP393.1
- 网络出版日期：2021-07，
  
  纸质出版日期：2021-07-25
- 稿件说明：
移动端阅览
仝青, 郭云飞, 霍树民, 等. 自适应的时空多样性联合调度策略设计[J]. 通信学报, 2021,42(7):12-24.

Qing TONG, Yunfei GUO, Shumin HUO, et al. Design of self-adaptive spatio-temporal diversity joint scheduling strategy[J]. Journal on communications, 2021, 42(7): 12-24.
仝青, 郭云飞, 霍树民, 等. 自适应的时空多样性联合调度策略设计[J]. 通信学报, 2021,42(7):12-24. DOI： 10.11959/j.issn.1000-436x.2021119.

Qing TONG, Yunfei GUO, Shumin HUO, et al. Design of self-adaptive spatio-temporal diversity joint scheduling strategy[J]. Journal on communications, 2021, 42(7): 12-24. DOI： 10.11959/j.issn.1000-436x.2021119.

摘要

为了解决多样性系统在单一多样性策略下存在防御能力、防御代价和服务质量难以兼顾的问题，首先基于调度异构性、执行体安全性和空间多样性度量方法构造不同安全等级下的调度对象选择序列；然后根据对威胁环境的粗粒度评估，综合决策调度时机以及调度对象。通过在云环境下实现时空多样性Web服务系统，对所提调度策略进行攻防实验测试，并与已有调度策略进行了对比。结果显示，所提调度策略在可接受的防御代价增长范围内，显著提高了系统的防御能力，同时维持了较高的服务质量。

Abstract

To solve the problem that a diversity system is difficult to take defense capability

defense cost and quality of service into account at the same time under a single diversity strategy

firstly

the scheduling object selecting sequences under different security levels were constructed based on the measurement of scheduling heterogeneity

executor security and spatial diversity.Then

according to the coarse-grained evaluation of threat environment

the scheduling time and scheduling object were determined comprehensively.Through the realization of the spatio-temporal diversity Web server system in a cloud environment

the proposed scheduling strategy was tested with attack and defense experiments and compared with the existing scheduling strategies.The results show that the proposed scheduling strategy improves the defense capability significantly and maintains a high quality of service within the acceptable defense cost increasing range.

关键词

Keywords

references

席荣荣 , 云晓春 , 张永铮 , 等 . 一种改进的网络安全态势量化评估方法 [J ] . 计算机学报 , 2015 , 38 ( 4 ): 749 - 758 .

XI R R , YUN X C , ZHANG Y Z , et al . An improved quantitative evaluation method for network security [J ] . Chinese Journal of Com-puters , 2015 , 38 ( 4 ): 749 - 758 .

陈福才 , 扈红超 , 刘文彦 , 等 . 网络空间主动防御 [M ] . 北京 : 科学出版社 , 2018 .

CHEN F C , HU H C , LIU W Y , et al . Cyberspace active defense [M ] . Beijing : Science Press , 2018 .

BANGALORE A K , SOOD A K . Securing Web servers using self cleansing intrusion tolerance (SCIT) [C ] // 2009 Second International Conference on Dependability . Piscataway:IEEE Press , 2009 : 60 - 65 .

OKHRAVI H , COMELLA A , ROBINSON E , et al . Creating a cyber moving target for critical infrastructure applications using platform diversity [J ] . International Journal of Critical Infrastructure Protection , 2012 , 5 ( 1 ): 30 - 39 .

DUNLOP M , GROAT S , URBANSKI W , et al . MT6D:a moving target IPv6 defense [C ] // 2011 Military Communications Conference . Piscataway:IEEE Press , 2011 : 1321 - 1326 .

JACKSON T , HOMESCU A , CRANE S , et al . Diversifying the software stack using randomized NOP insertion [M ] . Berlin : Springer , 2013 .

仝青 , 张铮 , 张为华 , 等 . 拟态防御 Web 服务器设计与实现 [J ] . 软件学报 , 2017 , 28 ( 4 ): 883 - 897 .

TONG Q , ZHANG Z , ZHANG W H , et al . Design and implementation of mimic defense Web server [J ] . Journal of Software , 2017 , 28 ( 4 ): 883 - 897 .

WANG C X , DAVIDSON J , HILL J , et al . Protection of software-based survivability mechanisms [C ] // 2001 International Conference on Dependable Systems and Networks . Piscataway:IEEE Press , 2001 : 193 - 202 .

LU K J , SONG C Y , LEE B , et al . ASLR-guard:stopping address space leakage for code reuse attacks [C ] // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Secu-rity . New York:ACM Press , 2015 : 280 - 291 .

GHOURAB E M , SAMIR E , AZAB M , et al . Diversity-based moving-target defense for secure wireless vehicular communications [C ] // 2018 IEEE Security and Privacy Workshops . Piscataway:IEEE Press , 2018 : 287 - 292 .

WANG F Y , JOU F , GONG F M , et al . SITAR:a scalable intrusion-tolerant architecture for distributed services [C ] // Foundations of Intrusion Tolerant Systems,2003[Organically Assured and Survivable Information Systems] . Piscataway:IEEE Press , 2003 : 359 - 367 .

ZHOU L D , SCHNEIDER F B , RENESDSE V R . COCA:a secure distributed online certification authority [J ] . ACM Transactions on Computer Systems , 2002 , 20 ( 4 ): 329 - 368 .

POSNETT D , SOUZA R D , DEVANBU P , et al . Dual ecological measures of focus in software development [C ] // 2013 35th International Conference on Software Engineering . Piscataway:IEEE Press , 2013 : 452 - 461 .

SENGUPTA S , CHOWDHARY A , SABUR A , et al . A survey of moving target defenses for network security [J ] . IEEE Communications Surveys ＆ Tutorials , 2020 , 22 ( 3 ): 1909 - 1941 .

蔡桂林 , 王宝生 , 王天佐 , 等 . 移动目标防御技术研究进展 [J ] . 计算机研究与发展 , 2016 , 53 ( 5 ): 968 - 987 .

CAI G L , WANG B S , WANG T Z , et al . Research and development of moving target defense technology [J ] . Journal of Computer Research and Development , 2016 , 53 ( 5 ): 968 - 987 .

丁万夫 , 郭锐锋 , 秦承刚 , 等 . 容错优先级可提升的抢占阈值容错调度算法 [J ] . 软件学报 , 2011 , 22 ( 12 ): 2894 - 2904 .

DING W F , GUO R F , QIN C G , et al . Preemption threshold schedul-ing algorithm with higher fault-tolerant priority [J ] . Journal of Software , 2011 , 22 ( 12 ): 2894 - 2904 .

NGUYEN Q L , SOOD A . Designing SCIT architecture pattern in a Cloud-based environment [C ] // 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops . Piscataway:IEEE Press , 2011 : 123 - 128 .

ALAVIZADEH H , JANG-JACCARD J ,, KIM D S . Evaluation for combination of shuffle and diversity on moving target defense strategy for cloud computing [C ] // 2018 17th IEEE International Conference On Trust,Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) . Piscataway:IEEE Press , 2018 : 573 - 578 .

MIR I E , HAQIQ A , KIM D S . A game theoretic approach for cloud computing security assessment using moving target defense mechanisms [C ] // Mediterranean Symposium on Smart City Applications . Berlin:Springer , 2017 : 242 - 254 .

FENG X T , ZHENG Z Z , MOHAPATRA P , et al . A stackelberg game and markov modeling of moving target defense [C ] // International Conference on Decision ＆ Game Theory for Security . Berlin:Springer , 2017 : 315 - 335 .

ZANGENEH V , SHAJARI M . A cost-sensitive move selection strategy for moving target defense [J ] . Computers ＆ Security , 2018 , 75 : 72 - 91 .

COLBAUGH R , GLASDS K . Predictability-oriented defense against adaptive adversaries [C ] // 2012 IEEE International Conference on Systems,Man,and Cybernetics . Piscataway:IEEE Press , 2012 : 2721 - 2727 .

雷程 , 马多贺 , 张红旗 , 等 . 基于网络攻击面自适应转换的移动目标防御技术 [J ] . 计算机学报 , 2018 , 41 ( 5 ): 1109 - 1131 .

LEI C , MA D H , ZHANG H Q , et al . Moving target defense technique based on network attack surface self-adaptive mutation [J ] . Chinese Journal of Computers , 2018 , 41 ( 5 ): 1109 - 1131 .

ALAVIZADEH H , KIM D S , JANG-JACCARD J , . Model-based evaluation of combinations of Shuffle and Diversity MTD techniques on the cloud [J ] . Future Generation Computer Systems , 2020 , 111 : 507 - 522 .

ALAVIZADEH H , HONG J B , JANG-JACCARD J ,, et al . Comprehensive security assessment of combined MTD techniques for the cloud [C ] // Proceedings of the 5th ACM Workshop on Moving Target Defense . New York:ACM Press , 2018 : 11 - 20 .

ALAVIZADEH H , KIM D S , HONG J B , et al . Effective security analysis for combinations of MTD techniques on cloud computing (short paper) [C ] // International Conference on Information Security Practice and Experience . Berlin:Springer , 2017 : 539 - 548 .

GOUES C L , TUONG A N , CHEN H , et al . Moving target defenses in the helix self-regenerative architecture [M ] . Berlin : Springer , 2013 .

OKHRAVI H , HOBSON T , BIGELOW D , et al . Finding focus in the blur of moving-target techniques [J ] . IEEE Security ＆ Privacy , 2014 , 12 ( 2 ): 16 - 26 .

刘文彦 , 霍树民 , 陈扬 , 等 . 网络攻击链模型分析及研究 [J ] . 通信学报 , 2018 , 39 ( S2 ): 88 - 94 .

LIU W Y , HUO S M , CHEN Y , et al . Analysis and study of cyber at-tack chain model [J ] . Journal on Communications , 2018 , 39 ( S2 ): 88 - 94 .

杨嵘 , 张国清 , 韦卫 , 等 . 基于 NetFlow 流量分析的网络攻击行为发现 [J ] . 计算机工程 , 2005 , 31 ( 13 ): 137 - 139 , 164 .

YANG R , ZHANG G Q , WEI W , et al . Discovery of network attack behavior based on NetFlow traffic analysis [J ] . Computer Engineering , 2005 , 31 ( 13 ): 137 - 139 , 164 .

孙建坡 . 基于攻击链的威胁感知系统 [J ] . 邮电设计技术 , 2016 ( 1 ): 74 - 77 .

SUN J P . The threat perception system based on attack chain [J ] . De-signing Techniques of Posts and Telecommunications , 2016 ( 1 ): 74 - 77 .

TONG Q , GUO Y F , HU H C , et al . A diversity metric based study on the correlation between diversity and security [J ] . IEICE Transactions on Information and Systems , 2019 , 102 ( 10 ): 1993 - 2003 .

CHEN P , WANG J S , PAN L , et al . Research and implementation of SQL injection prevention method based on ISR [C ] // 2016 2nd IEEE International Conference on Computer and Communications . Piscataway:IEEE Press , 2016 : 1153 - 1156 .

DEBROY S , CALYAM P , NGUYEN M , et al . Frequency-minimal moving target defense using software-defined networking [C ] // 2016 International Conference on Computing,Networking and Communications . Piscataway:IEEE Press , 2016 : 1 - 6 .

张明悦 , 金芝 , 赵海燕 , 等 . 机器学习赋能的软件自适应性综述 [J ] . 软件学报 , 2020 , 31 ( 8 ): 2404 - 2431 .

ZHANG M Y , JIN Z , ZHAO H Y , et al . Survey of machine learning enabled software self-adaptation [J ] . Journal of Software , 2020 , 31 ( 8 ): 2404 - 2431 .

浏览量

433

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于深度学习的拟态裁决方法研究

对抗智能干扰的主动防御技术

拟态多执行体调度算法研究进展

基于多阶段网络欺骗博弈的主动防御研究

基于DPDK的内网动态网关关键技术设计