面向持久性连接的自适应拟态表决器设计与实现

周大成; 陈鸿昶; 程国振; 何威振; 商珂; 扈红超

doi:10.11959/j.issn.1000-436x.2022081

您当前的位置：

首页 >

文章列表页 >

面向持久性连接的自适应拟态表决器设计与实现

学术论文 | 更新时间：2024-06-06

- 面向持久性连接的自适应拟态表决器设计与实现
- Design and implementation of adaptive mimic voting device oriented to persistent connection
- 通信学报 2022年43卷第6期页码：71-84
- 作者机构：
  
  信息工程大学信息技术研究所，河南郑州 450001
- 作者简介：
  
  [ "周大成（1995- ），男，河南息县人，信息工程大学博士生，主要研究方向为网络空间安全、云计算等" ]
  [ "陈鸿昶（1964- ），男，河南新密人，博士，信息工程大学教授、博士生导师，主要研究方向为网络空间安全、数据分析等" ]
  [ "程国振（1986- ），男，山东菏泽人，博士，信息工程大学副教授、硕士生导师，主要研究方向为网络空间安全、软件定义网络等" ]
  [ "何威振（1996- ），男，安徽亳州人，信息工程大学博士生，主要研究方向为网络空间安全、云计算等" ]
  [ "商珂（1995- ），女，河南郑州人，信息工程大学助理研究员，主要研究方向为网络空间安全、云计算等" ]
  [ "扈红超（1982- ），男，河南商丘人，博士，信息工程大学教授、博士生导师，主要研究方向为网络空间安全、拟态防御等" ]
- 基金信息：
  
  国家自然科学基金资助项目(62072467);国家重点研发计划基金资助项目(2021YFB1006200);国家重点研发计划基金资助项目(2021YFB1006201)
- DOI：10.11959/j.issn.1000-436x.2022081
  中图分类号： TP309.1
- 网络出版日期：2022-06，
  
  纸质出版日期：2022-06-25
- 稿件说明：
移动端阅览
周大成, 陈鸿昶, 程国振, 等. 面向持久性连接的自适应拟态表决器设计与实现[J]. 通信学报, 2022,43(6):71-84.

Dacheng ZHOU, Hongchang CHEN, Guozhen CHENG, et al. Design and implementation of adaptive mimic voting device oriented to persistent connection[J]. Journal on communications, 2022, 43(6): 71-84.
周大成, 陈鸿昶, 程国振, 等. 面向持久性连接的自适应拟态表决器设计与实现[J]. 通信学报, 2022,43(6):71-84. DOI： 10.11959/j.issn.1000-436x.2022081.

Dacheng ZHOU, Hongchang CHEN, Guozhen CHENG, et al. Design and implementation of adaptive mimic voting device oriented to persistent connection[J]. Journal on communications, 2022, 43(6): 71-84. DOI： 10.11959/j.issn.1000-436x.2022081.

摘要

目的：拟态表决器是拟态防御技术的动态异构冗余架构下的关键组件，但是现有拟态表决方法需要分析处理异构冗余执行体的完整输出数据，在基于HTTP 1.1协议的基于持久性连接持续传输数据分块的应用场景中存在表决效率过低、内存资源开销过大的问题。本文面向持久性连接的数据分块持续输出的场景，设计实现面向持久性连接的自适应拟态表决器，以降低表决器的内存资源开销并提高该场景下的表决效率。

方法：通过自适应切分陆续到达表决器的异构冗余分块报文，在数据持续传输过程中以滑动窗口的方式对分块报文的数据进行动态表决与输出，并逐步释放已表决分块报文数据，从而在保持持久性连接的数据传输连续性的条件下降低数据表决处理时间和拟态表决器的内存消耗。一方面，分析滑动窗口式表决的分块传输编码报文的数据特征，构建表决算法选择策略集，给出表决器在滑动窗口式的数据表决时的表决准确性的维护方案。另一方面，建立自适应拟态表决器的数据表决过程的存贮模型，并基于存贮模型的成本优化提出自适应表决窗口控制策略，为待表决数据的提供最佳的自适应切分方案。

结果：基于Nginx实现自适应拟态表决器的原型系统并与传统的拟态表决器进行一系列的对比实验。（1）通过对内存资源占用量评估发现，自适应拟态表决器在传输20MB分块编码传输的Web资源时消耗的物理内存的峰值及消耗物理内存的总时间相较于传统拟态表决器均明显降低；（2）通过传输时延评估发现，自适应拟态表决器在表决处理10MB至320MB的分块传输编码的网页资源的响应时间均较低，说明其表决速率得到明显提高；（3）通过并发性能评估发现，自适应拟态表决器在1000至5000的并发量下的系统平均响应时延低于传统拟态表决器的，表决处理吞吐量也高于传统拟态表决器；（4）通过表决准确性评估表明，基于表决算法选择策略集的自适应拟态表决器相较于分别采用字符相似度算法、语义特征算法、层次分析算法的传统拟态表决器，在多个HTML的数据篡改场景中略弱于语义特征算法和层次分析算法，但远优于字符相似度算法，因此具有可接受的表决准确率。

结论：自适应拟态表决器有效解决了持久性连接传输分块报文的表决过程中的内存资源的过度占用带来的服务性能下降问题。资源开销实验说明了自适应拟态表决器对该问题的改善效果；表决准确度评估实验说明了自适应拟态表决器在提高表决效率的同时维护了可接受的表决准确性；不同数据规模和不同服务压力下的实验以微基准的方式说明了自适应拟态表决器在一般应用场景下的可行性。因此，本文所设计实现的自适应拟态表决器在可接受的表决准确度下降低了资源开销并提高了表决效率，可有效支撑在持久性连接中传输数据的应用程序的拟态化改造。

Abstract

Objectives: Mimic voter is a crucial component under the dynamic heterogeneous redundancy architecture of mimic defense technology

but the existing mimic voting method needs to collect and process the complete output data of heterogeneous redundant executives. In the application scenario where the connection continuously transmits data in chunked transfer encoding

there are problems that the mimic voting efficiency is too low and the memory resource overhead of mimic voting is too significant.This paper designs and implements an adaptive mimic voter oriented to the scenario of the continuous output of chunked transfer encoded data in a persistent connection to reduce the memory resource overhead of the mimic voter and improve voting efficiency.

Methods: The proposed mimic voter adaptively divides the chunked-transfer-encoded data arriving at the voter successively from the heterogeneous redundant executives

dynamically votes

and then outputs the data in the form of a sliding window during the continuous data transmission process.Gradually releasing the data of the voted blocks can reduce the memory consumption of the mimic voter and lower the voting processing time while maintaining the continuity of data transmission of the persistent connection.On the one hand

a voting algorithm selection strategy set is constructed to keep the voting accuracy by analyzing the data characteristics in the sliding window.On the other hand

an inventory model of the data voting process of the adaptive mimic voter is established

and an adaptive voting window control strategy is proposed based on the cost optimization of the inventory model to provide the best adaptive segmentation scheme for the data to be voted.

Results:A series of comparative experiments between the prototype system of the adaptive mimic voter and the traditional mimic voter is conducted as follows. (1) The evaluation of memory resource occupancy shows that the peak physical memory consumption and the total time of consuming physical memory when the adaptive mimic voter transmits 20MB web resources in chunked transfer encoding are significantly lower than those of the traditional mimic voter. (2) The evaluation of transmission delay shows that the response time of the adaptive mimic voter in the voting processing of 10MB to 320MB chunked transfer-encoded webpage resources is relatively low

indicating that its voting speed has been significantly improved. (3) The concurrency performance evaluation shows that the average of response time of the system applying the adaptive mimic voter under the request concurrency of 1000 to 5000 is lower than that of the traditional mimic voter

and the voting processing throughput is higher than that of the traditional mimic voter.(4)The evaluation of voting accuracy shows that the adaptive mimic voter based on the voting algorithm selects the strategy set is slightly weaker than the semantic feature algorithm and the AHP algorithm while far superior to the character similarity algorithm in the traditional mimic voter

which reveals that the adaptive mimic voter has an acceptable voting accuracy.

Conclusions: The design of the adaptive mimic voter effectively solves the problem of service performance degradation caused by the excessive occupation of memory resources in voting chunked transfer encoding data of persistent connection. The memory occupancy experiment shows the improvement effect of the adaptive mimic voter on this problem

and the voting accuracy evaluation experiment shows that the adaptive mimic voter can improve voting efficiency while maintaining acceptable voting accuracy.The experiments under different service pressures give the feasibility analysis of the adaptive mimic voter in general application scenarios with micro-benchmarks. Therefore

the adaptive mimic voter reduces resource overhead and improves voting efficiency with acceptable voting accuracy

which can effectively support the mimic transformation of applications that transmit data in persistent connections.

关键词

Keywords

references

邬江兴 . 网络空间拟态防御研究 [J ] . 信息安全学报 , 2016 , 1 ( 4 ): 1 - 10 .

WU J X . Research on cyber mimic defense [J ] . Journal of Cyber Security , 2016 , 1 ( 4 ): 1 - 10 .

吴铤 , 胡程楠 , 陈庆南 , 等 . 基于执行体划分的防御增强型动态异构冗余架构 [J ] . 通信学报 , 2021 , 42 ( 3 ): 122 - 134 .

WU T , HU C N , CHEN Q N , et al . Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition [J ] . Journal on Communications , 2021 , 42 ( 3 ): 122 - 134 .

MCALLISTER D F , SUN C , VOUK M A . Reliability of voting in fault-tolerant software systems for small output-spaces [J ] . IEEE Transactions on Reliability , 1990 , 39 ( 5 ): 524 - 534 .

JAMALI N , SAMMUT C . Majority voting:material classification by tactile sensing using surface texture [J ] . IEEE Transactions on Robotics , 2011 , 27 ( 3 ): 508 - 521 .

仝青 , 张铮 , 张为华 , 等 . 拟态防御 Web 服务器设计与实现 [J ] . 软件学报 , 2017 , 28 ( 4 ): 883 - 897 .

TONG Q , ZHANG Z , ZHANG W H , et al . Design and implementation of mimic defense Web server [J ] . Journal of Software , 2017 , 28 ( 4 ): 883 - 897 .

张文建 , 宋克 , 谭力波 , 等 . 面向拟态判决的可编程语义解析方法 [J ] . 通信学报 , 2020 , 41 ( 4 ): 62 - 69 .

ZHANG W J , SONG K , TAN L B , et al . Programmable semantic parsing approach for mimic arbitration [J ] . Journal on Communications , 2020 , 41 ( 4 ): 62 - 69 .

马博林 , 张铮 , 刘健雄 . 应用于动态异构Web服务器的相似度求解方法 [J ] . 计算机工程与设计 , 2018 , 39 ( 1 ): 282 - 287 .

MA B L , ZHANG Z , LIU J X . Similarity calculation method applied to dynamic heterogeneous Web server system [J ] . Computer Engineering and Design , 2018 , 39 ( 1 ): 282 - 287 .

QI C , WU J X , HU H C , et al . An intensive security architecture with multi-controller for SDN [C ] // Proceedings of 2016 IEEE Conference on Computer Communications Workshops . Piscataway:IEEE Press , 2016 : 401 - 402 .

欧阳城添 , 王曦 , 郑剑 . 自适应一致表决算法 [J ] . 计算机科学 , 2011 , 38 ( 7 ): 130 - 133 .

OUYANG C T , WANG X , ZHENG J . Adaptive consensus voting algorithm [J ] . Computer Science , 2011 , 38 ( 7 ): 130 - 133 .

HU H C , WU J X , WANG Z P , et al . Mimic defense:a designed-in cybersecurity defense framework [J ] . IET Information Security , 2018 , 12 ( 3 ): 226 - 237 .

陆以勤 , 黄俊贤 , 程喆 , 等 . 基于改进AHP-FCE模型的多指标拟态表决算法 [J ] . 北京邮电大学学报 , 2021 , 44 ( 2 ): 8 - 13 .

LU Y Q , HUANG J X , CHENG Z , et al . A multi-index mimic voting algorithm based on improved AHP-FCE model [J ] . Journal of Beijing University of Posts and Telecommunications , 2021 , 44 ( 2 ): 8 - 13 .

ZHOU D C , CHEN H C , CHENG G Z , et al . SecIngress:an API gateway framework to secure cloud applications based on N-variant system [J ] . China Communications , 2021 , 18 ( 8 ): 17 - 34 .

林森杰 , 刘勤让 , 王孝龙 . 面向拟态防御系统的竞赛式仲裁模型 [J ] . 计算机工程 , 2018 , 44 ( 4 ): 193 - 198 .

LIN S J , LIU Q R , WANG X L . Competitive arbitration model for mimic defense system [J ] . Computer Engineering , 2018 , 44 ( 4 ): 193 - 198 .

WANG Y W , WU J X , GUO Y F , et al . Scientific workflow execution system based on mimic defense in the cloud environment [J ] . Frontiers of Information Technology ＆ Electronic Engineering , 2018 , 19 ( 12 ): 1522 - 1536 .

THÖNES J . Microservices [J ] . IEEE Software , 2015 , 32 ( 1 ): 116 .

AKHSHABI S , NARAYANASWAMY S , BEGEN A C , et al . An experimental evaluation of rate-adaptive video players over HTTP [J ] . Signal Processing:Image Communication , 2012 , 27 ( 4 ): 271 - 287 .

王禛鹏 , 扈红超 , 程国振 . 一种基于拟态安全防御的 DNS 框架设计 [J ] . 电子学报 , 2017 , 45 ( 11 ): 2705 - 2714 .

WANG Z P , HU H C , CHENG G Z . A DNS architecture based on mimic security defense [J ] . Acta Electronica Sinica , 2017 , 45 ( 11 ): 2705 - 2714 .

张铮 , 马博林 , 邬江兴 . Web 服务器拟态防御原理验证系统测试与分析 [J ] . 信息安全学报 , 2017 , 2 ( 1 ): 13 - 28 .

ZHANG Z , MA B L , WU J X . The test and analysis of prototype of mimic defense in Web servers [J ] . Journal of Cyber Security , 2017 , 2 ( 1 ): 13 - 28 .

SCARF H E . Inventory theory [J ] . Operations Research , 2002 , 50 ( 1 ): 186 - 191 .

杨益民 , 付必胜 . 仓库容量有限条件下的生产销售存贮模型 [J ] . 系统工程 , 2001 , 19 ( 1 ): 18 - 23 .

YANG Y M , FU B S . The storage model about production and sale under the condition of limited-space storehouse [J ] . Systems Engineering , 2001 , 19 ( 1 ): 18 - 23 .

浏览量

233

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于深度学习的拟态裁决方法研究

拟态路由器BGP代理的设计实现与形式化验证

基于高阶异构度的执行体动态调度算法

拟态多执行体调度算法研究进展

基于执行体划分的防御增强型动态异构冗余架构