摘要
随着虚拟化技术的发展,同驻攻击成为窃取用户敏感信息的重要攻击手段。针对现有虚拟机动态迁移方法对同驻攻击反应的滞后性,在5G网络切片背景下,提出了一种基于安全威胁预测的虚拟网络功能迁移策略。首先,通过隐马尔可夫模型(HMM)对网络切片运行安全进行建模,利用多源异构数据信息对网络安全威胁进行威胁预测;然后,根据安全预测结果,采用相应的虚拟网络功能迁移策略迁移以使迁移开销最小。仿真实验结果表明:利用HMM能对安全威胁进行有效的预测,同时该迁移策略能够有效减少迁移开销与信息泄漏时间,具有较好的同驻攻击防御效果。
With the development of virtualization technology,co-resident attack becomes a common means to steal sensitive information from users.Aiming at the hysteresis of existing virtual machine dynamic migration method reacting to coresident attacks,a virtual network function migration strategy based on security threat prediction in the context of 5G network slicing was proposed.Firstly,network slicing operation security was modeled based on Hidden Markov Model(HMM),and the network security threats were predicted by multi-source heterogeneous data.Then according to the security prediction results,the migration cost was minimized by adopting the corresponding virtual network function migration strategy.Simulation experimental results show that the proposed strategy can effectively predict the security threats and effectively reduce the migration overhead and information leakage time by using HMM,which has a better defense effect against co-resident attack.
作者
何赞园
王凯
牛犇
游伟
汤红波
HE Zanyuan;WANG Kai;NIU Ben;YOU Wei;TANG Hongbo(National Digital Switching System Engineering and Technological R&D Center,Zhengzhou Henan 450002,China)
出处
《计算机应用》
CSCD
北大核心
2019年第2期446-452,共7页
journal of Computer Applications
基金
国家重点研发计划项目(2016YFB0801605)
国家自然科学基金创新研究群体项目(61521003)~~
关键词
网络切片
安全威胁
迁移
同驻攻击
network slicing
security threat
migration
co-resident attack
