摘要
针对现有安全防御手段无法抵御网络功能虚拟化平台中众多未知的漏洞与后门的问题。运用拟态防御思想,提出一种网络功能虚拟化的拟态防御架构,并针对其中的异构体池构建问题设计了一种基于免疫算法的网络功能异构冗余部署方法。首先,结合熵值法对异构体之间的异构度进行量化评估;然后,以实现异构体之间异构度最大为优化目标将网络功能异构冗余部署问题构建成极大极小问题;最后,基于免疫算法快速求解最优部署方案。仿真结果表明,该方法可以迅速收敛到最优部署方案,并保证异构体之间的异构度值整体分布在较高的水平,有效增加了异构体池的多样性,提升了攻击者的攻击难度。
Aiming at the problem that the existing security defense methods cannot resist many unknown vulnerabilities and backdoors in the network function virtualization platform,a mimic defense architecture for network function virtualization using mimic defense ideas was proposed,a heterogeneous redundant deployment method based on an immune algorithm for the construction of heterogeneous pools was proposed.Firstly,the degree of heterogeneity between heterogeneous entities was quantitatively evaluated in combination with the entropy value method,then the network function heterogeneous redundant deployment problem was constructed into a minimax problem with the optimization goal of maximizing the degree of heterogeneity between heterogeneous entities,and finally the immune algorithm was used to quickly solve the optimal deployment solution of network functions.Simulation re-sults show that the proposed method can quickly converge to an optimal deployment scheme and ensure that the overall distribution of heterogeneity between heterogeneous bodies is at a high level,effectively increasing the diversity between heterogeneous bodies and improving the attacker's difficulty.
作者
张青青
汤红波
游伟
李英乐
ZHANG Qingqing;TANG Hongbo;YOU Wei;LI Yingle(Information Engineering University,Zhengzhou 450002,China)
出处
《网络与信息安全学报》
2021年第1期46-56,共11页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(61941114,61521003,61801515)。
关键词
网络功能虚拟化
拟态防御
异构冗余
免疫算法
network function virtualization
mimic defense
heterogeneous redundancy
immune algorithm
