摘要
面对静态、滞后的传统防御技术无法有效应对新型网络攻击的问题,根据拟态安全防御理论,提出了一种建立在数据转发层面的拟态服务功能链(mimic service function chain,MSFC)防御架构,基于该架构进一步提出了一种基于判决反馈的执行体动态调度方法。该方法以判决器反馈的异常执行体信息、执行体的异构度以及系统的实际负载量作为调度影响因素,使调度方法可以根据网络实际变化进行自适应调整。此外,该调度方法利用判决反馈对调度时间进行调整,以达到系统花费与安全性的最佳平衡,降低了系统的资源开销。仿真结果表明,该调度方法可以在平衡系统花费与安全性的基础上,选出更符合当前网络需求的高异构度执行体集合,从而提升系统的安全性及可靠性。
Faced with the problem that static and lagging traditional defense technologies cannot effectively deal with new network attacks,according to the theory of mimetic security defense,a defense architecture of mimic service function chain(MSFC)based on the data forwarding level was proposed,and an execution dynamic scheduling method based on the decision feedback was further proposed.The method took the abnormal executor information fed back by the decision maker,the heterogeneity of executors and the actual load of the system as the scheduling influencing factors,so that the scheduling method can be adjusted adaptively according to the actual changes of the network.In addition,the scheduling method used decision feedback to adjust the scheduling time,so as to achieve the best balance between system cost and security,and reduce the resource overhead of the system.Simulation results showed that the scheduling method can select a set of highly heterogeneous actuators that better meet the current network requirements on the basis of balancing the system cost and security,so as to improve the security and reliability of the system.
作者
李传煌
唐晶晶
陈泱婷
雷睿
陈超
王伟明
LI Chuanhuang;TANG Jingjing;CHEN Yangting;LEI Rui;CHEN Chao;WANG Weiming(School of Information and Electronic Engineering(Sussex Artificial Intelligence Institute),Zhejiang Gongshang University,Hangzhou 310018,China)
出处
《电信科学》
2022年第4期101-112,共12页
Telecommunications Science
基金
国家自然科学基金资助项目(No.61871468,No.62111540270)
浙江省新型网络标准与应用技术重点实验室资助项目(No.2013E10012)。
关键词
服务功能链
拟态防御
动态调度
执行体
异构度
service function chain
mimic defense
dynamic scheduling
executor
heterogeneous degree
