摘要
针对容器弱隔离的特性易使其遭受同驻攻击和逃逸攻击等问题,提出了一种基于信号博弈的异构容器动态调度策略选取方法。首先,对容器异构程度进行量化,结合多维度指标计算得到异构度集合,精确计算攻防收益提供必要参数;其次,考虑攻击者对容器信息获取程度不断变化,设计攻击者对容器信息获取程度的动态集合,构建多阶段不完全信息信号博弈模型;最后,提出了一种异构容器动态调度策略选取算法,多阶段求解最优动态调度策略。实验结果表明:与SmartSCR方法相比,动态轮换平均开销降低了47.3%,防御者平均收益提升了14.2%,与Stackelberg方法相比,动态轮换平均开销基本持平,防御者平均收益提升了65.73%。
Aiming at the problem that the weak isolation characteristic of containers easily makes them suffer from co-resident and escape attacks,a dynamic scheduling strategy selection method for heterogeneous containers based on signaling game was proposed.Firstly,the degree of container heterogeneity was quantified,and the set of heterogeneity was calculated by combining multi-dimensional indicators to provide the necessary parameters for accurate calculation of attack and defense benefits.Then,considering the constant change of the attacker′s access degree to the container information,a dynamic set of the attacker′s access degree to the container information was designed,and a multi-stage incomplete information signaling game model was constructed on this basis.Finally,an algorithm of dynamic scheduling strategy selection for heterogeneous containers was proposed to solve the optimization problem of multi-stage dynamic scheduling strategy.The experimental results showed that compared with the SmartSCR method,the average dynamic rotation overhead was reduced by 47.3% and the average gain of the defender was improved by 14.2%,and compared with the Stackelberg method,the average gain of the defender was improved by 65.73% while the average overhead of the dynamic rotation was basically the same.
作者
扈红超
李明阳
杨晓晗
HU Hongchao;LI Mingyang;YANG Xiaohan(Zhongyuan Network Security Research Institute,Zhengzhou University,Zhengzhou 450001,China;School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450001,China;Information Technology Research Institute,University of Information Engineering,Zhengzhou 450001,China)
出处
《郑州大学学报(工学版)》
CAS
北大核心
2024年第5期103-110,共8页
Journal of Zhengzhou University(Engineering Science)
基金
国家自然科学基金资助项目(62072467)
国家重点研发计划(2021YFB1006200,2021YFB1006201)。
关键词
容器安全
信号博弈
移动目标防御
容器调度
容器异构
container security
signaling game
moving target defense
container scheduling
container heterogeneity