摘要
随着科技的发展,互联网已成为人类生活中不可或缺的一部分,而网络安全也显得尤为重要。为了保障网络安全,动态安全服务功能链编排是其中一个重要的研究方向。但是,现在对于动态安全服务功能链的网络资源映射和编排算法的研究主要集中在某一种网络资源,研究方向多以优化某个网络资源和降低网络服务延迟为主要目标,忽略了网络整体资源分配的均衡性。本文构建物理网络模型和安全服务功能链模型,在满足用户需求的情况下,同时考虑物理网络节点计算资源和链路带宽资源,目标是取得最好的网络资源均衡分配。根据强化Q学习算法,提出新的链路编排奖励方式,引入贪婪策略避免陷入局部最优,选取一个典型物理网络模型和不同个数的安全服务功能链,多次迭代得到安全服务功能链的最优编排路径。仿真结果表明,提出的安全服务功能链的最优编排与模拟退火算法相比在编排响应时间上减少了38.5%,在资源分配均衡度上提升了2.1%;与遗传算法相比在编排响应时间上减少了96.5%,在资源分配均衡度上提升了2.9%。
With the development of technology,Internet is becoming an indispensable part of human life and network security is becoming particularly important.To ensure network security,the orchestration of dynamic security service function chains is an important research direction.However,current research on network resource mapping and orchestration algorithms for dynamic security service function chains mainly focuses on a specific type of network resource,with the main goal of optimizing a certain network resource and reducing network service latency.They overlook the balance of overall resource allocation in the network.We construct a physical network model and a security service function chain model.Considering both physical network node computing resources and link bandwidth resources while meeting user needs,the goal is to achieve the best-balanced allocation of network resources.Based on the reinforcement Q-learning algorithm,a new link arrangement reward method is proposed,and a greedy strategy is introduced to avoid falling into local optima.A typical physical network model and different numbers of security service function chains that needs to be arranged are selected and the optimal arrangement path of the security service function chain is obtained through multiple iterations.The simulation results show that the optimal arrangement of the proposed security service function chain reduces the arrangement response time by 38.5%and improves the resource allocation balance by 2.1%compared to the simulated annealing algorithm.Compared with a genetic algorithm,it reduces the response time of orchestration by 96.5%and improves the balance of resource allocation by 2.9%.
作者
刘行
郭靓
王正琦
韦小刚
徐雪菲
刘京
LIU Xing;GUO Liang;WANG Zhengqi;WEI Xiaogang;XU Xuefei;LIU Jing(NARI Group Corporation(State Grid Electric Power Research Institute),Nanjing 210000,China;Nanjing NARI Information&Communication Technology Co.,Ltd.,Nanjing 210000,China;State Grid Shandong Electric Power Institute,Jinan 250003,China)
出处
《计算机与现代化》
2024年第11期34-40,共7页
Computer and Modernization
基金
国家电网有限公司科技项目(5400-202258435A-2-0-ZN)
国家自然科学基金资助项目(62201274)。
关键词
网络安全
安全服务功能链
Q学习
贪婪策略
资源分配
network security
security service function chain
Q-learning
greedy strategy
resource allocation
