网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (1): 46-56.doi: 10.11959/j.issn.2096-109x.2021005

• 专题Ⅰ:新型网络安全架构与应用 • 上一篇    下一篇

基于免疫算法的网络功能异构冗余部署方法

张青青, 汤红波, 游伟, 李英乐   

  1. 信息工程大学,河南 郑州 450002
  • 修回日期:2020-11-08 出版日期:2021-02-15 发布日期:2021-02-01
  • 作者简介:张青青(1995- ),女,河北张家口人,信息工程大学硕士生,主要研究方向为网络功能虚拟化和网络安全。
    汤红波(1968- ),男,湖北孝感人,信息工程大学教授、博士生导师,主要研究方向为移动通信网络和新型网络体系结构。
    游伟(1984- ),男,江西丰城人,信息工程大学助理研究员,主要研究方向为新一代移动通信系统、移动通信网安全。
    李英乐(1985- ),男,河北衡水人,信息工程大学副研究员,主要研究方向为移动通信网安全。
  • 基金资助:
    国家自然科学基金(61941114);国家自然科学基金(61521003);国家自然科学基金(61801515)

Network function heterogeneous redundancy deployment method based on immune algorithm

Qingqing ZHANG, Hongbo TANG, Wei YOU, Yingle LI   

  1. Information Engineering University, Zhengzhou 450002, China
  • Revised:2020-11-08 Online:2021-02-15 Published:2021-02-01
  • Supported by:
    The National Natural Science Foundation of China(61941114);The National Natural Science Foundation of China(61521003);The National Natural Science Foundation of China(61801515)

摘要:

针对现有安全防御手段无法抵御网络功能虚拟化平台中众多未知的漏洞与后门的问题。运用拟态防御思想,提出一种网络功能虚拟化的拟态防御架构,并针对其中的异构体池构建问题设计了一种基于免疫算法的网络功能异构冗余部署方法。首先,结合熵值法对异构体之间的异构度进行量化评估;然后,以实现异构体之间异构度最大为优化目标将网络功能异构冗余部署问题构建成极大极小问题;最后,基于免疫算法快速求解最优部署方案。仿真结果表明,该方法可以迅速收敛到最优部署方案,并保证异构体之间的异构度值整体分布在较高的水平,有效增加了异构体池的多样性,提升了攻击者的攻击难度。

关键词: 网络功能虚拟化, 拟态防御, 异构冗余, 免疫算法

Abstract:

Aiming at the problem that the existing security defense methods cannot resist many unknown vulnerabilities and backdoors in the network function virtualization platform, a mimic defense architecture for network function virtualization using mimic defense ideas was proposed, a heterogeneous redundant deployment method based on an immune algorithm for the construction of heterogeneous pools was proposed.Firstly, the degree of heterogeneity between heterogeneous entities was quantitatively evaluated in combination with the entropy value method, then the network function heterogeneous redundant deployment problem was constructed into a minimax problem with the optimization goal of maximizing the degree of heterogeneity between heterogeneous entities, and finally the immune algorithm was used to quickly solve the optimal deployment solution of network functions.Simulation results show that the proposed method can quickly converge to an optimal deployment scheme and ensure that the overall distribution of heterogeneity between heterogeneous bodies is at a high level, effectively increasing the diversity between heterogeneous bodies and improving the attacker's difficulty.

Key words: network function virtualization, mimic defense, heterogeneous redundancy, immune algorithm

中图分类号: 

No Suggested Reading articles found!