容器云中基于Stackelberg博弈的动态异构调度方法

doi:10.11959/j.issn.2096-109x.2021063

Abstract

Abstract:

Container technology promotes the rapid development of cloud computing with its flexible and efficient features, but it also introduces security threats such as co-resident attacks, escape attacks, and common mode attacks.In response to these security threats, a dynamic heterogeneous scheduling method based on Stackelberg game in the container cloud was proposed.First, a heterogeneous mirrored resource pool is constructed to suppress the spread of attacks based on common-mode vulnerabilities on the cloud.Then, the offensive and defense interaction process is modeled as a Stackelberg game model.Finally, the offensive and defensive model is analyzed, and the system scheduling problem is modeled as a mixed integer non-linear programming problem to solve the system's optimal scheduling strategy.Experiments show that the proposed method can improve the defense effect of the cloud platform and reduce the system defense overhead.

Key words: cloud security, container scheduling, Stackelberg game, moving target defense

Wei ZENG, Hongchao HU, Lingshu LI, Shumin HUO. Dynamic heterogeneous scheduling method based on Stackelberg game model in container cloud[J]. Chinese Journal of Network and Information Security, 2021, 7(3): 95-104.

Figures/Tables 9

References 31

[1]	JITHIN R , CHANDRAN P . Virtual machine isolation[C]// International Conference on Security in Computer Networks and Distributed Systems. 2014.
[2]	JIN H , LI Z , ZOU D ,et al. DSEOM:a framework for dynamic security evaluation and optimization of MTD in container-based cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2019,(99): 1-1.
[3]	CHOWDHARY A , . Adaptive MTD security using Markov game modeling[C]// 2019 International Conference on Computing,Networking and Communications (ICNC). 2019: 577-581.
[4]	WANG J W , ZHANG X L , LI Q ,et al. Network function virtualization technology:a survey[J]. Chinese Journal of Computers, 2019,42(2): 415-436.
[5]	LI S Y , LI Q , LI B . Research on isolation of container based on docker technology[J]. Computer engineering ＆ Software, 2015,(4): 110-113.
[6]	ABDELRAHEM O , BAHAA-ELDIN A M , TAHA A . Virtualization security:a survey[C]// International Conference on Computer Engineering ＆ Systems. 2016: 32-40.
[7]	ZHENG Z . Virtual machine security isolation and protection based on cloud platform[J]. China Computer ＆ Communication, 2018,417(23): 174-177.
[8]	AZAB M , . Toward smart moving target defense for Linux container resiliency[C]// 2016 IEEE 41st Conference on Local Computer Networks (LCN). 2016: 619-622.
[9]	HUANG R , . RELOCATE:a container based moving target defense approach[C]// Proceedings of The 7th International Conference on Computer Engineering and Networks — PoS(CENet2017). 2017:8.
[10]	SARKALE V V , RAD P , LEE W . Secure cloud container:runtime behavior monitoring using most privileged container (MPC)[C]// IEEE International Conference on Cyber Security ＆Cloud Computing. 2017: 351-356.
[11]	杨爽 . 基于改进遗传算法的动态虚拟机调度策略研究[D]. 哈尔滨:哈尔滨工程大学, 2019.
	YANG S . Research on dynamic virtual machine scheduling strategy based on improved genetic algorithm[D]. Harbin:Harbin Engineering University, 2019.
[12]	TONG K , LIMING W , ZHEN X ,et al. Design of a container-based security cloud computing platform[J]. e-Science Technology ＆ Application, 2017,8(1): 10-18.
[13]	蔡雨彤, 常晓林, 石禹 ,等. 动态平台技术防御攻击的瞬态效能量化分析[J]. 信息安全学报, 2019,(4): 59-67.
	CAI Y T , CHANG X L , SHI Y ,et al. Quantitative analysis of transient effectiveness of dynamic platform technology in defense against attacks[J]. Journal of Information Security, 2019,(4): 59-67.
[14]	ZHANG Y . Cost-effective migration-based dynamic platform defense technique:a CTMDP approach[J]. Peer-to-Peer Networking and Applications, 2021: 1-11.
[15]	SOUROUR D , . Platform moving target defense strategy based on trusted dynamic logical heterogeneity system[C]// Proceedings of the 2019 International Conference on Artificial Intelligence 1and Computer Science. 2019: 643-648.
[16]	CAI Z Y , XIE X L . An improved container cloud resource scheduling strategy[C]// Proceedings of the 2019 4th International Conference on Intelligent Information Processing. 2019: 383-387.
[17]	XIAO Z , JIANG J , ZHU Y ,et al. A solution of dynamic VMs placement problem for energy consumption optimization based on evolutionary game theory[J]. Journal of Systems ＆ Software, 2015,101(3): 260-272.
[18]	HASAN M G M M , RAHMAN M A . Protection by detection:a signaling game approach to mitigate co-resident attacks in cloud[C]// Proc IEEE 10th Int Conf Cloud Comput (CLOUD), 2017: 552-559.
[19]	LEI C , ZHANG H Q , WAN L M ,et al. Incomplete information Markov game theoretic approach to strategy generation for moving target defense[J]. Computer Communications, 2018,116(1): 184-199.
[20]	季新生, 徐水灵, 刘文彦 ,等. 一种面向安全的虚拟网络功能动态异构调度方法[J]. 电子与信息学报, 2019,41(10).
	JI X S , XU S L , LIU W Y ,et al. A security-oriented dynamic heterogeneous scheduling method of virtual network functions[J]. Journal of Electronics ＆ Information Technology, 2019,41(10).
[21]	HAN Y , CHAN J , ALPCAN T ,et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2017,14(1): 95-108.
[22]	ALNAIM A , ALWAKEEL A , FERNANDEZ E B . A misuse pattern for compromising VMs via virtual machine escape in NFV[C]// The 14th International Conference. 2019: 1-6.
[23]	WU J . An access control model for preventing virtual machine escape attack[J]. Future Internet, 2017,9(2): 20.
[24]	王禛鹏 . 拟态网络操作系统调度与裁决机制研究及实现[D]. 郑州：信息工程大学, 2017.
	WANG Z P . Research and implementation of mimic network operating system scheduling and adjudication mechanism[D]. Zhengzhou:Information Engineering University, 2017.
[25]	WU M GUAN H , ZANG B ,et al. POSTER:quantitative security assessment method based on entropy for moving target defense[J]. ACM SIGPLAN Notices, 2017,52(8): 457-458.
[26]	GARCIA M . Analysis of operating system diversity for intrusion tolerance[J]. Software-Practice and Experience, 2014,44(6): 735-770.
[27]	张杰鑫, 庞建民, 张铮 . 拟态构造的 Web 服务器异构性量化方法[J]. 软件学报, 2020(2): 564-577.
	ZHANG J X , PANG J M , ZHANG Z . Quantification method for heterogeneity on Web server with mimic construction[J]. Journal of Software, 2020(2): 564-577.
[28]	PARUCHURI P , PEARCE J P , TAMBLE M ,et al. An efficient heuristic approach for security against multiple adversaries[C]// Proc 6th Int Joint Conf Auton Agents Multiagent Syst. 2007: 1-8.
[29]	PARUCHURI P , PEARCE J P , MARECKI J ,et al. Playing games for security:An efficient exact algorithm for solving Bayesian Stackelberg games[C]// Proc 7th Int Joint Conf Auton Agents Multiagent Syst. 2008: 895-902.
[30]	PLADD:deterring attacks on cyber systems and moving target defense[P]. 2017.
[31]	IBM Ins. CPLEX optimization studio 12.10[EB]. 2019

Metrics

Recommended 0

No Suggested Reading articles found!

数学符号	含义
V	云资源池
T	系统调度周期
M	容器异构资源池大小
ω	容器的价值权重
D	云资源池的异构度
λ	容器调度概率
p	异构容器元特征
k	攻击者的组数
s	攻击者最大攻击能力

Dynamic heterogeneous scheduling method based on Stackelberg game model in container cloud

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 31

Related Articles 10

Metrics

Recommended 0

[1]	Weizhen HE, Fucai CHEN, Jie NIU, Jinglei TAN, Shumin HUO, Guozhen CHENG. Research progress on dynamic hopping technology for network layer [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 44-55.
[2]	Bin WANG, Liang CHEN, Yaguan QIAN, Yankai GUO, Qiqi SHAO, Jiamin WANG. Moving target defense against adversarial attacks [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 113-120.
[3]	Kang HE,Yuefei ZHU,Long LIU,Bin LU,Bin LIU. Improve the robustness of algorithm under adversarial environment by moving target defense [J]. Chinese Journal of Network and Information Security, 2020, 6(4): 67-76.
[4]	Jinglei TAN, Hongqi ZHANG, Cheng LEI, Xiaohu LIU, Shuo WANG. Research progress on moving target defense for SDN [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 1-12.
[5]	Yuyang ZHOU, Guang CHENG, Chunsheng GUO. Risk assessment method for network attack surface based on Bayesian attack graph [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 11-22.
[6]	Danjun LIU,Guilin CAI,Baosheng WANG. AMTD:a way of adaptive moving target defense [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 15-25.
[7]	Jiang-yong SHI,Yue-xiang YANG,Wen-hua LI,Sen WANG. Research on SDN-based cloud security application [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 10-25.
[8]	Zhen-ping LU,Fu-cai CHEN,Guo-zhen CHENG. Secure control plane for SDN using Bayesian Stackelberg games [J]. Chinese Journal of Network and Information Security, 2017, 3(11): 40-49.
[9]	Miao ZHANG,Xin-sheng JI,Jian-jian AI,Wen-yan LIU,Hong-chao HU,Shu-min HUO. Secure deployment strategy of virtual machines based on operating system diversity [J]. Chinese Journal of Network and Information Security, 2017, 3(10): 35-43.
[10]	Peng XU,Hai JIN. Research on the searchable encryption [J]. Chinese Journal of Network and Information Security, 2016, 2(10): 8-16.