电信科学 ›› 2020, Vol. 36 ›› Issue (5): 73-82.doi: 10.11959/j.issn.1000-0801.2020146

• 研究与开发 • 上一篇    下一篇

一种基于拟态防御的差异化反馈调度判决算法

高明(),罗锦,周慧颖,焦海,应丽莉   

  1. 浙江工商大学信息与电子工程学院,浙江 杭州310018
  • 修回日期:2020-04-26 出版日期:2020-05-20 发布日期:2020-05-18
  • 作者简介:高明(1979- ),男,博士,浙江工商大学信息与电子工程学院副教授、网络系主任,主要研究方向为新型网络体系架构及工业互联网|罗锦(1996- ),男,浙江工商大学信息与电子工程学院硕士生,主要研究方向为新型网络体系架构及工业互联网|周慧颖(1997- ),女,浙江工商大学信息与电子工程学院硕士生,主要研究方向为新型网络体系架构及工业互联网|焦海(1995- ),男,浙江工商大学信息与电子工程学院硕士生,主要研究方向为新型网络体系架构及工业互联网|应丽莉(1997- ),女,浙江工商大学信息与电子工程学院硕士生,主要研究方向为新型网络体系架构及工业互联网
  • 基金资助:
    国家重点研发计划基金资助项目(2017YFB0803202);国家自然科学基金资助项目(61871468);浙江省自然科学基金资助项目(LY18F010006);浙江省新型网络标准与应用技术重点实验室基金资助项目(2013E10012);浙江省重点研发计划基金资助项目(2019C01056);浙江省重点研发计划基金资助项目(2020C01079)

A differential feedback scheduling decision algorithm based on mimic defense

Ming GAO(),Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING   

  1. School of Information and Electronic Engineering,Zhejiang Gongshang University,Hangzhou 310018,China
  • Revised:2020-04-26 Online:2020-05-20 Published:2020-05-18
  • Supported by:
    The National Key Research and Development Program of China(2017YFB0803202);The Natural Science Foundation of China(61871468);Zhejiang Provincial Natural Science Foundation of China(LY18F010006);Zhejiang Provincial Key Laboratory of New Network Standards and Technologies (NNST)(2013E10012)

摘要:

面对服务路径的安全性问题,根据拟态防御理论里的基于动态异构冗余(dynamic heterogeneous redundancy,DHR)模型的服务功能链部署拟态防御体系架构,并结合服务路径部署的实际需求,提出了一种基于拟态防御的差异化反馈调度判决算法。首先依据调度算法中执行体集的异构度及安全防御系数,从执行体池中筛选出适合拟态防御场景的调度器,然后根据判决算法的可靠度系数及多数判决算法选出判决器,最后,对本文算法与普通的调度算法、判决算法进行仿真分析。仿真结果表明,本文算法可有效地提升系统的防御能力,保障服务路径配置的安全。

关键词: 拟态防御, 调度算法, 判决算法, 网络安全

Abstract:

Facing the security problem of the service path, according to the service function chain deployment mimic defense architecture based on dynamic heterogeneous redundancy (DHR) model in the mimic defense theory, and combined with the actual needs of the service path deployment, a differential feedback scheduling decision algorithm based on mimic defense was proposed. Firstly, according to the heterogeneity of the executive set in the scheduling algorithm and the security defense coefficient, the scheduler suitable for the mimic defense scenario was selected from the executive pool, and then the decider was selected according to the reliability coefficient of the decision algorithm and the majority decision algorithm. The proposed algorithm, common scheduling algorithm and decision algo rithm were simulated and analyzed. Simulation results show that the proposed algorithm can effectively improve the system’s defense capabilities and ensure the security of the service path configuration.

Key words: mimic defense, scheduling algorithm, decision algorithm, network security

中图分类号: 

No Suggested Reading articles found!