通信学报 ›› 2020, Vol. 41 ›› Issue (4): 102-113.doi: 10.11959/j.issn.1000-436x.2020063

• 学术论文 • 上一篇    下一篇

基于风险感知的关键虚拟网络功能动态迁移方法

丁绍虎,谢记超(),张鹏,普黎明,谷允捷   

  1. 信息工程大学信息技术研究所,河南 郑州 450002
  • 修回日期:2020-03-03 出版日期:2020-04-25 发布日期:2020-04-30
  • 作者简介:丁绍虎(1979- ),男,北京人,信息工程大学博士生,主要研究方向为网络安全、新型网络体系结构|谢记超(1993- ),男,河南周口人,信息工程大学实习研究员,主要研究方向为网络安全、网络功能虚拟化|张鹏(1982- ),男,河南郑州人,信息工程大学副研究员,主要研究方向为网络安全|普黎明(1976- ),男,云南崇明人,信息工程大学副研究员,主要研究方向为网络安全、网络体系结构|谷允捷(1994- ),男,山东济宁人,信息工程大学工程师,主要研究方向为网络功能虚拟化
  • 基金资助:
    国家自然科学基金资助项目(61802429);国家自然科学基金资助项目(61872382);国家自然科学基金资助项目(61521003);国家重点研发计划基金资助项目(2017YFB0803201);国家重点研发计划基金资助项目(2017YFB0803204)

Dynamic migration method of key virtual network function based on risk awareness

Shaohu DING,Jichao XIE(),Peng ZHANG,Liming PU,Yunjie GU   

  1. Institute of Information Technology,Information Engineering University,Zhengzhou 450002,China
  • Revised:2020-03-03 Online:2020-04-25 Published:2020-04-30
  • Supported by:
    The National Natural Science Foundation of China(61802429);The National Natural Science Foundation of China(61872382);The National Natural Science Foundation of China(61521003);The National Key Research and Development Program of China(2017YFB0803201);The National Key Research and Development Program of China(2017YFB0803204)

摘要:

针对传统动态迁移方法在应对侧信道攻击问题时存在迁移节点多、迁移频率高、迁移后服务功能链路径过长的问题,提出了一种基于风险感知的关键虚拟网络功能动态迁移方法。所提方法仅对含隐私信息的关键虚拟网络功能进行迁移,以减少迁移节点数量;结合侧信道攻击检测系统,对遭受攻击的关键虚拟网络功能执行触发式迁移,同时依据侧信道信息泄露模型对关键虚拟网络功能进行定期式迁移;采用基于逼近理想解排序的多属性节点排序方法选择迁移目的服务器,以避免迁移后路径过长。实验结果表明,所提方法在达到相同的侧信道攻击防御性能的情况下,具有更低的节点迁移数量与迁移频率,同时有效避免了迁移后服务功能链路径过长问题。

关键词: 服务功能链, 虚拟网络功能, 侧信道攻击, 动态迁移, 多属性节点排序

Abstract:

Aiming at the problems that traditional dynamic migration methods have many migration nodes,high migration frequency,and long service function chain (SFC) link path after migration when dealing with side channel attack,a dynamic migration method of critical virtual network function (VNF) based on risk awareness was proposed.In order to reduce the number of migrated nodes,only the key VNF with private information was migrated.Combined with the side channel attack detection system,the triggering migration was performed on the critical VNF which were under attack,and the key VNF was also periodically migrated according to the side channel information leakage model.Finally,a multi-attribute node sorting method base on the technique for order preference by similarity to ideal solution was used to select the migration destination server to avoid the path being too long after migration.Experiments show that the proposed method has a lower number of migration nodes and migration frequency when achieving the same side channel attack defense performance,and effectively avoids the problem that the SFC path is too long after migration.

Key words: service function chain, virtual network function, side-channel attack, dynamic migration, multi-attribute node sorting

中图分类号: 

No Suggested Reading articles found!