通信学报 ›› 2022, Vol. 43 ›› Issue (3): 233-245.doi: 10.11959/j.issn.1000-436x.2022055
• 学术通信 • 上一篇
贾洪勇1, 潘云飞1, 刘文贺1, 曾俊杰1, 张建辉2
修回日期:
2022-01-18
出版日期:
2022-03-25
发布日期:
2022-03-01
作者简介:
贾洪勇(1975- ),男,河南西平人,博士,郑州大学讲师,主要研究方向为云计算安全和拟态防御基金资助:
Hongyong JIA1, Yunfei PAN1, Wenhe LIU1, Junjie ZENG1, Jianhui ZHANG2
Revised:
2022-01-18
Online:
2022-03-25
Published:
2022-03-01
Supported by:
摘要:
针对当前动态异构冗余系统中异构体调度缺乏动态性和仅考虑二阶异构性,导致系统易被攻击者找到共模漏洞从而攻破系统的问题,提出了一种同时考虑执行体高阶异构度和历史信息的异构执行体动态调度算法——基于高阶异构度的负反馈调度算法。该算法首先计算等待池中执行体的高阶异构度矩阵,然后在每次调度执行体时同时考虑历史威胁和异构体间的高阶异构度来确定调度执行体集。实验表明,结合高阶异构度和历史信息的策略使算法获得了动态性和安全性的平衡,且防御能力较先前算法更优秀。
中图分类号:
贾洪勇, 潘云飞, 刘文贺, 曾俊杰, 张建辉. 基于高阶异构度的执行体动态调度算法[J]. 通信学报, 2022, 43(3): 233-245.
Hongyong JIA, Yunfei PAN, Wenhe LIU, Junjie ZENG, Jianhui ZHANG. Executive dynamic scheduling algorithm based on high-order heterogeneity[J]. Journal on Communications, 2022, 43(3): 233-245.
表8
随机攻击碰撞试验下执行体部分装载实验结果"
威胁个数 | FAWA | HFAWA | Random | FIFO | H2 |
20 | 0.950 8 | 1.000 0 | 0.806 4 | 0.753 8 | 0.900 7 |
30 | 0.774 1 | 0.835 5 | 0.649 8 | 0.670 2 | 0.735 0 |
40 | 0.599 2 | 0.776 5 | 0.555 4 | 0.588 1 | 0.600 8 |
50 | 0.601 4 | 0.639 7 | 0.408 5 | 0.404 2 | 0.420 7 |
60 | 0.432 6 | 0.566 2 | 0.417 2 | 0.395 2 | 0.299 1 |
70 | 0.528 5 | 0.498 4 | 0.363 4 | 0.386 1 | 0.270 4 |
80 | 0.476 9 | 0.489 2 | 0.275 7 | 0.301 8 | 0.389 5 |
90 | 0.442 7 | 0.401 0 | 0.234 2 | 0.249 6 | 0.311 0 |
100 | 0.376 5 | 0.399 0 | 0.269 7 | 0.262 4 | 0.349 8 |
110 | 0.343 0 | 0.346 9 | 0.205 4 | 0.220 9 | 0.235 6 |
120 | 0.294 0 | 0.306 7 | 0.225 5 | 0.196 9 | 0.141 5 |
130 | 0.314 1 | 0.276 0 | 0.191 8 | 0.146 4 | 0.177 4 |
140 | 0.278 7 | 0.314 9 | 0.191 5 | 0.184 1 | 0.164 1 |
150 | 0.260 6 | 0.268 0 | 0.176 3 | 0.152 0 | 0.186 6 |
250 | 0.152 3 | 0.166 7 | 0.104 0 | 0.128 5 | 0.072 0 |
500 | 0.084 4 | 0.092 7 | 0.054 7 | 0.055 0 | 0.074 3 |
750 | 0.058 9 | 0.062 4 | 0.031 0 | 0.043 2 | 0.033 3 |
1 000 | 0.042 1 | 0.041 9 | 0.022 0 | 0.027 8 | 0.040 8 |
表9
负反馈攻击碰撞试验下执行体部分装载实验结果"
威胁个数 | FAWA | HFAWA | Random | FIFO | H2 |
20 | 0.924 9 | 0.999 9 | 0.765 2 | 0.759 9 | 0.710 2 |
30 | 0.777 0 | 0.870 6 | 0.573 6 | 0.623 6 | 0.430 1 |
40 | 0.716 7 | 0.721 1 | 0.439 7 | 0.492 4 | 0.758 7 |
50 | 0.572 8 | 0.663 6 | 0.510 2 | 0.448 4 | 0.456 3 |
60 | 0.516 8 | 0.563 9 | 0.407 1 | 0.388 6 | 0.421 1 |
70 | 0.497 0 | 0.513 1 | 0.419 1 | 0.364 8 | 0.312 7 |
80 | 0.457 8 | 0.444 0 | 0.272 1 | 0.317 8 | 0.360 5 |
90 | 0.443 2 | 0.407 3 | 0.321 2 | 0.286 4 | 0.277 5 |
100 | 0.393 8 | 0.398 3 | 0.269 3 | 0.269 4 | 0.274 9 |
110 | 0.388 9 | 0.368 7 | 0.257 6 | 0.268 8 | 0.238 4 |
120 | 0.369 8 | 0.377 6 | 0.238 2 | 0.225 9 | 0.210 4 |
130 | 0.327 3 | 0.343 4 | 0.230 0 | 0.235 7 | 0.207 8 |
140 | 0.350 8 | 0.346 0 | 0.212 3 | 0.227 9 | 0.229 4 |
150 | 0.350 4 | 0.335 2 | 0.201 7 | 0.206 8 | 0.210 8 |
250 | 0.239 1 | 0.262 3 | 0.153 6 | 0.117 0 | 0.144 8 |
500 | 0.157 4 | 0.147 5 | 0.074 1 | 0.083 9 | 0.103 5 |
750 | 0.116 3 | 0.121 0 | 0.067 2 | 0.065 6 | 0.079 8 |
1 000 | 0.103 1 | 0.085 2 | 0.042 4 | 0.055 6 | 0.052 0 |
表10
随机攻击大数裁决下执行体部分装载实验结果"
威胁个数 | FAWA | HFAWA | Random | FIFO | H2 |
20 | 0.044 2 | 0 | 0.141 6 | 0.139 1 | 0.150 4 |
30 | 0.025 7 | 0 | 0.058 3 | 0.044 8 | 0.132 8 |
40 | 0 | 0 | 0.013 6 | 0.012 9 | 0.074 9 |
50 | 0.000 2 | 0 | 0.010 2 | 0.020 3 | 0 |
60 | 0 | 0 | 0.007 8 | 0.014 8 | 0.016 9 |
70 | 0 | 0 | 0.001 8 | 0.005 8 | 0.028 0 |
80 | 0 | 0 | 0.001 8 | 0.001 0 | 0 |
90 | 0 | 0 | 0.001 0 | 0.002 3 | 0 |
100 | 0 | 0 | 0.001 3 | 0.001 3 | 0 |
110 | 0 | 0 | 0.001 6 | 0.001 2 | 0 |
120 | 0 | 0 | 0.000 4 | 0.001 3 | 0 |
130 | 0 | 0 | 0.000 6 | 0.001 1 | 0 |
140 | 0 | 0 | 0.000 9 | 0.000 8 | 0 |
150 | 0 | 0 | 0.001 3 | 0.000 6 | 0 |
250 | 0 | 0 | 0.000 8 | 0.001 7 | 0 |
500 | 0 | 0 | 0.000 8 | 0.001 4 | 0.003 9 |
750 | 0 | 0 | 0.000 6 | 0.002 1 | 0.002 6 |
1 000 | 0 | 0 | 0.001 4 | 0.001 2 | 0.005 0 |
表11
负反馈攻击大数裁决下执行体部分装载实验结果"
威胁个数 | FAWA | HFAWA | Random | FIFO | H2 |
20 | 0.149 1 | 0 | 0.127 3 | 0.199 2 | 0.149 9 |
30 | 0.107 3 | 0 | 0.087 7 | 0.062 1 | 0.328 3 |
40 | 0 | 0 | 0.013 8 | 0.048 4 | 0 |
50 | 0 | 0 | 0.019 3 | 0.017 0 | 0 |
60 | 0 | 0 | 0.008 4 | 0.010 6 | 0 |
70 | 0 | 0 | 0.010 3 | 0.004 8 | 0 |
80 | 0 | 0 | 0.003 2 | 0.008 5 | 0 |
90 | 0 | 0 | 0.004 9 | 0.001 5 | 0 |
100 | 0 | 0 | 0.001 1 | 0.008 6 | 0 |
110 | 0 | 0 | 0.002 8 | 0.001 4 | 0 |
120 | 0 | 0 | 0.000 6 | 0.003 4 | 0 |
130 | 0 | 0 | 0.003 4 | 0.000 1 | 0 |
140 | 0 | 0 | 0.000 3 | 0.001 8 | 0 |
150 | 0 | 0 | 0.002 4 | 0.000 4 | 0 |
250 | 0 | 0 | 0.002 6 | 0 | 0 |
500 | 0 | 0 | 0.003 0 | 0 | 0 |
750 | 0 | 0 | 0.002 0 | 0 | 0 |
1 000 | 0 | 0 | 0.001 6 | 0 | 0.006 2 |
表13
算法时间消耗"
威胁个数 | FAWA/s | HFAWA/s | Random/s | FIFO/s | H2/s |
20 | 4.991 6 | 7.872 9 | 1.686 5 | 4.616 7 | 17.165 1 |
30 | 5.391 6 | 8.100 3 | 1.811 2 | 4.893 9 | 17.824 3 |
40 | 5.820 4 | 8.576 1 | 2.012 6 | 4.969 7 | 17.916 1 |
50 | 6.039 8 | 8.892 2 | 2.319 8 | 5.171 2 | 17.951 0 |
60 | 6.288 2 | 9.019 9 | 2.453 4 | 5.408 5 | 18.414 7 |
70 | 6.695 1 | 9.293 1 | 2.744 7 | 5.659 9 | 17.980 9 |
80 | 7.223 6 | 9.586 4 | 2.962 1 | 5.894 2 | 17.858 2 |
90 | 7.437 1 | 9.804 8 | 3.159 5 | 6.189 4 | 18.202 3 |
100 | 7.745 3 | 10.276 5 | 3.678 2 | 6.557 5 | 18.321 0 |
110 | 8.124 3 | 10.505 9 | 3.798 8 | 6.661 2 | 18.705 4 |
120 | 8.596 0 | 11.144 2 | 3.931 5 | 6.599 4 | 19.000 2 |
130 | 9.309 1 | 11.283 8 | 4.283 5 | 6.862 6 | 19.165 8 |
140 | 9.093 7 | 11.765 5 | 4.255 6 | 7.167 3 | 19.285 4 |
150 | 9.497 6 | 12.495 6 | 4.546 8 | 7.377 3 | 19.297 4 |
250 | 12.747 9 | 15.552 4 | 6.559 5 | 9.276 2 | 21.753 8 |
500 | 21.969 2 | 23.834 3 | 12.948 4 | 15.232 3 | 27.765 7 |
750 | 29.718 5 | 31.714 2 | 18.338 0 | 20.575 0 | 33.197 2 |
1 000 | 38.137 0 | 39.749 8 | 25.672 3 | 26.013 4 | 38.853 1 |
[1] | ZHENG J J , NAMIN A S . A survey on the moving target defense strategies:an architectural perspective[J]. Journal of Computer Science and Technology, 2019,34(1): 207-233. |
[2] | 石乐义, 郭宏彬, 温晓 ,等. 端信息跳扩混合的主动网络防御技术研究[J]. 通信学报, 2019,40(5): 125-135. |
SHI L Y , GUO H B , WEN X ,et al. Research on end hopping and spreading for active cyber defense[J]. Journal on Communications, 2019,40(5): 125-135. | |
[3] | 何永忠, 陈美玲 . 基于协议的拟态研究综述[J]. 北京交通大学学报, 2016,40(5): 1-8. |
HE Y Z , CHEN M L . Protocol mimicry technique and its development[J]. Journal of Beijing Jiaotong University, 2016,40(5): 1-8. | |
[4] | VANO-GARCIA F , MARCO-GISBERT H , . KASLR-MT:kernel address space layout randomization for multi-tenant cloud systems[J]. Journal of Parallel and Distributed Computing, 2020,137: 77-90. |
[5] | 马多贺, 李琼, 林东岱 . 基于POF的网络窃听攻击移动目标防御方法[J]. 通信学报, 2018,39(2): 73-87. |
MA D H , LI Q , LIN D D . Moving target defense against network eavesdropping attack using POF[J]. Journal on Communications, 2018,39(2): 73-87. | |
[6] | KRYLOV V , KRAVTSOV K . Principles of network security protocols based on dynamic address space randomization[J]. Journal of Communication and Computer, 2016,13(2): 77-89. |
[7] | FENSKE E , BROWN D , MARTIN J ,et al. Three years later:a study of MAC address randomization in mobile devices and when it succeeds[J]. Proceedings on Privacy Enhancing Technologies, 2021,2021(3): 164-181. |
[8] | 马博林, 张铮, 陈源 ,等. 基于指令集随机化的抗代码注入攻击方法[J]. 信息安全学报, 2020,5(4): 30-43. |
MA B L , ZHANG Z , CHEN Y ,et al. The defense method for code-injection attacks based on instruction set randomization[J]. Journal of Cyber Security, 2020,5(4): 30-43. | |
[9] | 郝志宇, 翟健宏, 云晓春 ,等. 动态路由模拟策略研究[J]. 通信学报, 2007,28(12): 19-24. |
HAO Z Y , ZHAI J H , YUN X C ,et al. Research on dynamic routing mechanism in network simulation[J]. Journal on Communications, 2007,28(12): 19-24. | |
[10] | 邬江兴 . 网络空间拟态安全防御[J]. 保密科学技术, 2014(10): 4-9,1. |
WU J X . Mimic security defense in cyberspace[J]. Secrecy Science and Technology, 2014(10): 4-9,1. | |
[11] | 姜远海 . 基于分离映射的网络层主动变迁技术研究[D]. 北京:北京交通大学, 2016. |
JIANG Y H . Research on active change technology of network layer based on separation mapping[D]. Beijing:Beijing Jiaotong University, 2016. | |
[12] | 宋克, 刘勤让, 魏帅 ,等. 基于拟态防御的以太网交换机内生安全体系结构[J]. 通信学报, 2020,41(5): 18-26. |
SONG K , LIU Q R , WEI S ,et al. Endogenous security architecture of Ethernet switch based on mimic defense[J]. Journal on Communications, 2020,41(5): 18-26. | |
[13] | 吴铤, 胡程楠, 陈庆南 ,等. 基于执行体划分的防御增强型动态异构冗余架构[J]. 通信学报, 2021,42(3): 122-134. |
WU T , HU C N , CHEN Q N ,et al. Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition[J]. Journal on Communications, 2021,42(3): 122-134. | |
[14] | 朱正彬, 刘勤让, 刘冬培 ,等. 拟态多执行体调度算法研究进展[J]. 通信学报, 2021,42(5): 179-190. |
ZHU Z B , LIU Q R , LIU D P ,et al. Research progress of mimic multi-execution scheduling algorithm[J]. Journal on Communications, 2021,42(5): 179-190. | |
[15] | 杨林, 王永杰, 张俊 . FAWA:一种异构执行体的负反馈动态调度算法[J]. 计算机科学, 2021,48(8): 284-290. |
YANG L , WANG Y J , ZHANG J . FAWA:a negative feedback dynamic scheduling algorithm for heterogeneous executor[J]. Computer Science, 2021,48(8): 284-290. | |
[16] | 武兆琪, 张帆, 郭威 ,等. 一种基于执行体异构度的拟态裁决优化方法[J]. 计算机工程, 2020,46(5): 12-18. |
WU Z Q , ZHANG F , GUO W ,et al. A mimic arbitration optimization method based on heterogeneous degree of executors[J]. Computer Engineering, 2020,46(5): 12-18. | |
[17] | 沈丛麒, 陈双喜, 吴春明 ,等. 基于信誉度与相异度的自适应拟态控制器研究[J]. 通信学报, 2018,39(S2): 173-180. |
SHEN C Q , CHEN S X , WU C M ,et al. Adaptive mimic defensive controller framework based on reputation and dissimilarity[J]. Journal on Communications, 2018,39(S2): 173-180. | |
[18] | 刘勤让, 林森杰, 顾泽宇 . 面向拟态安全防御的异构功能等价体调度算法[J]. 通信学报, 2018,39(7): 188-198. |
LIU Q R , LIN S J , GU Z Y . Heterogeneous redundancies scheduling algorithm for mimic security defense[J]. Journal on Communications, 2018,39(7): 188-198. | |
[19] | 魏帅, 张辉华, 苏野 ,等. 面向拟态防御系统的高阶异构度大数判决算法[J]. 计算机工程, 2021,47(5): 30-35. |
WEI S , ZHANG H H , SU Y ,et al. Majority voting algorithm based on high-order heterogeneity for mimic defense system[J]. Computer Engineering, 2021,47(5): 30-35. | |
[20] | 杨欣欣, 黄少滨 . 高阶异构数据层次联合聚类算法[J]. 计算机研究与发展, 2015,52(1): 200-210. |
YANG X X , HUANG S B . A hierarchical co-clustering algorithm for high-order heterogeneous data[J]. Journal of Computer Research and Development, 2015,52(1): 200-210. | |
[21] | 李超 . 高阶多数据集建模新方法与应用研究[D]. 哈尔滨:哈尔滨工程大学, 2017. |
LI C . Study on novel modeling methods and applications for multiple higher order datasets[D]. Harbin:Harbin Engineering University, 2017. | |
[22] | 黄少滨, 杨欣欣, 申林山 ,等. 高阶异构数据模糊联合聚类算法[J]. 通信学报, 2014,35(6): 15-24. |
HUANG S B , YANG X X , SHEN L S ,et al. Fuzzy co-clustering algorithm for high-order heterogeneous data[J]. Journal on Communications, 2014,35(6): 15-24. | |
[23] | 丁绍虎, 齐宁, 郭义伟 . 基于 M-FlipIt 博弈模型的拟态防御策略评估[J]. 通信学报, 2020,41(7): 186-194. |
DING S H , QI N , GUO Y W . Evaluation of mimic defense strategy based on M-FlipIt game model[J]. Journal on Communications, 2020,41(7): 186-194. | |
[24] | 蔡雨彤, 常晓林, 石禹 ,等. 动态平台技术防御攻击的瞬态效能量化分析[J]. 信息安全学报, 2019,4(4): 59-67. |
CAI Y T , CHANG X L , SHI Y ,et al. Analyzing transient effectiveness of dynamic platform technique in resisting attacks[J]. Journal of Cyber Security, 2019,4(4): 59-67. | |
[25] | 张兴明, 顾泽宇, 魏帅 ,等. 拟态防御马尔可夫博弈模型及防御策略选择[J]. 通信学报, 2018,39(10): 143-154. |
ZHANG X M , GU Z Y , WEI S ,et al. Markov game modeling of mimic defense and defense strategy determination[J]. Journal on Communications, 2018,39(10): 143-154. | |
[26] | 吴正江, 姚琪, 冯四风 ,等. 基于数据库二进制日志的竞赛式仲裁优化方案[J]. 计算机工程, 2021,47(5): 24-29. |
WU Z J , YAO Q , FENG S F ,et al. Optimization scheme of competitive arbitration based on binary database log[J]. Computer Engineering, 2021,47(5): 24-29. | |
[27] | 高振斌, 贾广瑞, 张文建 ,等. 基于异常值的拟态裁决优化方法[J]. 计算机应用研究, 2021,38(7): 2066-2071. |
GAO Z B , JIA G R , ZHANG W J ,et al. Mimic ruling optimization method based on executive outliers[J]. Application Research of Computers, 2021,38(7): 2066-2071. | |
[28] | CHOI J , GOH K I . Dynamics of consensus formation on multiplex networks:the majority-vote model[C]// APS March Meeting.Washington,D.C. :American Physical Society, 2018: 1-15. |
[1] | 张进, 葛强, 徐伟海, 江逸茗, 马海龙, 于洪涛. 拟态路由器BGP代理的设计实现与形式化验证[J]. 通信学报, 2023, 44(3): 33-44. |
[2] | 周大成, 陈鸿昶, 程国振, 何威振, 商珂, 扈红超. 面向持久性连接的自适应拟态表决器设计与实现[J]. 通信学报, 2022, 43(6): 71-84. |
[3] | 朱正彬, 刘勤让, 刘冬培, 王崇. 拟态多执行体调度算法研究进展[J]. 通信学报, 2021, 42(5): 179-190. |
[4] | 吴铤, 胡程楠, 陈庆南, 陈安邦, 郑秋华. 基于执行体划分的防御增强型动态异构冗余架构[J]. 通信学报, 2021, 42(3): 122-134. |
[5] | 潘传幸, 张铮, 马博林, 姚远, 季新生. 面向进程控制流劫持攻击的拟态防御方法[J]. 通信学报, 2021, 42(1): 37-47. |
[6] | 丁绍虎,齐宁,郭义伟. 基于M-FlipIt博弈模型的拟态防御策略评估[J]. 通信学报, 2020, 41(7): 186-194. |
[7] | 周清雷,班绍桓,韩英杰,冯峰. 针对物理访问控制的拟态防御认证方法[J]. 通信学报, 2020, 41(6): 80-87. |
[8] | 宋克,刘勤让,魏帅,张文建,谭力波. 基于拟态防御的以太网交换机内生安全体系结构[J]. 通信学报, 2020, 41(5): 18-26. |
[9] | 普黎明,刘树新,丁瑞浩,王凯. 面向拟态云服务的异构执行体调度算法[J]. 通信学报, 2020, 41(3): 17-24. |
[10] | 姚远,潘传幸,张铮,张高斐. 多样化软件系统量化评估方法[J]. 通信学报, 2020, 41(3): 120-125. |
[11] | 张兴明,顾泽宇,魏帅,沈剑良. 拟态防御马尔可夫博弈模型及防御策略选择[J]. 通信学报, 2018, 39(10): 143-154. |
[12] | 江金光,王耀南. 可调频率跨导电容Chebyshev滤波器的设计及仿真[J]. 通信学报, 2006, 27(6): 81-87. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|