基于演化博弈的NFV拟态防御架构动态调度策略

doi:10.19678/j.issn.1000-3428.0061282

摘要/Abstract

摘要： 构建网络功能虚拟化（NFV）拟态防御架构能够打破防御滞后于攻击的攻防不对等格局，其中动态调度策略是关键实现技术。然而，现有拟态防御架构中的动态调度策略大多根据执行体自身固有的特点进行调度，没有进一步利用裁决机制对异常执行体的定位感知能力做优化调整。通过引入演化博弈理论，设计一种新的NFV拟态防御架构动态调度策略。在NFV拟态防御架构中增加一个分析器，用于对历史裁决信息进行分析研究。根据分析器中得到的反馈信息，从攻防双方的有限理性出发构建多状态动态调度演化博弈模型，并采用复制动态方程求解该博弈模型的演化均衡策略，利用李雅普诺夫间接法对均衡策略进行稳定性分析，提出基于演化博弈的动态调度策略选取算法。仿真结果表明，该策略能够利用裁决机制对异常执行体的定位感知能力，通过深入分析研究和不断调整优化选择具有适应性和针对性的调度策略，有效提升系统的安全收益和防御效能。

关键词: 网络功能虚拟化, 拟态防御, 动态调度, 演化博弈, 裁决机制

Abstract: Constructing a Network Functions Virtualization(NFV) mimic defense architecture can break the unequal pattern of attack and defense with defense lagging behind attack, where the key implementation technology is the dynamic scheduling strategy.However, most dynamic scheduling strategies in the existing mimic defense architecture schedule according to the inherent characteristics of the executor, and do not further use the adjudication mechanism to optimize and adjust the location perception ability of the abnormal executor.To address this problem, this paper proposes a new dynamic scheduling strategy for the NFV mimic defense architecture by introducing evolutionary game theory.First, an analyzer is added to the NFV mimic defense architecture to analyze and research historical arbitration information.Second, based on the feedback information obtained from the analyzer, a multi-state dynamic scheduling evolutionary game model is built based on the bounded rationality of both offense and defense, using the replication dynamic equation to solve the evolutionary equilibrium strategy, and Lyapunov's indirect method to analyze the stability of the equilibrium strategy.Finally, an optimal dynamic scheduling strategy selection algorithm, based on evolutionary game theory, is proposed.The simulation results show that the method proposed in this paper can effectively use the arbitration mechanism ability to locate and perceive abnormal executive bodies.Through in-depth analysis and continuous optimization, an adaptive and targeted scheduling strategy is selected to further enhance the security benefits and defense effectiveness of the system.

Key words: Network Functions Virtualization(NFV), mimic defense, dynamic scheduling, evolutionary game, arbitration mechanism

中图分类号:

TP309

张青青, 汤红波, 游伟, 普黎明. 基于演化博弈的NFV拟态防御架构动态调度策略[J]. 计算机工程, 2022, 48(4): 30-38,49.

ZHANG Qingqing, TANG Hongbo, YOU Wei, PU Liming. Dynamic Scheduling Strategy of NFV Mimic Defense Architecture Based on Evolutionary Game[J]. Computer Engineering, 2022, 48(4): 30-38,49.

http://www.ecice06.com/CN/Y2022/V48/I4/30

图/表 14

20230114134055

20230114134059

20230114134103

20230114134108

20230114134112

20230114134115

20230114134120

20230114134126

20230114134130

20230114134135

20230114134139

20230114134143

20230114134151

20230114134155

参考文献

[1] ETSI.Network Functions Virtualization(NFV):architectural framework[EB/OL].(2014-12-01)[2021-03-24].https://www.etsi.org/technologies/nfv.
[2] FIROOZJAEI M D, JEONG J P, KO H, et al.Security challenges with network functions virtualization[J].Future Generation Computer Systems, 2016, 67(2):315-324.
[3] 邬江兴.网络空间拟态防御研究[J].信息安全学报, 2016, 1(4):1-10. WU J X.Research on cyber mimic defense[J].Journal of Cyber Security, 2016, 1(4):1-10.(in Chinese)
[4] 沈丛麒, 陈双喜, 吴春明.基于信誉度与相异度的自适应拟态控制器研究[J].通信学报, 2018, 39(z2):173-180. SHEN C Q, CHEN S X, WU C M.Adaptive mimic defensive controller framework based on reputation and dissimilarity[J].Journal on Communications, 2018, 39(z2):173-180.(in Chinese)
[5] 顾泽宇, 张兴明, 林森杰.基于安全策略的负载感知动态调度机制[J].计算机应用, 2017, 37(11):3304-3310. GU Z Y, ZHANG X M, LIN S J.Load-aware dynamic scheduling mechanism based on security strategies[J].Journal of Computer Applications, 2017, 37(11):3304-3310.(in Chinese)
[6] 刘勤让, 林森杰, 顾泽宇.面向拟态安全防御的异构功能等价体调度算法[J].通信学报, 2018, 39(7):192-202. LIU Q R, LIN S J, GU Z Y.Heterogeneous redundancies scheduling algorithm for mimic security defense[J].Journal on Communications, 2018, 39(7):192-202.(in Chinese)
[7] 普黎明, 刘树新, 丁瑞浩, 等.面向拟态云服务的异构执行体调度算法[J].通信学报, 2020, 41(3):17-24. PU L M, LIU S X, DING R H, et al.Heterogeneous executor scheduling algorithm for mimic cloud service[J].Journal on Communications, 2020, 41(3):17-24.(in Chinese)
[8] 盖伟麟, 辛丹, 王璐, 等.态势感知中的数据融合和决策方法综述[J].计算机工程, 2014, 40(5):21-25, 30. GAI W L, XIN D, WANG L, et al.Overview of data fusion and decision-making methods in situational awareness[J].Computer Engineering, 2014, 40(5):21-25, 30.(in Chinese)
[9] FRIEDMAN D.Evolutionary game in economics[J].Econometrica, 1991, 59(3):637-666.
[10] 黄健明, 张恒巍.基于随机演化博弈模型的网络防御策略选取方法[J].电子学报, 2018, 46(9):2222-2228. HUANG J M, ZHANG H W.A method for selecting defense strategies based on stochastic evolutionary game model[J].Acta Electronica Sinica, 2018, 46(9):2222-2228.(in Chinese)
[11] 李鹤飞, 黄新力, 郑正奇.基于软件定义网络的DDoS攻击检测方法及其应用[J].计算机工程, 2016, 42(2):118-123. LI H F, HUANG X L, ZHENG Z Q.DDoS attack detection method based on software-defined network and its application[J].Computer Engineering, 2016, 42(2):118-123.(in Chinese)
[12] 姜伟, 方滨兴, 田志宏, 等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报, 2009, 32(4):817-827. JIANG W, FANG B X, TIAN Z H, et al.Evaluating network security and optimal active defense based on attack-defense game model[J].Chinese Journal of Computers, 2009, 32(4):817-827.(in Chinese)
[13] 海梅生, 伊鹏, 江逸茗.基于服务质量与资源约束的服务链部署策略[J].计算机工程, 2019, 45(3):54-59. HAI M S, YI P, JIANG Y M.Service chain deployment strategy based on service quality and resource constraints[J].Computer Engineering, 2019, 45(3):54-59.(in Chinese)
[14] TAYLOR P D, JONKER L B.Evolutionarily stable strategies and game dynamics[J].Mathematical Biosciences, 1978, 40(1/2):145-156.
[15] SMITH J M, PRICE G R.The logic of animal conflict[J].Nature, 1973, 246(5427):15-18.
[16] ZAK S H.Systems and control[M].Oxford, USA:Oxford University Press, 2003.
[17] National Vulnerability Database.Common vulnerabilities and exposures[EB/OL].[2020-12-03].https://nvd.nist.gov.
[18] OU X, SINGHAL A.The common vulnerability scoring system(CVSS)[EB/OL].[2020-12-03].http://forms.first.org/cvss/cvss_basic-2.0.pdf.
[19] 高妮, 高岭, 贺毅岳, 等.基于贝叶斯攻击图的动态安全风险评估模型[J].四川大学学报(工程科学版), 2016, 48(1):111-118. GAO N, GAO L, HE Y Y, et al.Dynamic security risk assessment model based on Bayesian attack graph[J].Journal of Sichuan University (Engineering Science Edition), 2016, 48(1):111-118.(in Chinese)
[20] 姜伟, 方滨兴, 田志宏, 等.基于攻防随机博弈模型的防御策略选取研究[J].计算机研究与发展, 2010, 47(10):1714-1723. JIANG W, FANG B X, TIAN Z H, et al.Research on defense strategies selection based on attack-defense stochastic game model[J].Journal of Computer Research and Development, 2010, 47(10):1714-1723.(in Chinese)
[21] 邬江兴, 李军飞, 张帆, 等.一种异构功能等价体调度装置及方法:CN106161417A[P].2016-11-23. WU J X, LI J F, ZHANG F, et al.A heterogeneous redundancies scheduling equipment and method:CN106161417A[P].2016-11-23.
[22] 王晓梅, 杨文晗, 张维, 等.基于BSG的拟态Web服务器调度策略研究[J].通信学报, 2018, 39(z2):112-120. WANG X M, YANG W H, ZHANG W, et al.Research on scheduling strategy of mimic Web server based on BSG[J].Journal on Communications, 2018, 39(z2):112-120.(in Chinese)

选择文件类型/文献管理软件名称

选择包含的内容