[1]扈红超,李明阳,杨晓晗.基于信号博弈的异构容器动态调度策略选取方法[J].郑州大学学报(工学版),2024,45(05):103-110.[doi:10.13705/j.issn.1671-6833.2024.05.010]
 HU Hongchao,LI Mingyang,YANG Xiaohan.Dynamic Scheduling Strategy Selection Method for HeterogeneousContainers Based on Signaling Game[J].Journal of Zhengzhou University (Engineering Science),2024,45(05):103-110.[doi:10.13705/j.issn.1671-6833.2024.05.010]
点击复制

基于信号博弈的异构容器动态调度策略选取方法()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
45
期数:
2024年05期
页码:
103-110
栏目:
出版日期:
2024-08-08

文章信息/Info

Title:
Dynamic Scheduling Strategy Selection Method for HeterogeneousContainers Based on Signaling Game
文章编号:
1671-6833(2024)05-0103-08
作者:
扈红超1 李明阳2 杨晓晗3
1. 郑州大学 中原网络安全研究院,河南 郑州 450001;2. 郑州大学 网络空间安全学院,河南 郑州 450001;3. 信息工程大学 信息技术研究所,河南 郑州 450001
Author(s):
HU Hongchao1 LI Mingyang2 YANG Xiaohan3
1. Zhongyuan Network Security Research Institute, Zhengzhou University, Zhengzhou 450001,China; 2. School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450001,China; 3. Information Technology Research Institute, University of Information Engineering, Zhengzhou 450001, China
关键词:
容器安全 信号博弈 移动目标防御 容器调度 容器异构
Keywords:
container security signaling game moving target defense container scheduling container heterogeneity
分类号:
TP301TP309
DOI:
10.13705/j.issn.1671-6833.2024.05.010
文献标志码:
A
摘要:
针对容器弱隔离的特性易使其遭受同驻攻击和逃逸攻击等问题,提出了一种基于信号博弈的异构容器动态调度策略选取方法。 首先,对容器异构程度进行量化,结合多维度指标计算得到异构度集合,精确计算攻防收益提供必要参数;其次,考虑攻击者对容器信息获取程度不断变化,设计攻击者对容器信息获取程度的动态集合,构建多阶段不完全信息信号博弈模型;最后,提出了一种异构容器动态调度策略选取算法,多阶段求解最优动态调度策略。 实验结果表明:与 SmartSCR 方法相比,动态轮换平均开销降低了 47. 3%,防御者平均收益提升了 14. 2%,与Stackelberg 方法相比,动态轮换平均开销基本持平,防御者平均收益提升了 65. 73%。
Abstract:
Aiming at the problem that the weak isolation characteristic of containers easily makes them suffer fromco-resident and escape attacks, a dynamic scheduling strategy selection method for heterogeneous containers basedon signaling game was proposed. Firstly, the degree of container heterogeneity was quantified, and the set of heterogeneity was calculated by combining multi-dimensional indicators to provide the necessary parameters for accuratecalculation of attack and defense benefits. Then, considering the constant change of the attacker′s access degree tothe container information, a dynamic set of the attacker′s access degree to the container information was designed,and a multi-stage incomplete information signaling game model was constructed on this basis. Finally, an algorithmof dynamic scheduling strategy selection for heterogeneous containers was proposed to solve the optimization problemof multi-stage dynamic scheduling strategy. The experimental results showed that compared with the SmartSCRmethod, the average dynamic rotation overhead was reduced by 47. 3% and the average gain of the defender wasimproved by 14. 2%, and compared with the Stackelberg method, the average gain of the defender was improved by65. 73% while the average overhead of the dynamic rotation was basically the same.

参考文献/References:

[1] HAN S H, LEE H K, LEE S T, et al. Container imageaccess control architecture to protect applications [ J ] .IEEE Access, 2012, 8: 162012-162021.

[2] GAO X, STEENKAMER B, GU Z S, et al. A study onthe security implications of information leakages in container clouds[ J] . IEEE Transactions on Dependable andSecure Computing, 2021, 18(1) : 174-191.
[3] LIM S Y, STELEA B, HAN X Y, et al. Securenamespaced kernel audit for containers[ C]∥Proceedingsof the ACM Symposium on Cloud Computing. New York:ACM, 2021: 518-532.
[4] ABED A S, AZAB M, CLANCY C, et al. Resilient intrusion detection system for cloud containers[ J] . International Journal of Communication Networks and DistributedSystems, 2020, 24(1) : 1-22.
[5] HYDER M F, AHMED W, AHMED M. Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud-based moving target defense[ J] . Concurrency and Computation: Practice andExperience, 2023, 35(5) : e7549.
[6] 张帅, 郭云飞, 孙鹏浩, 等. 云原生下基于深度强化学习的移动目标防御策略优化方案[ J] . 电子与信息学报, 2023, 45(2) : 608-616.
ZHANG S, GUO Y F, SUN P H, et al. Moving target defense strategy optimization scheme for cloud native environment based on deep reinforcement learning [ J ] .Journal of Electronics & Information Technology, 2023,45(2) : 608-616.
[7] 黄万伟, 袁博, 王苏南, 等. 基于非零和信号博弈的主动防御模型 [ J] . 郑 州 大 学 学 报 ( 工 学 版) , 2022,43(1) : 90-96.
HUANG W W, YUAN B, WANG S N, et al. Proactivedefense model based on non-zero-sum signal game [ J] .Journal of Zhengzhou University ( Engineering Science) ,2022, 43(1) : 90-96.
[8] WANG Y W, GUO Y F, GUO Z H, et al. CLOSURE: acloud scientific workflow scheduling algorithm based onattack-defense game model[ J] . Future Generation Computer Systems, 2020, 111: 460-474.
[9] 李凌书, 邬江兴, 曾威, 等. 容器云中基于信号博弈的容器迁移与蜜罐部署策略[ J] . 网络与信息安全学报, 2022, 8(3) : 87-96.
LI L S, WU J X, ZENG W, et al. Strategy of containermigration and honeypot deployment based on signal gamein cloud environment [ J ] . Chinese Journal of Networkand Information Security, 2022, 8(3) : 87-96.
[10] 曾威, 扈红超, 李凌书, 等. 容器云中基于 Stackelberg博弈的动态异构调度方法[ J] . 网络与信息安全学报,2021, 7(3) : 95-104.
ZENG W, HU H C, LI L S, et al. Dynamic heterogeneous scheduling method based on Stackelberg game modelin container cloud [ J] . Chinese Journal of Network andInformation Security, 2021, 7(3) : 95-104.
[11] SULTAN S, AHMAD I, DIMITRIOU T. Container security: issues, challenges, and the road ahead [ J] . IEEEAccess, 2019, 7: 52976-52996.
[12] 张恒巍, 余定坤, 韩继红, 等. 基于攻防信号博弈模型的防御策略选取方法[J]. 通信学报, 2016, 37(5): 51-61.
ZHANG H W, YU D K, HAN J H, et al. Defense policies selection method based on attack-defense signalinggame model[ J] . Journal on Communications, 2016, 37(5) : 51-61.
[13] 刘道清, 扈红超, 霍树民. 基于移动目标防御信号博弈的容器迁移策略[ J] . 计算机应用研究, 2023, 40(3) : 890-897.
LIU D Q, HU H C, HUO S M. Container migration strategy based on moving target defense signaling game[J]. Application Research of Computers, 2023, 40(3): 890-897.
[14] LEI C, ZHANG H Q, WAN L M, et al. Incomplete information Markov game theoretic approach to strategy generation for moving target defense[ J] . Computer Communications, 2018, 116: 184-199.

更新日期/Last Update: 2024-09-02