CN109871682A - The execution body unified control method of isomery virtual machine platform - Google Patents
The execution body unified control method of isomery virtual machine platform Download PDFInfo
- Publication number
- CN109871682A CN109871682A CN201811556497.XA CN201811556497A CN109871682A CN 109871682 A CN109871682 A CN 109871682A CN 201811556497 A CN201811556497 A CN 201811556497A CN 109871682 A CN109871682 A CN 109871682A
- Authority
- CN
- China
- Prior art keywords
- execution body
- isomery
- execution
- layer
- local
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Organic Low-Molecular-Weight Compounds And Preparation Thereof (AREA)
Abstract
The invention discloses a kind of execution body unified control methods of isomery virtual machine platform, the present invention comprehensively considers in terms of local isomery degree and global isomery degree two, based on etc. between functions isomers with the insignificant premise of probability of identical loophole, in the considering of local isomery degree, using class manhatton distance as point of penetration, the optimal solution with the local replacement that standardized precisely is defined;In the considering of global isomery degree, using comentropy as point of penetration, solve the problems, such as that locally optimal solution can not get both with globally optimal solution.Entire method preferentially meets the maximization of local isomery, secondly considers the maximization of global isomery, fundamentally improves the defence capability of mimicry system of defense.
Description
Technical field
The invention belongs to network security mimicry defense technique fields, are related to a kind of execution decorum one of isomery virtual machine platform
Control method.
Background technique
In the primary structure of mimicry defence, dynamic heterogeneous redundancy scheme is its essential core concept.It is one
Kind has probabilistic preventing mechanism, it has isomerism, and (two execution body structure compositions of function equivalence are not identical, this
Otherness can guarantee similarly attack will not make two execution bodies simultaneously while fail), the redundancy (isomerism parallel of working set
The diversification for executing body executes the quantity for the execution body that body running is concentrated by increasing isomery, can be obviously improved threat perception
Accuracy rate) and dynamic (work that rotation is externally presented under different moments executes body, the execution body of functions such as utilizes for just
The noninductive intellectual often requested with for exception request can not and effect property, realize the differentiation of request be isolated, to reach actively
The purpose of defence) etc. outstanding and effective feature, can fight probabilistic security threat, improve attacker for specific mesh
Target intrusion scene changes Prevention-Security easy to attack but hard to defend to improve the stability of whole system and resist the ability of attack
Awkward situation.
Mimicry defence is in structure mainly by proxy plug-ins unit (the dynamic replication distribution of input message, unauthorized business
The identification of message, filtering and threaten perception, subnet isolation), (sense of internal system function execution body exception of multimode voting unit
Know, export the consistency and correctness of result), (management isomery executes in body pond and its function subpool to be executed dynamic dispatching unit
The operation of body), isomery executes the body pond isomery of different meta functions (execute body units) and perception decision package (agency under the overall leadership is slotting
Part, multimode voting, isomery execute the units such as body pond, dynamic dispatching) this few part composition.The execution decorum of isomery virtual machine platform
One control method is defined in perception decision package, is implemented in dynamic dispatching unit, is essential in mimicry defence and to Guan Chong
The a part wanted.It mainly determines how execution body should control, and the validity of definition and the accuracy of execution are to entire quasi-
The system stability of state system of defense suffers from inseparable contact with safety.
Current mimicry system of defense is based primarily upon confidence level and is uniformly controlled come the execution body to isomery virtual machine platform,
Do not consider to be newly added during control executes influence of the body for system part and overall robustness, can not accomplish from root
Reinforce the Initiative Defense ability of mimicry system in sheet.It is therefore proposed that a kind of novel execution body control algolithm have and important show
Sincere justice.
Summary of the invention
The purpose of the present invention is the scheduling problems for isomery virtual machine in mimicry system of defense, and it is virtual to provide a kind of isomery
The execution body unified control method of machine platform, to further strengthen the reliability and safety of mimicry system of defense.
The purpose of the present invention is achieved through the following technical solutions: a kind of execution decorum one of isomery virtual machine platform
Control method, this method comprise the concrete steps that:
(1) in a execution body being currently running of M (M≤N) in N number of execution body, definition quantifies i-th obtained execution
Body eiIt is in the value of the confidence of moment tIn review time point tc, by comparing the value of the confidence of the M execution body being currently runningObtain the smallest execution body e of the value of the confidencem, the execution body for whole system stability with
Safety has biggish threat, which is replaced with the higher execution body of isomery degree, helps to improve the Shandong of system
Stick;
If signi() (i=1,2,3,4) represents the isomery discriminant function from virtual machine layer to application layer, for sentencing
It Zhi Hang not body ejWith execution body ekIn i-th layer of whether local isomery, is defined as:
As a result, in order to select the execution body part isomery degree maximum execution body minimum with current the value of the confidence, definition is held
Row body ej(1≤j≤N) and ekLocal isomery degree discriminant function h between (1≤k≤N)lo(ej, ek) are as follows:
Find the minimum execution body e of current time confidence levelm, solve optimization object functionDue to most
Excellent solution is not exclusive, therefore usesIndicate the set that optimal solution is constituted;
(2) when satisfaction can maximize the disaggregation of local isomerism abilityWhen being acquired, it is therefore desirable to be able to further receive
Contracting solution space, the global robustness of strengthen the system;If executing the collection that body is constituted is combined into S, the execution body being currently running is constituted
Collection be combined into Ecur;For all by being currently not carried out and belonging to local isomery degree maximum setIn execution body constituted
SetEach of the set is executed into body eiIt is added separately to remove confidence level
Minimum execution body emIn the execution body set being carrying out later, the new execution body set being carrying out is formedThat is:
Calculate the global isomery degree for the execution body set being carrying outChoosing can make after being added
Global isomery degreeMaximum execution body ei, by execution body execution body e minimum to confidence levelmIt is replaced;
Body e is executed for usingiThe updated execution body set being currently runningJth layer, comentropy determines
Justice are as follows:
Wherein, n is representedDifferent scheme type number in jth layer, xk(1≤k≤n) represents kth kind side
Case, p (xk) indicate in certain layer of operational version xkExecution body account for it is all execute bodies ratios;
For the set for executing body and being constituted currently running after replacementCount jth (j=1,2,3,4) layer
Distribution situation, and function is calculated according to entropy and calculates this layer of entropyIt can thus be concluded that for setIt is complete
Office's isomery degree is that each layer entropy calculates the sum of function, as follows for the majorized function of optimization aim building:
s.t.ei∈Enon。
(3) it sets and meets the disaggregation of the above majorized function and be combined into Ω, if | Ω |=1, the only element is most in set
Solution eventually;If | Ω | > 1, using element any one in the set as last solution, by last solution execution body e the smallest to confidence levelm
Replace (offline execution body em, online last solution executes body) and it can be completed and enable to the strongest execution body tune of system stability
Degree.
(4) the set E for executing body and constituting being currently running is updatedcur, in case the execution body of next review time point
Replacement operation.
It is existing lack the effective of mimicry system of defense and targetedly execute body dispatching algorithm in the case where, side of the present invention
Method has the advantage that in the upper offline replacement link for executing body, joined purpose and guided bone, is not proposing high-cost feelings
Under condition, the Initiative Defense ability of system is fundamentally improved.
Detailed description of the invention
Fig. 1 is present system model schematic.
Fig. 2 is the work flow diagram of the embodiment of the present invention.
Specific embodiment
The present invention is described in further details below in conjunction with the attached drawing embodiment that develops simultaneously.
As shown in Figure 1, this example definition works in dynamic dispatching unit in perception decision package, body pond is executed in isomery
In share following execution body:
Have in current time operation and executes body e1, e2, e3, e4, e5, e6, candidate, which executes to have in body pond, executes body e7, e8, e9,
e10, e11, e12。
As shown in Fig. 2, this example is realized especially by following steps:
Step 1: inputing result 0,1,2,0,0,0 by mistake according to the execution body being currently running each in a period of time, further count
These confidence levels for executing body are calculated, obtain executing body e3With minimum confidence level, threat degree highest.It is different according to part
Structure degree calculation formula show that the maximum collection of the local isomery of satisfaction is combined into { e8, e12, the local isomery degree of element in the set
It is 3, i.e. execution each layered scheme of body is all different, and has the attainable maximum local isomery degree of institute.Step 2 is brought into the set,
Calculate the execution body with global maximum.
Step 2: the collection that the execution body being currently running is constituted is combined into Ecur={ e1, e2, e3, e4, e5, e6, it will execute
Body e3Respectively with local disaggregationIn each element replace to obtain
It calculates separatelyThe entropy of each layer, obtains
It obtains
It calculates separatelyThe entropy of each layer, obtains
It obtainsThus obtaining disaggregation is { e12}。
Step 3: since the radix of disaggregation is 1, only comprising executing body e12, thus, selection e12As new execution
Body, the minimum execution body e of replacement confidence level3That is the defence capability of maximizing system.
Step 4: updating EcurFor { e1, e2, e4, e5, e6, e12}。
The above is one embodiment of the present of invention, and the present invention is not limited by above-described embodiment, can be by skill of the invention
Art scheme determines specific implementation method in conjunction with practical application scene.
Claims (1)
1. a kind of execution body unified control method of isomery virtual machine platform, which is characterized in that this method comprises the concrete steps that:
(1) in a execution body being currently running of M (M≤N) in N number of execution body, definition quantifies i-th obtained of execution body ei
It is in the value of the confidence of moment tIn review time point tc, by comparing the value of the confidence of the M execution body being currently runningObtain the smallest execution body e of the value of the confidencem;
If signi() (i=1,2,3,4) represents the isomery discriminant function from virtual machine layer to application layer, holds for differentiating
Row body ejWith execution body ekIn i-th layer of whether local isomery, is defined as:
Definition executes body ej(1≤j≤N) and ekLocal isomery degree discriminant function h between (1≤k≤N)lo(ej, ek) are as follows:
Find the minimum execution body e of current time confidence levelm, solve optimization object functionTo obtain with
The smallest execution body e of current the value of the confidencemThe local maximum execution body of isomery degree;Since optimal solution is not exclusive, useTable
Show the set that optimal solution is constituted.
(2) it sets the collection that execution body is constituted and is combined into S, the collection that the execution body being currently running is constituted is combined into Ecur;For all by working as
Before be not carried out and belong to local isomery degree maximum setIn the set that is constituted of execution bodyEach of the set is executed into body eiIt is added separately to remove confidence level most
Low execution body emIn the execution body set being carrying out later, the new execution body set being carrying out is formedThat is:
Calculate the global isomery degree for the execution body set being carrying outThe overall situation can be made after being added by choosing
Isomery degreeMaximum execution body ei, by execution body execution body e minimum to confidence levelmIt is replaced;
Body e is executed for usingiThe updated execution body set being currently runningJth layer, comentropy is defined as:
Wherein, n is representedDifferent scheme type number in jth layer, xk(1≤k≤n) represents kth kind scheme, p
(xk) indicate in certain layer of operational version xkExecution body account for it is all execute bodies ratios;
For the set for executing body and being constituted currently running after replacementCount the distribution of jth (j=1,2,3,4) layer
Situation, and function is calculated according to entropy and calculates this layer of entropyIt can thus be concluded that for setThe overall situation it is different
Structure degree is that each layer entropy calculates the sum of function, as follows for the majorized function of optimization aim building:
s.t.ei∈Enon。
(3) it sets and meets the disaggregation of the above majorized function and be combined into Ω, if | Ω |=1, the only element is last solution in set;
If | Ω | > 1, using element any one in the set as last solution, by last solution execution body e the smallest to confidence levelmReplacement,
It can be completed and enable to the strongest execution body scheduling of system stability.
(4) the set E for executing body and constituting being currently running is updatedcur, in case the execution body of next review time point is replaced
Operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811556497.XA CN109871682B (en) | 2018-12-19 | 2018-12-19 | Execution unified control method of heterogeneous virtual machine platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811556497.XA CN109871682B (en) | 2018-12-19 | 2018-12-19 | Execution unified control method of heterogeneous virtual machine platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109871682A true CN109871682A (en) | 2019-06-11 |
| CN109871682B CN109871682B (en) | 2020-12-22 |
Family
ID=66917155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811556497.XA Active CN109871682B (en) | 2018-12-19 | 2018-12-19 | Execution unified control method of heterogeneous virtual machine platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109871682B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110581845A (en) * | 2019-08-21 | 2019-12-17 | 浙江大学 | quantitative characterization method for potential threat degree of mimicry controller executive body |
| CN111783079A (en) * | 2020-06-04 | 2020-10-16 | 河南信大网御科技有限公司 | Mimicry defense device, mimicry defense method and mimicry defense framework |
| CN112035838A (en) * | 2020-07-30 | 2020-12-04 | 中国人民解放军战略支援部队信息工程大学 | Conditional probability voting method and device based on execution body isomerism |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105843670A (en) * | 2016-03-22 | 2016-08-10 | 浙江大学 | Cloud platform based virtual cluster deployment and integration method |
| CN106095569A (en) * | 2016-06-01 | 2016-11-09 | 中山大学 | A kind of cloud workflow engine scheduling of resource based on SLA and control method |
| CN106533958A (en) * | 2016-12-05 | 2017-03-22 | 国网浙江省电力公司杭州供电公司 | Data consistency check method of heterogeneous system of cross-network isolation device |
| US20180053001A1 (en) * | 2016-08-16 | 2018-02-22 | International Business Machines Corporation | Security fix of a container in a virtual machine environment |
| CN107748693A (en) * | 2017-11-30 | 2018-03-02 | 成都启力慧源科技有限公司 | Group's virtual machine scheduling policy under cloud computing environment |
-
2018
- 2018-12-19 CN CN201811556497.XA patent/CN109871682B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105843670A (en) * | 2016-03-22 | 2016-08-10 | 浙江大学 | Cloud platform based virtual cluster deployment and integration method |
| CN106095569A (en) * | 2016-06-01 | 2016-11-09 | 中山大学 | A kind of cloud workflow engine scheduling of resource based on SLA and control method |
| US20180053001A1 (en) * | 2016-08-16 | 2018-02-22 | International Business Machines Corporation | Security fix of a container in a virtual machine environment |
| CN106533958A (en) * | 2016-12-05 | 2017-03-22 | 国网浙江省电力公司杭州供电公司 | Data consistency check method of heterogeneous system of cross-network isolation device |
| CN107748693A (en) * | 2017-11-30 | 2018-03-02 | 成都启力慧源科技有限公司 | Group's virtual machine scheduling policy under cloud computing environment |
Non-Patent Citations (4)
| Title |
|---|
| SHANGGUANG WANG等: "Particl Swarm Opitimzation for Energy-Aware Virtual Machine Placement Optimization in Virtualized Data Centers", 《2013 INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED SYSTEM》 * |
| 凌云等: "面向异构集群系统的动态负载均衡技术研究", 《计算机工程与设计》 * |
| 赵玉艳等: "一种虚拟机监控器的时间片动态调整机制", 《计算机工程》 * |
| 鲍威等: "考虑观测冗余度最大的0-1线性规划电力系统PMU最优配置", 《电网技术》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110581845A (en) * | 2019-08-21 | 2019-12-17 | 浙江大学 | quantitative characterization method for potential threat degree of mimicry controller executive body |
| CN111783079A (en) * | 2020-06-04 | 2020-10-16 | 河南信大网御科技有限公司 | Mimicry defense device, mimicry defense method and mimicry defense framework |
| CN111783079B (en) * | 2020-06-04 | 2022-07-26 | 河南信大网御科技有限公司 | Mimicry defense device, mimicry defense method and mimicry defense framework |
| CN112035838A (en) * | 2020-07-30 | 2020-12-04 | 中国人民解放军战略支援部队信息工程大学 | Conditional probability voting method and device based on execution body isomerism |
| CN112035838B (en) * | 2020-07-30 | 2022-11-18 | 中国人民解放军战略支援部队信息工程大学 | Conditional probability voting method and device based on execution body isomerism |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109871682B (en) | 2020-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109871682A (en) | The execution body unified control method of isomery virtual machine platform | |
| Zhou et al. | Pirate: A blockchain-based secure framework of distributed machine learning in 5g networks | |
| CN106209482A (en) | A kind of data center monitoring method and system | |
| CN103618652A (en) | Audit and depth analysis system and audit and depth analysis method of business data | |
| Wang et al. | A stable matching-based virtual machine allocation mechanism for cloud data centers | |
| CN103149839B (en) | Operational control method for electrical equipment based on Kuhn-Munkres algorithm | |
| Wang et al. | Heterogeneity-aware gradient coding for straggler tolerance | |
| Jia et al. | SE-chain: a scalable storage and efficient retrieval model for blockchain | |
| CN103095598A (en) | Monitoring data aggregate method under large-scale cluster environment | |
| Sotiriadis et al. | Advancing inter-cloud resource discovery based on past service experiences of transient resource clustering | |
| CN104778528A (en) | Method and system for obtaining smart city evaluation indexes by utilizing big data | |
| CN105471893B (en) | A kind of distributed equivalent data flow connection method | |
| CN109818951A (en) | A kind of function equivalence executes body credibility evaluation method and device | |
| CN102185311A (en) | Method for constructing distributed dynamic power flow computing system for energy management of electric power system | |
| CN114090376A (en) | Service processing method and device based on alliance chain system | |
| CN108776814A (en) | A kind of Electric Power Communication Data resource parallelization clustering method | |
| Lin et al. | A binary particle swarm optimization for the minimum weight dominating set problem | |
| US20160253391A1 (en) | Data communication in a distributed data grid | |
| Wang et al. | Construction of Audit Internal Control Intelligent System Based on Blockchain and Cloud Storage | |
| Lim et al. | An intelligent residual resource monitoring scheme in cloud computing environments | |
| CN206193922U (en) | Data management platform system | |
| CN204887019U (en) | E -Government system network architecture | |
| CN104917767A (en) | Family business access control method based on RBAC (Role-based Access Control) model | |
| CN104333591A (en) | Distributed semantic service discovery method of cyber-physical system | |
| CN108491167A (en) | A kind of quick random distribution storage method of industrial process floor data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |