CN111314337A - Mimicry scheduling method based on credibility and credibility coefficient - Google Patents
Mimicry scheduling method based on credibility and credibility coefficient Download PDFInfo
- Publication number
- CN111314337A CN111314337A CN202010086908.4A CN202010086908A CN111314337A CN 111314337 A CN111314337 A CN 111314337A CN 202010086908 A CN202010086908 A CN 202010086908A CN 111314337 A CN111314337 A CN 111314337A
- Authority
- CN
- China
- Prior art keywords
- credibility
- current
- executive
- executors
- equal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Abstract
The invention provides a mimicry scheduling method based on credibility and credibility coefficients, and relates to the field of computer networks. The method comprises the following steps: selecting n execution bodies with the highest credibility coefficients from an execution body mirror image warehouse, and endowing a credibility; collecting an output result of each online executive body; comparing the output results of all the online executors, and updating the credibility of each online executer under the three conditions that the output results of all the online executors are equal to the output results of other executors, the output results of most other executors are equal to the output results of other executors, and the output results of most other executors are not equal to the output results of other executors; judging the executive bodies needing to be cleaned according to the credibility and the credibility coefficient of the on-line executive bodies; and (4) taking the executive body to be cleaned off line and updating the credibility coefficient of the executive body. And selecting the executive body with the highest credibility coefficient from the executive body mirror image library again and putting the executive body on line. In addition, a cleaning action is triggered periodically to prevent the N-mode from escaping.
Description
Technical Field
The invention relates to the field of computer networks, in particular to a mimicry scheduling method based on credibility and credibility coefficients.
Background
In the mimicry defense technology, one important mechanism is a dynamic heterogeneous redundancy structure, which comprises an input agent, an output agent, a functionally equivalent heterogeneous executive body set, a multi-mode arbitration, a negative feedback controller and other components and functional compositions, and by introducing various security technologies such as diversity, dynamics, randomness and the like, the aim is to greatly improve the attack cost and the vulnerability utilization cost by deploying and operating uncertain and randomly dynamic networks, platforms, systems, devices and even components or constructions. However, due to the complexity of the system structure and the unpredictability of the attack behavior, a certain escape probability still exists in the heterogeneous redundant structure when the heterogeneous redundant structure faces differential mode, N-1 mode and N mode attacks, and hidden dangers brought by the attacks can be eliminated completely by cleaning for many times, so that how to effectively reduce the escape probability and the escape time of the heterogeneous redundant structure is a key difficulty of the dynamic heterogeneous redundant structure.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a mimicry scheduling method based on credibility and credibility coefficients.
The purpose of the invention is realized by the following technical scheme: a mimicry scheduling method based on credibility and credibility coefficients specifically comprises the following steps:
(1) when the mimicry scheduling system is started, selecting n execution bodies with the highest credibility coefficients from an execution body warehouse to obtain n online execution bodies, setting the initial credibility of each online execution body to be V', and then setting the current time T1.
(2) Acquiring output results of n online executors which are respectively R1, R2.. Rn;
(3) and traversing the output result of each online executive body, comparing the output result of the current executive body with the output results of other executive bodies in sequence until the output results of all the executive bodies are compared with the output results of other executive bodies, and updating the reliability of the current executive body to be the current reliability according to the comparison result.
(4) Traversing the current credibility of all the online executives, and judging whether the result of the executives is to be cleaned;
(5) and acquiring a result of the arbitration, and cleaning and offline the executive if the executive is to be cleaned.
(6) And selecting the execution body upper line with the highest credibility coefficient and the same number as the lower line from the execution body warehouse again, and setting the credibility of the execution body upper line as V ', wherein V ' is larger than V '.
Further, step 3 comprises the following substeps:
(3.1) traversing the output result of each online executive;
(3.2) comparing the output result of the current executive body with the output results of other executive bodies in sequence: and if the number of other executors which are the same as the output result of the current executer is equal to n-1, setting the confidence level of the current executer as V'. If the number of other executors which are the same as the output result of the current executor is greater than or equal to (n-1)/2, subtracting D (D is greater than or equal to 1 and less than V ') from the reliability of the current executor, and if the value obtained by subtracting D from the reliability of the current executor is greater than V ', setting the reliability of the current executor as V '; and if the value obtained by subtracting D from the current execution body reliability is less than or equal to V', setting the current execution body reliability as the value obtained by subtracting D. If the number of the execution bodies with the same output result as the current execution body is less than (n-1)/2, subtracting V 'from the reliability of the current execution body, and if the value obtained by subtracting V' from the reliability of the current execution body is greater than V ', setting the reliability of the current execution body as V'; and if the value obtained by subtracting V ' from the current execution body reliability is less than or equal to V ', setting the current execution body reliability as the value obtained by subtracting V '.
(3.3) comparing the output results of all the executives with the output results of other executives in sequence by the method of step 3.2, and respectively updating the credibility of each executor as V1, V2.
Further, the step 4 comprises the following substeps:
(4.1) traversing the current credibility of all online executives, if the current credibility of any one online executives is less than or equal to 0, then the executives are attacked, and the executives needing to be cleaned are judged according to the following modes:
if the credibility of only one executive body is less than or equal to 0, the executive body is the executive body needing to be cleaned; if the credibility of 2 or more executives is less than or equal to 0, the executor with the minimum credibility is the executor needing to be cleaned; if the credibility of 2 or more executors is less than or equal to 0 and the credibility of the executors with the minimum credibility is 2 or more, the executors with the minimum credibility are the executors needing cleaning; if the credibility of 2 or more executables is less than or equal to 0, and the executables with the minimum credibility are 2 or more and the credibility coefficients are all equal, randomly selecting one executant as the executant needing to be cleaned;
(4.2) if the credibility of all executors is V ' or not V ' but is greater than 0, acquiring that the current time is T2, comparing the current time T2 with the recorded time T1, and if the difference is less than a threshold T ', cleaning the executors is not needed; otherwise, judging the executive bodies needing to be cleaned according to the following modes: if the number of the executors with the lowest credibility coefficient is 1, the executors are the executors needing cleaning; and if a plurality of executives with the smallest confidence coefficients exist, randomly selecting one of the executives as the one needing to be cleaned.
Compared with the prior art, the invention has the following beneficial effects:
1. the weight is used as the basis of state representation and cleaning action, so that the implementation difficulty is reduced, and the software and hardware implementation cost is low (historical data is not required to be backed up);
2. introducing three levels of environment confidence coefficients, 0, V', V "; the addition and subtraction strategy can ensure that the new online executive can survive for at least one detection period, and the detection period accords with safer common knowledge that the new online executive is not exposed on an attack surface;
3. introducing an executive trust coefficient, and recording the historical expression state of the executive trust coefficient while depicting the design integrity of the executive trust coefficient; the cleaning switching of the execution bodies accords with the closed loop feedback principle of the system by differentiated weight distribution, blindness caused by random switching is avoided, the risk of endless loop is reduced, and the maximum delay tailing required by traversing all the execution bodies is reduced;
4. a dynamic updating mechanism of the trust coefficient of an executive body is introduced, so that an operating system with a high trust coefficient can be basically ensured to play a role in a consistent way and always the last cleaned object;
5. the escape probability of the system can be given according to a similarity measurement tool, the escape time can be specifically quantized into the number of times of executing body switching, and the N-1 mode attack only needs to be cleaned twice; the N-mode attack only needs 3 times of cleaning to avoid escaping.
Drawings
FIG. 1 is a pseudo-scheduling architecture of the pseudo-scheduling system of the present invention;
FIG. 2 is a flow chart of a pseudo scheduling method according to the present invention.
Detailed Description
The technical solution of the present invention is further explained with reference to the accompanying drawings.
Referring to fig. 1-2, in the proposed scheduling method based on credibility and credibility coefficient, each executive in the executive warehouse is assigned two parameters: confidence level and confidence coefficient. These two parameters are described in detail below:
credibility is divided into three grades: initial confidence, normal confidence, and purge confidence. The execution entity trust may be toggled between these three levels, updating the trust of the execution entity when it comes online or arbitrates for execution entity output results. The initial credibility is the level of the execution body when the execution body is just online, the normal credibility is the level of the execution body when the execution body is detected not to be attacked, and the cleaning credibility is the level of the execution body when the execution body is possibly attacked.
The credibility coefficient is between 0 and 1, and when the mimicry scheduling system is just on line, the initial credibility coefficient is distributed to the executive bodies according to the original attributes of the executive bodies, such as cleaning cost, isomerization degree among the executive bodies and the like. The credibility coefficient can be dynamically updated according to the judgment result in the system operation.
The mimicry scheduling method specifically comprises the following steps:
(1) when the mimicry scheduling system is started, selecting n execution bodies with the highest credibility coefficients from an execution body warehouse to obtain n online execution bodies, and setting the initial credibility of each online execution body as V'. The current time T1 is then set for subsequent use as a reference time to determine whether a periodic cleaning action is triggered.
(2) Acquiring output results of n online executors which are respectively R1, R2.. Rn;
(3) and traversing the output result of each online executive body, comparing the output result of the current executive body with the output results of other executive bodies in sequence until the output results of all the executive bodies are compared with the output results of other executive bodies, and updating the reliability of the current executive body to be the current reliability according to the comparison result. The main purpose of this step is to identify the executant that may be attacked, and specifically includes the following sub-steps:
(3.1) traversing the output result of each online executive;
(3.2) comparing the output result of the current executive body with the output results of other executive bodies in sequence: and if the number of other executors which are the same as the output result of the current executer is equal to n-1, setting the confidence level of the current executer as V'. If the number of other executors which are the same as the output result of the current executor is greater than or equal to (n-1)/2, subtracting D (D is greater than or equal to 1 and less than V ') from the reliability of the current executor, and if the value obtained by subtracting D from the reliability of the current executor is greater than V ', setting the reliability of the current executor as V '; and if the value obtained by subtracting D from the current execution body reliability is less than or equal to V', setting the current execution body reliability as the value obtained by subtracting D. If the number of the execution bodies with the same output result as the current execution body is less than (n-1)/2, subtracting V 'from the reliability of the current execution body, and if the value obtained by subtracting V' from the reliability of the current execution body is greater than V ', setting the reliability of the current execution body as V'; and if the value obtained by subtracting V ' from the current execution body reliability is less than or equal to V ', setting the current execution body reliability as the value obtained by subtracting V '.
(3.3) sequentially comparing the output results of all the executives with the output results of other executives by the method of the step 3.2, and respectively obtaining the current credibility of each executor as V1, V2.
In this way, executors can be classified into three categories: greater than or equal to V 'belongs to a high-trust executive, less than V' but greater than 0 belongs to a low-trust executive, and less than 0 belongs to an attack-capable executive. Compared with the traditional method, the method reduces the computational complexity, and can quickly and effectively identify the executors which are possibly attacked.
(4) Traversing the current credibility of all online executives, and judging the executives to be cleaned, wherein the specific process is as follows:
(4.1) traversing the current credibility of all online executives, if the current credibility of any one online executives is less than or equal to 0, then the executives are attacked, and the executives needing to be cleaned are judged according to the following modes: if the credibility of only one executive body is less than or equal to 0, the executive body is the executive body needing to be cleaned; if the credibility of 2 or more executives is less than or equal to 0, the executor with the minimum credibility is the executor needing to be cleaned; if the credibility of 2 or more executors is less than or equal to 0 and the credibility of the executors with the minimum credibility is 2 or more, the executors with the minimum credibility are the executors needing cleaning; if the credibility of 2 or more executables is less than or equal to 0, and the executables with the minimum credibility are 2 or more and the credibility coefficients are all equal, randomly selecting one executant as the executant needing to be cleaned; (4.2) if the credibility of all executors is V ' or not V ' but is greater than 0, acquiring that the current time is T2, comparing the current time T2 with the recorded time T1, and if the difference is less than a threshold T ', cleaning the executors is not needed; otherwise, judging the executive bodies needing to be cleaned according to the following modes: if the number of the executors with the lowest credibility coefficient is 1, the executors are the executors needing cleaning; and if a plurality of executives with the smallest confidence coefficients exist, randomly selecting one of the executives as the one needing to be cleaned.
(5) Obtaining the result of the judgment, and if the execution body cleaning is not needed, not doing any operation; if the executive body is to be cleaned, the executive body is cleaned and offline, and the process comprises the following steps: multiplying the credibility coefficient of the executive to be cleaned by a coefficient P' between 0 and 1 to obtain a new credibility coefficient, aiming at reducing the credibility coefficient of the executive in this way and marking the executive to be vulnerable so that the executive is easier to clean offline next time when being arbitrated, wherein the updated credibility coefficient and the mirror image of the executive are stored in an executive warehouse; then putting the execution body to be cleaned off line; finally, the current time T3 is updated to restart a new cycle of the periodic cleaning timer.
(6) And selecting the execution body upper line with the highest credibility coefficient and the same number as the lower line from the execution body warehouse again, and setting the credibility of the execution body upper line as V ', wherein V ' is larger than V '.
Claims (3)
1. A mimicry scheduling method based on credibility and credibility coefficients is characterized by comprising the following steps:
(1) when the mimicry scheduling system is started, selecting n execution bodies with the highest credibility coefficients from an execution body warehouse to obtain n online execution bodies, setting the initial credibility of each online execution body to be V', and then setting the current time T1.
(2) Acquiring output results of n online executors which are respectively R1, R2.. Rn;
(3) and traversing the output result of each online executive body, comparing the output result of the current executive body with the output results of other executive bodies in sequence until the output results of all the executive bodies are compared with the output results of other executive bodies, and updating the reliability of the current executive body to be the current reliability according to the comparison result.
(4) Traversing the current credibility of all the online executives, and judging whether the result of the executives is to be cleaned;
(5) and acquiring a result of the arbitration, and cleaning and offline the executive if the executive is to be cleaned.
(6) And selecting the execution body upper line with the highest credibility coefficient and the same number as the lower line from the execution body warehouse again, and setting the credibility of the execution body upper line as V ', wherein V ' is larger than V '.
2. The pseudo scheduling method of claim 1, wherein step 3 comprises the sub-steps of:
(3.1) traversing the output result of each online executive;
(3.2) comparing the output result of the current executive body with the output results of other executive bodies in sequence: and if the number of other executors which are the same as the output result of the current executer is equal to n-1, setting the confidence level of the current executer as V'. If the number of other executors which are the same as the output result of the current executor is greater than or equal to (n-1)/2, subtracting D (D is greater than or equal to 1 and less than V ') from the reliability of the current executor, and if the value obtained by subtracting D from the reliability of the current executor is greater than V ', setting the reliability of the current executor as V '; and if the value obtained by subtracting D from the current execution body reliability is less than or equal to V', setting the current execution body reliability as the value obtained by subtracting D. If the number of the execution bodies with the same output result as the current execution body is less than (n-1)/2, subtracting V 'from the reliability of the current execution body, and if the value obtained by subtracting V' from the reliability of the current execution body is greater than V ', setting the reliability of the current execution body as V'; and if the value obtained by subtracting V ' from the current execution body reliability is less than or equal to V ', setting the current execution body reliability as the value obtained by subtracting V '.
(3.3) comparing the output results of all the executives with the output results of other executives in sequence by the method of step 3.2, and respectively updating the credibility of each executor as V1, V2.
3. The pseudo scheduling method according to claim 1, wherein said step 4 comprises the sub-steps of:
(4.1) traversing the current credibility of all online executives, if the current credibility of any one online executives is less than or equal to 0, then the executives are attacked, and the executives needing to be cleaned are judged according to the following modes:
if the credibility of only one executive body is less than or equal to 0, the executive body is the executive body needing to be cleaned; if the credibility of 2 or more executives is less than or equal to 0, the executor with the minimum credibility is the executor needing to be cleaned; if the credibility of 2 or more executors is less than or equal to 0 and the credibility of the executors with the minimum credibility is 2 or more, the executors with the minimum credibility are the executors needing cleaning; if the credibility of 2 or more executables is less than or equal to 0, and the executables with the minimum credibility are 2 or more and the credibility coefficients are all equal, randomly selecting one executant as the executant needing to be cleaned;
(4.2) if the credibility of all executors is V ' or not V ' but is greater than 0, acquiring that the current time is T2, comparing the current time T2 with the recorded time T1, and if the difference is less than a threshold T ', cleaning the executors is not needed; otherwise, judging the executive bodies needing to be cleaned according to the following modes: if the number of the executors with the lowest credibility coefficient is 1, the executors are the executors needing cleaning; and if a plurality of executives with the smallest confidence coefficients exist, randomly selecting one of the executives as the one needing to be cleaned.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010086908.4A CN111314337B (en) | 2020-02-11 | 2020-02-11 | Mimicry scheduling method based on credibility and credibility coefficient |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010086908.4A CN111314337B (en) | 2020-02-11 | 2020-02-11 | Mimicry scheduling method based on credibility and credibility coefficient |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111314337A true CN111314337A (en) | 2020-06-19 |
| CN111314337B CN111314337B (en) | 2022-07-15 |
Family
ID=71160046
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010086908.4A Active CN111314337B (en) | 2020-02-11 | 2020-02-11 | Mimicry scheduling method based on credibility and credibility coefficient |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314337B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917754A (en) * | 2020-07-24 | 2020-11-10 | 之江实验室 | Method for realizing rapid cleaning and online of mimicry executive body |
| CN112491905A (en) * | 2020-12-01 | 2021-03-12 | 郑州昂视信息科技有限公司 | Method, device and system for testing performance of network equipment |
| CN114301650A (en) * | 2021-12-21 | 2022-04-08 | 浙江大学 | Mimicry WAF (wide area filter) judging method based on credibility |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106874755A (en) * | 2017-01-22 | 2017-06-20 | 中国人民解放军信息工程大学 | The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks |
| CN109818951A (en) * | 2019-01-18 | 2019-05-28 | 中国人民解放军战略支援部队信息工程大学 | A kind of function equivalence executes body credibility evaluation method and device |
| CN110011965A (en) * | 2019-02-28 | 2019-07-12 | 中国人民解放军战略支援部队信息工程大学 | A kind of execution body based on confidence level non-uniform output judging method and device completely |
| CN110581845A (en) * | 2019-08-21 | 2019-12-17 | 浙江大学 | quantitative characterization method for potential threat degree of mimicry controller executive body |
-
2020
- 2020-02-11 CN CN202010086908.4A patent/CN111314337B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106874755A (en) * | 2017-01-22 | 2017-06-20 | 中国人民解放军信息工程大学 | The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks |
| CN109818951A (en) * | 2019-01-18 | 2019-05-28 | 中国人民解放军战略支援部队信息工程大学 | A kind of function equivalence executes body credibility evaluation method and device |
| CN110011965A (en) * | 2019-02-28 | 2019-07-12 | 中国人民解放军战略支援部队信息工程大学 | A kind of execution body based on confidence level non-uniform output judging method and device completely |
| CN110581845A (en) * | 2019-08-21 | 2019-12-17 | 浙江大学 | quantitative characterization method for potential threat degree of mimicry controller executive body |
Non-Patent Citations (1)
| Title |
|---|
| 李传煌等: ""SDN中服务部署的拟态防御方法"", 《通信学报》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917754A (en) * | 2020-07-24 | 2020-11-10 | 之江实验室 | Method for realizing rapid cleaning and online of mimicry executive body |
| CN112491905A (en) * | 2020-12-01 | 2021-03-12 | 郑州昂视信息科技有限公司 | Method, device and system for testing performance of network equipment |
| CN112491905B (en) * | 2020-12-01 | 2023-05-05 | 郑州昂视信息科技有限公司 | Performance test method, device and system of network equipment |
| CN114301650A (en) * | 2021-12-21 | 2022-04-08 | 浙江大学 | Mimicry WAF (wide area filter) judging method based on credibility |
| CN114301650B (en) * | 2021-12-21 | 2022-08-30 | 浙江大学 | Mimicry WAF (wide area filter) judging method based on credibility |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111314337B (en) | 2022-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111314337B (en) | Mimicry scheduling method based on credibility and credibility coefficient | |
| KR102592146B1 (en) | Neuron Circuit, system and method for synapse weight learning | |
| US7934229B1 (en) | Generating options for repairing a computer infected with malicious software | |
| KR102291869B1 (en) | Method and apparatus for anomaly detection of traffic pattern | |
| US20210201181A1 (en) | Inferencing and learning based on sensorimotor input data | |
| CN110740067B (en) | Active defense network security analysis method, storage medium and application server | |
| Chen et al. | Temporal watermarks for deep reinforcement learning models | |
| CN113098882B (en) | Game theory-based network space mimicry defense method, device, medium and terminal | |
| US20220374434A1 (en) | Real-time streaming graph queries | |
| CN106713262B (en) | Credibility-based heterogeneous executive dynamic scheduling device and scheduling method thereof | |
| CN113158685A (en) | Text semantic prediction method and device, computer equipment and storage medium | |
| CN110855715A (en) | DOS attack and defense simulation method based on stochastic Petri network | |
| CN113810389B (en) | Vulnerability selection method and device in vulnerability repair process of DHR (distributed Hash Table) system | |
| CN114844684B (en) | Active defense network evaluation method and system based on multiple fusion method | |
| CN113079169B (en) | Two-stage multi-layer resource scheduling method and system for mimicry defense | |
| CN115860140A (en) | Deep learning back door defense method based on characteristic space distance reinforcement | |
| KR102442891B1 (en) | System and method for updating weight of artificial neural networks | |
| CN112035838B (en) | Conditional probability voting method and device based on execution body isomerism | |
| CN115277065A (en) | Method and device for resisting attack in abnormal traffic detection of Internet of things | |
| CN111917754A (en) | Method for realizing rapid cleaning and online of mimicry executive body | |
| Chakraborty et al. | Online multiagent learning against memory bounded adversaries | |
| CN113518090A (en) | Intrusion detection method and system for edge computing architecture Internet of things | |
| Tokarev et al. | Detection of anomalies in the information networks of industrial automation systems based on artificial immune detectors | |
| CN116346455A (en) | Intelligent active defense technology based on credibility feedback | |
| Kosarava et al. | Application of a queuing network with positive and negative arrivals for modeling a computer network with antivirus software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |