CN111314337B - Mimicry scheduling method based on credibility and credibility coefficient - Google Patents
Mimicry scheduling method based on credibility and credibility coefficient Download PDFInfo
- Publication number
- CN111314337B CN111314337B CN202010086908.4A CN202010086908A CN111314337B CN 111314337 B CN111314337 B CN 111314337B CN 202010086908 A CN202010086908 A CN 202010086908A CN 111314337 B CN111314337 B CN 111314337B
- Authority
- CN
- China
- Prior art keywords
- credibility
- current
- executive
- executors
- online
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Abstract
The invention provides a mimicry scheduling method based on credibility and credibility coefficients, and relates to the field of computer networks. The method comprises the following steps: selecting n execution bodies with the highest credibility coefficients from an execution body mirror image warehouse, and endowing a credibility; collecting the output result of each online executive body; comparing the output results of all the online executors, and updating the credibility of each online executer under the three conditions that the output results of all the online executors are equal to the output results of other executors, the output results of most other executors are equal to the output results of other executors, and the output results of most other executors are not equal to the output results of other executors; judging the executive bodies needing to be cleaned according to the credibility and the credibility coefficient of the on-line executive bodies; and (4) taking the executive body to be cleaned off line and updating the credibility coefficient of the executive body. And selecting the executive body with the highest confidence coefficient from the executive body mirror image library again and putting the executive body on line. In addition, a cleaning action is triggered periodically to prevent the N mode from escaping.
Description
Technical Field
The invention relates to the field of computer networks, in particular to a mimicry scheduling method based on credibility and credibility coefficients.
Background
In the mimicry defense technology, an important mechanism is a dynamic heterogeneous redundant structure which comprises an input agent, an output agent, a functional equivalent heterogeneous executor set, a multi-mode arbitration, a negative feedback controller and other components and functional components, and by introducing various security technologies such as diversity, dynamics, randomness and the like, the method aims to greatly improve the attack cost and the vulnerability utilization cost by deploying and operating uncertain and random dynamic networks, platforms, systems, devices and even components or constructions. However, due to the complexity of the system structure and the unpredictability of the attack behavior, a certain escape probability still exists in the heterogeneous redundant structure when the heterogeneous redundant structure faces differential mode, N-1 mode and N mode attacks, and hidden dangers brought by the attacks can be eliminated completely by cleaning for many times, so that how to effectively reduce the escape probability and the escape time of the heterogeneous redundant structure is a key difficulty of the dynamic heterogeneous redundant structure.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a mimicry scheduling method based on credibility and credibility coefficients.
The purpose of the invention is realized by the following technical scheme: a mimicry scheduling method based on credibility and credibility coefficients specifically comprises the following steps:
(1) when the mimicry scheduling system is started, selecting n execution bodies with the highest credibility coefficients from an execution body warehouse to obtain n online execution bodies, setting the initial credibility of each online execution body to be V', and then setting the current time T1.
(2) Collecting output results of n online executors which are respectively R1, R2,. Rn;
(3) traversing the output result of each online executive body, comparing the output result of the current executive body with the output results of other executive bodies in sequence until the output results of all executive bodies are compared with the output results of other executive bodies, and updating the credibility of the current executive body to be the current credibility according to the comparison result.
(4) Traversing the current credibility of all the online executives, and judging whether the result of the executives is to be cleaned;
(5) and acquiring a result of the judgment, and cleaning and putting down the executive body if the executive body is to be cleaned.
(6) And selecting the execution body upper line with the highest credibility coefficient and the same number as the lower line from the execution body warehouse again, and setting the credibility of the execution body upper line as V ', wherein V ' is larger than V '.
Further, step 3 comprises the following substeps:
(3.1) traversing the output result of each online executive;
(3.2) comparing the output result of the current executive body with the output results of other executive bodies in sequence: and if the number of other executors which are the same as the output result of the current executer is equal to n-1, setting the confidence level of the current executer as V'. If the number of other executors which are the same as the output result of the current executor is greater than or equal to (n-1)/2, subtracting D (D is greater than or equal to 1 and less than V ') from the reliability of the current executor, and if the value obtained by subtracting D from the reliability of the current executor is greater than V ', setting the reliability of the current executor as V '; and if the value obtained by subtracting D from the current execution body reliability is less than or equal to V', setting the current execution body reliability as the value obtained by subtracting D. If the number of the execution bodies with the same output result as the current execution body is less than (n-1)/2, subtracting V 'from the reliability of the current execution body, and if the value obtained by subtracting V' from the reliability of the current execution body is greater than V ', setting the reliability of the current execution body as V'; and if the value obtained by subtracting V ' from the current execution body reliability is less than or equal to V ', setting the current execution body reliability as the value obtained by subtracting V '.
(3.3) comparing the output results of all the executives with the output results of other executives in sequence by the method of step 3.2, and respectively updating the credibility of each executor as V1, V2.
Further, the step 4 comprises the following substeps:
(4.1) traversing the current credibility of all online executives, if the current credibility of any one online executives is less than or equal to 0, then the executives are attacked, and the executives needing to be cleaned are judged according to the following modes:
if the credibility of only one executive body is less than or equal to 0, the executive body is the executive body needing to be cleaned; if the credibility of 2 or more executors is less than or equal to 0, the executer with the minimum credibility is the executer needing cleaning; if the credibility of 2 or more executors is less than or equal to 0 and the credibility of the executors with the minimum credibility is 2 or more, the executors with the minimum credibility coefficients are the executors needing to be cleaned; if the credibility of 2 or more executors is less than or equal to 0, and the executors with the minimum credibility are 2 or more and the credibility coefficients are all equal, randomly selecting one executer as the executer needing cleaning;
(4.2) if the credibility of all executors is V ' or not V ' but is greater than 0, acquiring that the current time is T2, comparing the current time T2 with the recorded time T1, and if the difference is less than a threshold T ', cleaning the executors; otherwise, judging the executive bodies needing to be cleaned according to the following modes: if the number of the executors with the lowest credibility coefficient is 1, the executors are the executors needing to be cleaned; and if a plurality of executives with the smallest confidence coefficients exist, randomly selecting one of the executives as the one needing to be cleaned.
Compared with the prior art, the invention has the following beneficial effects:
1. the weight is used as the basis of state representation and cleaning action, so that the realization difficulty is reduced, and the realization cost of software and hardware is low (historical data is not required to be backed up);
2. introducing three levels of environment confidence coefficients, 0, V', V "; the addition and subtraction strategy can ensure that the new online executive body can survive at least one detection period, and accords with safer common knowledge that the new online executive body is not exposed on an attack surface;
3. introducing an executive trust coefficient, and recording the historical expression state of the executive trust coefficient while depicting the design integrity of the executive trust coefficient; the cleaning switching of the execution bodies accords with the closed loop feedback principle of the system by differentiated weight distribution, blindness caused by random switching is avoided, the risk of endless loop is reduced, and the maximum delay tailing required by traversing all the execution bodies is reduced;
4. a dynamic updating mechanism of the trust coefficient of an executive body is introduced, so that an operating system with a high trust coefficient can be basically ensured to play a role in a consistent way and always the last cleaned object;
5. the escape probability of the system can be given according to a similarity measurement tool, the escape time can be specifically quantized into the number of times of executing body switching, and the N-1 mode attack only needs to be cleaned twice; the N-mode attack only needs 3 times of cleaning to avoid escaping.
Drawings
FIG. 1 is a pseudo-scheduling architecture of the pseudo-scheduling system of the present invention;
FIG. 2 is a flow chart of a pseudo scheduling method according to the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the attached drawings.
Referring to fig. 1-2, in the proposed mimicry scheduling method based on confidence level and confidence coefficient according to the present invention, each executive body in the executive body warehouse is allocated with two parameters: confidence level and confidence coefficient. These two parameters are described in detail below:
credibility is divided into three grades: initial confidence, normal confidence, and cleaning confidence. The execution entity trust may be toggled between these three levels, updating the trust of the execution entity when it comes online or arbitrates for execution entity output results. The initial credibility is the level of the execution body when the execution body is just online, the normal credibility is the level of the execution body when the execution body is detected not to be attacked, and the cleaning credibility is the level of the execution body when the execution body is possibly attacked.
The confidence coefficient is between 0 and 1, and when the mimicry scheduling system is just on line, the initial confidence coefficient is distributed to the executive bodies according to the original attributes of the executive bodies, such as cleaning cost, the isomerization degree among the executive bodies and the like. The credibility coefficient can be dynamically updated according to the judgment result in the system operation.
The mimicry scheduling method specifically comprises the following steps:
(1) when the mimicry scheduling system is started, selecting n execution bodies with the highest credibility coefficients from an execution body warehouse to obtain n online execution bodies, and setting the initial credibility of each online execution body as V'. The current time T1 is then set for subsequent use as a reference time to determine whether a periodic cleaning action is triggered.
(2) Acquiring output results of n online executors which are respectively R1, R2.. Rn;
(3) and traversing the output result of each online executive body, comparing the output result of the current executive body with the output results of other executive bodies in sequence until the output results of all the executive bodies are compared with the output results of other executive bodies, and updating the reliability of the current executive body to be the current reliability according to the comparison result. The main purpose of this step is to identify the executant that may be attacked, and specifically includes the following sub-steps:
(3.1) traversing the output result of each online executive;
(3.2) comparing the output result of the current executive body with the output results of other executive bodies in sequence: if the number of other executors which are the same as the output result of the current executer is equal to n-1, the confidence level of the current executer is set as V'. If the number of other executors which are the same as the output result of the current executor is greater than or equal to (n-1)/2, subtracting D (D is greater than or equal to 1 and less than V ') from the reliability of the current executor, and if the value obtained by subtracting D from the reliability of the current executor is greater than V ', setting the reliability of the current executor as V '; and if the value obtained by subtracting D from the reliability of the current execution body is less than or equal to V', setting the reliability of the current execution body as the value obtained by subtracting D. If the number of the execution bodies with the same output result as the current execution body is less than (n-1)/2, subtracting V 'from the reliability of the current execution body, and if the value obtained by subtracting V' from the reliability of the current execution body is greater than V ', setting the reliability of the current execution body as V'; and if the value obtained by subtracting V ' from the current execution body reliability is less than or equal to V ', setting the current execution body reliability as the value obtained by subtracting V '.
(3.3) comparing the output results of all the executives with the output results of other executives in turn by the method of step 3.2, and obtaining the current credibility of each executor as V1, V2.
In this way, executors can be classified into three categories: v ' or more belongs to a high-trust executive body, V ' or less but more than 0 belongs to a low-trust executive body, and V ' or less than 0 belongs to an executive body which can be attacked. Compared with the traditional method, the method reduces the computational complexity, and can quickly and effectively identify the executors which are possibly attacked.
(4) Traversing the current credibility of all online executives, and judging the executives to be cleaned, wherein the specific process comprises the following steps:
(4.1) traversing the current credibility of all online executives, if the current credibility of any one online executives is less than or equal to 0, then the executives are attacked, and the executives needing to be cleaned are judged according to the following modes: if the credibility of only one executive is less than or equal to 0, the executive is the executive needing to be cleaned; if the credibility of 2 or more executives is less than or equal to 0, the executor with the minimum credibility is the executor needing to be cleaned; if the credibility of 2 or more executors is less than or equal to 0 and the credibility of the executors with the minimum credibility is 2 or more, the executors with the minimum credibility are the executors needing cleaning; if the credibility of 2 or more executables is less than or equal to 0, and the executables with the minimum credibility are 2 or more and the credibility coefficients are all equal, randomly selecting one executant as the executant needing to be cleaned; (4.2) if the credibility of all executors is V ' or not V ' but is greater than 0, acquiring that the current time is T2, comparing the current time T2 with the recorded time T1, and if the difference is less than a threshold T ', cleaning the executors; otherwise, judging the executive bodies needing to be cleaned according to the following modes: if the number of the executors with the lowest credibility coefficient is 1, the executors are the executors needing to be cleaned; if there are several executors with the least confidence coefficient, one of them is randomly selected as the one needing cleaning.
(5) Obtaining the result of the judgment, and if the execution body cleaning is not needed, not doing any operation; if the executive body is to be cleaned, the executive body is cleaned and offline, and the process comprises the following steps: multiplying the credibility coefficient of the executive to be cleaned by a coefficient P' between 0 and 1 to obtain a new credibility coefficient, aiming at reducing the credibility coefficient of the executive in this way and marking the executive to be vulnerable so that the executive is easier to clean offline next time when being arbitrated, wherein the updated credibility coefficient and the mirror image of the executive are stored in an executive warehouse; then putting the execution body to be cleaned off line; finally, the current time T3 is updated to restart a new cycle of the periodic cleaning timer.
(6) And selecting the execution body upper line with the highest credibility coefficient and the same number as the lower line from the execution body warehouse again, and setting the credibility of the execution body upper line as V ', wherein V ' is larger than V '.
Claims (2)
1. A mimicry scheduling method based on credibility and credibility coefficients is characterized by comprising the following steps:
(1) when the mimicry scheduling system is started, selecting n execution bodies with the highest credibility coefficients from an execution body warehouse to obtain n online execution bodies, setting the initial credibility of each online execution body as V', and then setting the current time T1;
(2) acquiring output results of n online executors which are respectively R1, R2.. Rn;
(3) traversing the output result of each online executive body, comparing the output result of the current executive body with the output results of other executive bodies in sequence until the output results of all executive bodies are compared with the output results of other executive bodies, and updating the credibility of the current executive body to be the current credibility according to the comparison result;
(3.1) traversing the output result of each online executive;
(3.2) comparing the output result of the current executive body with the output results of other executive bodies in sequence: if the number of other executors which are the same as the output result of the current executer is equal to n-1, setting the credibility of the current executer as V'; if the number of other execution bodies which are the same as the output result of the current execution body is greater than or equal to (n-1)/2, subtracting D (1 is greater than or equal to D < V ') from the reliability of the current execution body, and if the value obtained by subtracting D from the reliability of the current execution body is greater than V ', setting the reliability of the current execution body as V '; if the value obtained by subtracting D from the reliability of the current executive body is less than or equal to V', the reliability of the current executive body is set to be the value obtained by subtracting D; if the number of the execution bodies with the same output result as the current execution body is less than (n-1)/2, subtracting V 'from the reliability of the current execution body, and if the value obtained by subtracting V' from the reliability of the current execution body is greater than V ', setting the reliability of the current execution body as V'; if the value obtained by subtracting V ' from the reliability of the current executive body is less than or equal to V ', the reliability of the current executive body is set to be the value obtained by subtracting V ';
(3.3) comparing the output results of all the executives with the output results of other executives in sequence by the method in the step 3.2, and respectively updating the credibility of each executor to be V1, V2.. Vn;
(4) traversing the current credibility of all the online executives, and judging whether the result of the executives is to be cleaned;
(5) obtaining the result of the judgment, and if the executive body is to be cleaned, cleaning the executive body and putting the executive body off line;
(6) and selecting the execution body online with the highest confidence coefficient and the same number as the offline execution bodies from the execution body warehouse again, and setting the confidence level of the execution body online with the highest confidence coefficient as V ' ', wherein V ' ' is larger than V '.
2. The pseudo scheduling method according to claim 1, wherein said step 4 comprises the sub-steps of:
(4.1) traversing the current credibility of all online executives, if the current credibility of any one online executives is less than or equal to 0, then the executives are attacked, and the executives needing to be cleaned are judged according to the following modes:
if the credibility of only one executive is less than or equal to 0, the executive is the executive needing to be cleaned; if the credibility of 2 or more executives is less than or equal to 0, the executor with the minimum credibility is the executor needing to be cleaned; if the credibility of 2 or more executors is less than or equal to 0 and the credibility of the executors with the minimum credibility is 2 or more, the executors with the minimum credibility are the executors needing cleaning; if the credibility of 2 or more executables is less than or equal to 0, and the executables with the minimum credibility are 2 or more and the credibility coefficients are all equal, randomly selecting one executant as the executant needing to be cleaned;
(4.2) if the credibility of all the executives is V ' or not V ' but is greater than 0, acquiring that the current time is T2, comparing the current time T2 with the recorded time T1, and if the difference is smaller than a threshold T ', cleaning the executives; otherwise, judging the executive bodies needing to be cleaned according to the following modes: if the number of the executors with the lowest credibility coefficient is 1, the executors are the executors needing cleaning; if there are several executors with the least confidence coefficient, one of them is randomly selected as the one needing cleaning.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010086908.4A CN111314337B (en) | 2020-02-11 | 2020-02-11 | Mimicry scheduling method based on credibility and credibility coefficient |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010086908.4A CN111314337B (en) | 2020-02-11 | 2020-02-11 | Mimicry scheduling method based on credibility and credibility coefficient |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111314337A CN111314337A (en) | 2020-06-19 |
CN111314337B true CN111314337B (en) | 2022-07-15 |
Family
ID=71160046
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010086908.4A Active CN111314337B (en) | 2020-02-11 | 2020-02-11 | Mimicry scheduling method based on credibility and credibility coefficient |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111314337B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111917754A (en) * | 2020-07-24 | 2020-11-10 | 之江实验室 | Method for realizing rapid cleaning and online of mimicry executive body |
CN112491905B (en) * | 2020-12-01 | 2023-05-05 | 郑州昂视信息科技有限公司 | Performance test method, device and system of network equipment |
CN114301650B (en) * | 2021-12-21 | 2022-08-30 | 浙江大学 | Mimicry WAF (wide area filter) judging method based on credibility |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106874755A (en) * | 2017-01-22 | 2017-06-20 | 中国人民解放军信息工程大学 | The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks |
CN109818951A (en) * | 2019-01-18 | 2019-05-28 | 中国人民解放军战略支援部队信息工程大学 | A kind of function equivalence executes body credibility evaluation method and device |
CN110011965A (en) * | 2019-02-28 | 2019-07-12 | 中国人民解放军战略支援部队信息工程大学 | A kind of execution body based on confidence level non-uniform output judging method and device completely |
CN110581845A (en) * | 2019-08-21 | 2019-12-17 | 浙江大学 | quantitative characterization method for potential threat degree of mimicry controller executive body |
-
2020
- 2020-02-11 CN CN202010086908.4A patent/CN111314337B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106874755A (en) * | 2017-01-22 | 2017-06-20 | 中国人民解放军信息工程大学 | The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks |
CN109818951A (en) * | 2019-01-18 | 2019-05-28 | 中国人民解放军战略支援部队信息工程大学 | A kind of function equivalence executes body credibility evaluation method and device |
CN110011965A (en) * | 2019-02-28 | 2019-07-12 | 中国人民解放军战略支援部队信息工程大学 | A kind of execution body based on confidence level non-uniform output judging method and device completely |
CN110581845A (en) * | 2019-08-21 | 2019-12-17 | 浙江大学 | quantitative characterization method for potential threat degree of mimicry controller executive body |
Non-Patent Citations (1)
Title |
---|
"SDN中服务部署的拟态防御方法";李传煌等;《通信学报》;20181130;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN111314337A (en) | 2020-06-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111314337B (en) | Mimicry scheduling method based on credibility and credibility coefficient | |
KR102592146B1 (en) | Neuron Circuit, system and method for synapse weight learning | |
KR102291869B1 (en) | Method and apparatus for anomaly detection of traffic pattern | |
US7934229B1 (en) | Generating options for repairing a computer infected with malicious software | |
US11966831B2 (en) | Feedback mechanisms in sequence learning systems with temporal processing capability | |
US20210201181A1 (en) | Inferencing and learning based on sensorimotor input data | |
CN109190379A (en) | A kind of leak detection method and device of deep learning system | |
CN110740067B (en) | Active defense network security analysis method, storage medium and application server | |
Chen et al. | Temporal watermarks for deep reinforcement learning models | |
CN106713262B (en) | Credibility-based heterogeneous executive dynamic scheduling device and scheduling method thereof | |
CN113158685A (en) | Text semantic prediction method and device, computer equipment and storage medium | |
US7171393B2 (en) | Solving constraint satisfaction problems using variable-range hopping | |
CN110855715A (en) | DOS attack and defense simulation method based on stochastic Petri network | |
CN114844684B (en) | Active defense network evaluation method and system based on multiple fusion method | |
CN115860140A (en) | Deep learning back door defense method based on characteristic space distance reinforcement | |
KR102442891B1 (en) | System and method for updating weight of artificial neural networks | |
CN113079169B (en) | Two-stage multi-layer resource scheduling method and system for mimicry defense | |
US20210374578A1 (en) | Inferencing and learning based on sensorimotor input data | |
CN115277065A (en) | Method and device for resisting attack in abnormal traffic detection of Internet of things | |
CN111917754A (en) | Method for realizing rapid cleaning and online of mimicry executive body | |
CN113518090A (en) | Intrusion detection method and system for edge computing architecture Internet of things | |
Mendes et al. | Assessing a sparse distributed memory using different encoding methods | |
CN116346455A (en) | Intelligent active defense technology based on credibility feedback | |
Tokarev et al. | Detection of anomalies in the information networks of industrial automation systems based on artificial immune detectors | |
Kosarava et al. | Application of a queuing network with positive and negative arrivals for modeling a computer network with antivirus software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |