CN111917754A - Method for realizing rapid cleaning and online of mimicry executive body - Google Patents
Method for realizing rapid cleaning and online of mimicry executive body Download PDFInfo
- Publication number
- CN111917754A CN111917754A CN202010724900.6A CN202010724900A CN111917754A CN 111917754 A CN111917754 A CN 111917754A CN 202010724900 A CN202010724900 A CN 202010724900A CN 111917754 A CN111917754 A CN 111917754A
- Authority
- CN
- China
- Prior art keywords
- executive
- online
- manager
- alternative pool
- pool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004140 cleaning Methods 0.000 title claims abstract description 18
- 238000000034 method Methods 0.000 title claims abstract description 17
- 239000012636 effector Substances 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention provides a method for realizing rapid cleaning and online of a mimicry executive, and relates to the field of computer networks. The method comprises the following steps: the executive manager selects j executors with highest credibility from the offline executive alternative pool to run, and the executors are added into the online executive alternative pool. Next, the executive manager receives the request of the executive scheduler, selects k executors from the on-line executive alternative pool and wakes up to enter the on-line state; when the executive dispatcher washes the executives, the executive manager is called, the executives which are washed off the line are returned to the offline executive alternative pool, and then one executive is awakened from the online executive alternative pool and enters an online state. And if no redundant executors which can be called exist in the online executors alternative pool, selecting one executor from the offline executors alternative pool and running.
Description
Technical Field
The invention belongs to the field of computer networks, and particularly relates to a method for realizing quick cleaning and online of a mimicry executive.
Background
In the mimicry defense technology, one important mechanism is a dynamic heterogeneous redundancy structure, which comprises an input agent, an output agent, a functionally equivalent heterogeneous executive body set, a multi-mode arbitration, a negative feedback controller and other components and functional compositions, and by introducing various security technologies such as diversity, dynamics, randomness and the like, the aim is to greatly improve the attack cost and the vulnerability utilization cost by deploying and operating uncertain and randomly dynamic networks, platforms, systems, devices and even components or constructions. However, due to the complexity of the system structure and the unpredictability of the attack behavior, a certain escape probability still exists when the heterogeneous redundant structure faces differential mode, N-1 mode and N mode attacks, and hidden dangers brought by the attacks can be eliminated completely by cleaning for many times, so that how to effectively reduce the escape time of the heterogeneous redundant structure is a key difficulty of the dynamic heterogeneous redundant structure.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method for realizing quick cleaning and line loading of a mimicry executive body.
The purpose of the invention is realized by the following technical scheme: a method for realizing rapid cleaning and line loading of a mimicry executive body comprises the following steps:
(1) when the mimicry scheduling system is started, constructing an offline executive body alternative pool and an online executive body alternative pool; the offline execution body alternative pool comprises i execution bodies, and each execution body is configured with initial credibility;
(2) when the mimicry scheduling system selects the executive to be online, selecting the executive from the online executive alternative pool and online; the method comprises the steps that an executive manager receives an online request of a mimicry scheduling system;
(3) when the mimicry scheduling system selects an executive to clean, the executive manager receives a cleaning request of the mimicry scheduling system, the credibility of the cleaned executive is multiplied by 0.8 to be used as the current credibility of the cleaned executive, then the executive is returned to an offline executive alternative pool, and the executive is selected from the online executive alternative pool and is online;
(4) the executive manager regularly monitors the number of executors in the online executive alternative pool, and if the actual number is less than j, sufficient executors are supplemented from the offline executive alternative pool and added into the online executive alternative pool.
Further, the step (1) includes the sub-steps of:
(1.1) the executive manager selects the former j executors with higher credibility from the offline executive candidate pool to operate, and adds the executors into the online executive candidate pool after stripping the executors from the offline executive candidate pool, wherein j is less than or equal to i;
(1.2) the executive manager distributes m ports from the multi-path bridge to the executive in each online executive alternative pool, connects to the executive of each online, and sets all the distributed ports to a forbidden state;
(1.3) the executive manager puts the executors in each online executive's alternative pool into a sleep state.
Further, the step (2) includes the sub-steps of:
(2.1) the executive manager selects the former k executors with higher credibility from the online executive alternative pool to wake up, and strips the executors from the online executive alternative pool, wherein k is less than j;
and (2.2) the executive manager sets the port on the multi-path bridge corresponding to the woken executive to be in an enabling state.
Further, the step (3) includes the sub-steps of:
(3.1) the executive manager closes the executive to be cleaned, deletes the port on the multi-path bridge corresponding to the executive and adds the port into the offline executive alternative pool;
(3.2) the executive manager checks the number of available executors in the online executive alternative pool, and judges whether the available number is 0:
(3.2.1) if the available number is 0: the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, and strips the executive from the offline executive alternative pool; the executive manager distributes m ports for the executive from the multi-path bridge, connects to the executive on each line, and sets all the distributed ports to be in an enabling state;
(3.2.2) if the available number is other than 0: the executive manager selects 1 executive with the highest credibility from the online executive alternative pool to wake up, and strips the executive from the online executive alternative pool; the executive manager sets the port on the multi-path bridge corresponding to the awakened executive into an enabling state;
(3.3) the executive manager checks the number of available executors in the online executive alternative pool, and judges whether the available number is j:
(3.3.1) if the available number is less than j, the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, strips the executive from the offline executive alternative pool, and adds the executive into the online executive alternative pool; the executive manager allocates m ports for the executive from the multi-path bridge, connects to the executive and sets the allocated m ports to a forbidden state; the executive manager makes the executive enter into a dormant state;
(3.3.2) if the actual number is equal to j, no processing is done.
Further, the step (4) is specifically as follows: the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, strips the executive from the offline executive alternative pool, and adds the executive into the online executive alternative pool; the executive manager allocates m ports for the executive from the multi-path bridge, connects to the executive and sets the allocated m ports to a forbidden state; the executive manager puts the executive into a sleep state.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention adopts a two-stage executive body alternative pool mechanism, can regard the on-line executive body alternative pool as the cache of the off-line executive body alternative pool, and preferentially selects from the on-line executive body alternative pool when a new executive body is on line each time, thereby accelerating the on-line speed of the executive body and reducing the escape time;
2. the executors in the on-line executors alternative pool only occupy disk resources and memory resources, and do not occupy CPU resources and IO resources, so that the realization difficulty is reduced, and the realization cost of software and hardware is low;
3. by introducing the credibility parameter, the execution body with higher credibility can be preferentially placed in the online execution body selection pool, and the execution body with lower credibility is preferentially placed in the offline execution body selection pool, so that the online cost of the execution body with high credibility is reduced;
drawings
FIG. 1 is a block diagram of a pseudo scheduling system according to the present invention;
FIG. 2 is a flow chart of the method for quickly cleaning the pseudo-executor on-line according to the present invention.
Detailed Description
The technical solution of the present invention is further explained with reference to the accompanying drawings.
Referring to fig. 1-2, the invention provides a method for realizing rapid cleaning and online of a mimicry executive, which comprises an offline executive alternative pool, an online executive, an executive manager and a multi-path network bridge; the corresponding functions are as follows:
and (3) offline executive body selection pool: and the method is used for saving the execution body mirror image and the configuration file thereof in the non-operation state. When the device is just started, all executors are in this state. The executive body in the state only occupies disk resources and does not occupy memory resources, CPU resources and IO resources.
And (3) performing on-line executive body selection pool: after an executive from the offline executive's alternate pool is started, it is first added to the alternate pool. The executive body in the state occupies disk resources and memory resources, but does not occupy CPU resources and IO resources.
An online executive: the online executives are selected by the executives manager from an online executives alternative pool to be online by the corresponding executives. The executive body in the state occupies disk resources, memory resources, CPU resources and IO resources.
The executive manager: the core of the whole device is used for managing and controlling the execution body and the multi-path bridge.
Multi-way bridge: all of the online executors and executors in the alternative pool of online executors are first connected to the multi-way bridge and then to the I/O agent of the DHR (Dynamic Heterogeneous Redundancy architecture). Wherein, the network channel of the on-line executive is in an enabling state, namely can communicate with the input/output agent; the network channel of the executive in the on-line executive selection pool is in a forbidden state, namely, the communication with the input/output agent is not possible.
In addition, each executive body distributes corresponding credibility parameters according to the safety evaluation result or is configured by a person skilled in the art according to actual needs, when the executive body is selected from the offline executive body alternative pool to be added into the online executive body alternative pool or is selected from the online executive body alternative pool to be online, the executive body with the highest credibility is selected preferentially, and when the online executive body is cleaned to be offline, the credibility is multiplied by 0.8 to serve as the current credibility.
The quick cleaning and online method for the executive body specifically comprises the following steps:
(1) when the mimicry scheduling system is started, constructing an offline executive body alternative pool and an online executive body alternative pool; the offline executive body alternative pool comprises i executive bodies, each executive body is configured with initial credibility, and the executive body manager executes the following substeps to construct the online executive body alternative pool:
(1.1) the executive manager selects the former j executors with higher credibility from the offline executive candidate pool to operate, and adds the executors into the online executive candidate pool after stripping the executors from the offline executive candidate pool, wherein j is less than or equal to i;
(1.2) the executive manager distributes m ports from the multi-path bridge to the executive in each online executive alternative pool, connects to the executive of each online, and sets all the distributed ports to a forbidden state; the number of the ports is set according to specific conditions;
(1.3) the executive manager puts the executors in each online executive's alternative pool into a sleep state, i.e., not running.
(2) When the mimicry scheduling system selects the execution body to be online, preferentially selecting the execution body from the online execution body alternative pool and online; the executive manager receives an online request of the mimicry scheduling system, and the executive manager executes the following sub-steps to construct an online executive:
(2.1) the executive manager selects the former k executors with higher credibility from the online executive alternative pool to wake up, and strips the executors from the online executive alternative pool; wherein k is less than j;
and (2.2) the executive manager sets the port on the multi-path bridge corresponding to the woken executive to be in an enabling state.
(3) When the mimicry scheduling system selects an executive to clean, the executive manager receives a cleaning request of the mimicry scheduling system, the credibility of the cleaned executive is multiplied by 0.8 to be used as the current credibility of the cleaned executive, then the executive is returned to an offline executive alternative pool, and then the executive is selected from the online executive alternative pool and is online; the execution body manager executes the following sub-steps to reconstruct the online execution body:
(3.1) the executive manager closes the executive to be cleaned, deletes the port on the multi-path bridge corresponding to the executive and adds the port into the offline executive alternative pool;
(3.2) the executive manager checks the number of available executors in the online executive alternative pool, and judges whether the available number is 0:
(3.2.1) if the available number is 0: the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, and strips the executive from the offline executive alternative pool; the executive manager distributes m ports for the executive from the multi-path bridge, connects to the executive on each line, and sets all the distributed ports to be in an enabling state;
(3.2.2) if the available number is other than 0: the executive manager selects 1 executive with the highest credibility from the online executive alternative pool to wake up, and strips the executive from the online executive alternative pool; and the executive manager sets the port on the multi-path bridge corresponding to the woken executive to be in an enabling state.
(3.3) the executive manager checks the number of available executors in the online executive alternative pool, and judges whether the available number is j:
(3.3.1) if the available number is less than j, the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, strips the executive from the offline executive alternative pool, and adds the executive into the online executive alternative pool; the executive manager allocates m ports for the executive from the multi-path bridge, connects to the executive and sets the allocated m ports to a forbidden state; the executive manager makes the executive enter into a dormant state;
(3.3.2) if the actual number is equal to j, no processing is done.
(4) The executive manager regularly monitors the number of executives in the on-line executive alternative pool, if the actual number is less than j, enough executives are supplemented from the off-line executive alternative pool and added into the on-line executive alternative pool, specifically: the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, strips the executive from the offline executive alternative pool, and adds the executive into the online executive alternative pool; the executive manager allocates m ports for the executive from the multi-path bridge, connects to the executive and sets the allocated m ports to a forbidden state; the executive manager puts the executive into a sleep state.
Claims (5)
1. A method for realizing rapid cleaning and line loading of a mimicry executive body is characterized by comprising the following steps:
(1) when the mimicry scheduling system is started, constructing an offline executive body alternative pool and an online executive body alternative pool; the offline execution body alternative pool comprises i execution bodies, and each execution body is configured with initial credibility.
(2) When the mimicry scheduling system selects the executive to be online, selecting the executive from the online executive alternative pool and online; the executive manager may receive an online request of the pseudo scheduling system.
(3) When the mimicry scheduling system selects the executive to clean, the executive manager can receive the cleaning request of the mimicry scheduling system, the credibility of the cleaned executive is multiplied by 0.8 to be used as the current credibility of the cleaned executive, then the executive is returned to the offline executive alternative pool, and the executive is selected from the online executive alternative pool and is online.
(4) The executor manager may periodically monitor the number of executors in the online executor alternative pool, and if the actual number is less than j, sufficient executors are replenished from the offline executor alternative pool and added to the online executor alternative pool.
2. The method for realizing fast cleaning of the upper line of the mimicry executive as set forth in claim 1, wherein the step (1) comprises the substeps of:
(1.1) the executive manager selects the former j executors with higher credibility from the offline executive candidate pool to operate, and adds the executors into the online executive candidate pool after stripping the executors from the offline executive candidate pool, wherein j is less than or equal to i;
(1.2) the executive manager distributes m ports from the multi-path bridge to the executive in each online executive alternative pool, connects to the executive of each online, and sets all the distributed ports to a forbidden state;
(1.3) the executive manager puts the executors in each online executive's alternative pool into a sleep state.
3. The method for realizing fast cleaning of the upper line of the mimicry executive as set forth in claim 2, wherein the step (2) comprises the substeps of:
(2.1) the executive manager selects the former k executors with higher credibility from the online executive alternative pool to wake up, and strips the executors from the online executive alternative pool, wherein k is less than j;
and (2.2) the executive manager sets the port on the multi-path bridge corresponding to the woken executive to be in an enabling state.
4. A method for implementing a rapid cleaning of an upper line of a mimicry effector as claimed in claim 3, wherein said step (3) comprises the sub-steps of:
(3.1) the executive manager closes the executive to be cleaned, deletes the port on the multi-path bridge corresponding to the executive and adds the port into the offline executive alternative pool;
(3.2) the executive manager checks the number of available executors in the online executive alternative pool, and judges whether the available number is 0: (3.2.1) if the available number is 0: the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, and strips the executive from the offline executive alternative pool; the executive manager distributes m ports for the executive from the multi-path bridge, connects to the executive on each line, and sets all the distributed ports to be in an enabling state;
(3.2.2) if the available number is other than 0: the executive manager selects 1 executive with the highest credibility from the online executive alternative pool to wake up, and strips the executive from the online executive alternative pool; the executive manager sets the port on the multi-path bridge corresponding to the awakened executive into an enabling state;
(3.3) the executive manager checks the number of available executors in the online executive alternative pool, and judges whether the available number is j: (3.3.1) if the available number is less than j, the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, strips the executive from the offline executive alternative pool, and adds the executive into the online executive alternative pool; the executive manager allocates m ports for the executive from the multi-path bridge, connects to the executive and sets the allocated m ports to a forbidden state; the executive manager makes the executive enter into a dormant state;
(3.3.2) if the actual number is equal to j, no processing is done.
5. The method for realizing the rapid cleaning of the upper line of the mimicry executive body as claimed in claim 4, wherein the step (4) is specifically as follows: the executive manager selects 1 executive with the highest credibility from the offline executive alternative pool to operate, strips the executive from the offline executive alternative pool, and adds the executive into the online executive alternative pool; the executive manager allocates m ports for the executive from the multi-path bridge, connects to the executive and sets the allocated m ports to a forbidden state; the executive manager puts the executive into a sleep state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010724900.6A CN111917754A (en) | 2020-07-24 | 2020-07-24 | Method for realizing rapid cleaning and online of mimicry executive body |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010724900.6A CN111917754A (en) | 2020-07-24 | 2020-07-24 | Method for realizing rapid cleaning and online of mimicry executive body |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111917754A true CN111917754A (en) | 2020-11-10 |
Family
ID=73280258
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010724900.6A Pending CN111917754A (en) | 2020-07-24 | 2020-07-24 | Method for realizing rapid cleaning and online of mimicry executive body |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111917754A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113079169A (en) * | 2021-04-13 | 2021-07-06 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Two-stage multi-layer resource scheduling method and system for mimicry defense |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8739283B1 (en) * | 2009-12-07 | 2014-05-27 | Trend Micro, Inc. | Automatic generation of malware clean pattern |
| CN106411937A (en) * | 2016-11-15 | 2017-02-15 | 中国人民解放军信息工程大学 | Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof |
| CN106713262A (en) * | 2016-11-17 | 2017-05-24 | 上海红阵信息科技有限公司 | Heterogeneous execution body dynamic scheduling device based on credibility and scheduling method thereof |
| CN110673951A (en) * | 2019-08-30 | 2020-01-10 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Mimicry scheduling method, system and medium for general operation environment |
| CN111314337A (en) * | 2020-02-11 | 2020-06-19 | 之江实验室 | Mimicry scheduling method based on credibility and credibility coefficient |
-
2020
- 2020-07-24 CN CN202010724900.6A patent/CN111917754A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8739283B1 (en) * | 2009-12-07 | 2014-05-27 | Trend Micro, Inc. | Automatic generation of malware clean pattern |
| CN106411937A (en) * | 2016-11-15 | 2017-02-15 | 中国人民解放军信息工程大学 | Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof |
| CN106713262A (en) * | 2016-11-17 | 2017-05-24 | 上海红阵信息科技有限公司 | Heterogeneous execution body dynamic scheduling device based on credibility and scheduling method thereof |
| CN110673951A (en) * | 2019-08-30 | 2020-01-10 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Mimicry scheduling method, system and medium for general operation environment |
| CN111314337A (en) * | 2020-02-11 | 2020-06-19 | 之江实验室 | Mimicry scheduling method based on credibility and credibility coefficient |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113079169A (en) * | 2021-04-13 | 2021-07-06 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Two-stage multi-layer resource scheduling method and system for mimicry defense |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP3922070B2 (en) | Distributed control method and apparatus | |
| US6920632B2 (en) | Dynamic multilevel task management method and apparatus | |
| CN110888719A (en) | Distributed task scheduling system and method based on web service | |
| CN111240806B (en) | Distributed container mirror image construction scheduling method | |
| US11392414B2 (en) | Cooperation-based node management protocol | |
| CN106020976A (en) | Method and apparatus for offloading out of memory processing process to user space | |
| CN107085542A (en) | IPC communication means and server | |
| CN109491780B (en) | Multi-task scheduling method and device | |
| CN109597378B (en) | Resource-limited hybrid task energy consumption sensing method | |
| CN111314337B (en) | Mimicry scheduling method based on credibility and credibility coefficient | |
| CN111917754A (en) | Method for realizing rapid cleaning and online of mimicry executive body | |
| Xu et al. | Speculative execution for a single job in a mapreduce-like system | |
| Zhang et al. | Energy efficient EDF-VD-based mixed-criticality scheduling with shared resources | |
| CN111208985B (en) | Data processing method, system and storage medium based on producer consumer model | |
| Naghibzadeh | A modified version of rate-monotonic scheduling algorithm and its' efficiency assessment | |
| WO2021139174A1 (en) | Faas distributed computing method and apparatus | |
| CN115996197B (en) | Distributed computing flow simulation system and method with preposed flow congestion | |
| US20140245050A1 (en) | Power management for host with devices assigned to virtual machines | |
| CN111694787A (en) | Chip starting method, network equipment and machine readable storage medium | |
| CN115357395A (en) | Fault equipment task transfer method and system, electronic equipment and storage medium | |
| CN114820218A (en) | Content operation method, device, server and storage medium | |
| Niu et al. | Leakage-aware scheduling for embedded real-time systems with (m, k)-constraints | |
| CN112799809B (en) | Cache coloring-based hybrid critical real-time system for resource sharing and isolation | |
| Xu et al. | Optimization for speculative execution of multiple jobs in a mapreduce-like cluster | |
| JPH09179834A (en) | Scheduling method of parallel system for process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201110 |
|
| RJ01 | Rejection of invention patent application after publication |