CN112866277B - Scheduling method of mimicry service function chain - Google Patents

Scheduling method of mimicry service function chain Download PDF

Info

Publication number
CN112866277B
CN112866277B CN202110144910.7A CN202110144910A CN112866277B CN 112866277 B CN112866277 B CN 112866277B CN 202110144910 A CN202110144910 A CN 202110144910A CN 112866277 B CN112866277 B CN 112866277B
Authority
CN
China
Prior art keywords
sfo
scheduling
execution
heterogeneous
abnormal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110144910.7A
Other languages
Chinese (zh)
Other versions
CN112866277A (en
Inventor
李传煌
唐晶晶
雷睿
王伟明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN202110144910.7A priority Critical patent/CN112866277B/en
Publication of CN112866277A publication Critical patent/CN112866277A/en
Application granted granted Critical
Publication of CN112866277B publication Critical patent/CN112866277B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a scheduling method of a mimicry service function chain, in particular to a scheduling method which ensures the system isomerism and selects an executive body to meet the network requirement. And the scheduling method adjusts the scheduling time to achieve the optimal balance of system expense and safety. Compared with the traditional scheduling method, the scheduling method takes the abnormal executive information, the heterogeneous degree of the executive and the actual load of the system as the scheduling influence factors, so that the scheduling method can be adaptively adjusted according to the network change, and the safety of the system is improved.

Description

Scheduling method of mimicry service function chain
Technical Field
The invention relates to the field of mimicry security defense and service functions, in particular to a scheduling method of a mimicry service function chain.
Background
With the advent and deployment of Software Defined Networking (SDN) technology and Network Function Virtualization (NFV) technology, the deployment of service Function chains has been renewed. Service function chain deployment is carried out based on an SDN/NFV technology, the NFV technology can virtualize common physical equipment, and resource pools can be constructed for various network service functions. SDN technology can dynamically and centrally schedule paths of traffic by separating control and forwarding of network devices, thereby providing customized and flexible interfacing. SFCs are built based on SDN and NFV technologies, SFs being key components of SFCs, and all data flows in the SFC domain must go through a specific SF to complete a specific service function. If the SF is controlled by an attacker, it may result in a crash of the entire SFC domain.
The Mimicry Security Defense (MSD) is a dynamic and random selection of a plurality of hardware variants and software variants that perform corresponding functions under active and passive triggering conditions. Therefore, the system has the characteristics of dynamic property, randomness, redundancy, heterogeneity, non-persistence and the like, no matter an internal attacker or an external attacker can not accurately acquire the operating environment and state information of internal elements of the system, a stable attack chain can not be established according to backdoors and vulnerabilities, and therefore the purpose of improving the safety of the system is achieved.
Attackers can be classified into static attackers (static attackers) and adaptive attackers (adaptive attackers) according to the network attack mode. The probability of success of the static attackers in each attack on any target is the same, and the adaptive attackers have memory capacity and can quickly attack the same or similar targets. Therefore, the method comprises the following steps:
1) the less heterogeneous the mimicry system, the higher the probability that the system will be successfully attacked by an attacker. The greater the heterogeneity of the mimicry system, the lower the probability of successful attack by an attacker, and the higher the security.
2) The probability of an actor being attacked necessarily increases as the time it is exposed to the network increases. Furthermore, as long as an executable is infected, an attacker can maintain continuous control over the executable.
The basic scheduling process of the system is a process of selecting an offline execution entity with a large degree of heterogeneity from a heterogeneous execution entity pool every T _ s by taking a set time interval T _ s as a measure, and offline a previous online execution entity. The timed replacement of online executors can reduce the exposure time of each executor while maintaining system heterogeneity. Therefore, the uncertainty of the system structure information is inevitably improved, and the risk of vulnerability discovery is reduced. Because the system is in a continuously updated state and keeps high heterogeneity all the time, the early effort of adaptive attackers can be eliminated, and some potential bugs and state jumps of backdoors can also be eliminated. And after the infected abnormal execution body is found, the system can directly take the abnormal execution body off line through scheduling, and the purpose of effectively blocking the attacker from continuously controlling the abnormal execution body is achieved.
Disclosure of Invention
The invention aims to provide a scheduling method of a mimicry service function chain aiming at the defects of the prior art, and the method can carry out self-adaptive adjustment according to network change, thereby improving the safety of a system.
The technical scheme adopted by the invention for solving the technical problems is as follows: a scheduling method of a mimicry service function chain comprises the following steps:
(1) selecting an SF execution body set meeting requirements from a heterogeneous SF execution body pool according to the reliability of a mimicry Service Function (SF) execution body; the heterogeneous SF execution pool has l SF execution entities for executing different types of service functions, which specifically includes the following steps:
SF={S1,S2,…,Si,…,Sl}
wherein S isiDenotes a set of SF executors that perform the service function of the ith class.
(2) Time interval T of the passing scheduling cyclesEntering the next scheduling cycle, assuming that the ith service function is needed, setting a set U to represent a set SiA set of all elements of the SF execution block set SFo which do not belong to the previous scheduling cycle;
(3) to pair
Figure BDA0002929860520000021
Calculate the ith executive SF in UiZeta degree of trustworthinessiThe concrete formula is as follows:
Figure BDA0002929860520000022
wherein σiRepresents SFiBase degree of selection, Δ dlRepresents the system load, Δ daThe increment quantity, ξ, representing the total number of abnormal executors relative to the corresponding value of the previous scheduling periodlAn increase threshold, ξ, representing the system loadaA growth threshold, gamma, representing the number of abnormally executed bodiesiRepresents SFiThe degree of isomerism with all elements in the set SFo,
Figure BDA0002929860520000023
represents SFiThe confidence level of the device itself is determined,
Figure BDA0002929860520000024
indicating updated SF according to network traffic changesiThe execution speed influence value of (1);
(4) the scheduler selects a new SF execution body set from the set U according to the credibility value calculated in the step (3);
(5) traversing all SF executives in the new SF executant set obtained in the step (4), combining all sets which meet the ith service function and comprise a plurality of SF executants, and calculating the overall isomerism rho of each combination;
(6) and (5) selecting the combination with the maximum integral isomerism in the step (5) as a new online SF executive body set.
Further, in the step (1) and the step (4), after the executables in the heterogeneous SF executable pool are sorted according to the reliability, the executables with 15% of the reliability are selected to form an SF executable set.
Further, SFiBase degree of selection σ ofiThe calculation formula is as follows:
Figure BDA0002929860520000031
wherein, taubelThe confidence level is represented to affect the weight,
Figure BDA0002929860520000032
represents SFiConfidence of itself, τisoRepresenting the influence weight, τ, of the degree of isomerismvIndicating that the SF execution speed affects the weight,
Figure BDA0002929860520000033
indicating updated SF according to network traffic changesiIs the execution speed influence value ofoRepresenting the isomerous discount factor. n denotes the total number of elements in the set SFo, SFoiAnd SFojRespectively representing the ith and jth elements in the SFo execution volume set. Alpha (SFo)i,SFoj) Represents SFoiAnd SFojThe degree of isomerism of (a).
Further, SFiDegree of isomerism gamma with all elements of the SFo setiThe calculation formula is as follows:
Figure BDA0002929860520000034
wherein, deltaoRepresenting a heterogeneous discount factor, SFojRepresents the jth element in the SFo execution volume set, and n represents the total number of elements in the set SFo.
Further, the overall isomerization p of the combination is calculated as follows:
Figure BDA0002929860520000035
wherein, deltaoRepresenting a heterogeneous discount factor, SFoiAnd SFojRespectively represent the ith and jth elements in the SFo execution body set, and n represents the total number of elements in the set SFo.
Further, the degree of isomerism α (SF)i,SFj) The calculation formula is as follows
Figure BDA0002929860520000036
Wherein lgNumber of heterogeneous factor types, delta, of the g-th heterogeneous element of SF executantgRepresents the weight, delta, of the g-th heterogeneous elementgkWeight, SF, of a class k heterogeneous factor representing a class g heterogeneous elementiAnd SFjRepresenting the ith and jth elements in the SF execution block set. e represents the number of heterogeneous element types that make up the elements in the SF executable set.
Further, the time interval T of the scheduling periodsThe real-time dynamic adjustment specifically comprises the following steps: let r beiTo represent
Figure BDA0002929860520000037
Total number of abnormal SF executors, TsHas a maximum value of ximaxTau represents the number of times of zero execution of abnormal execution body, and the abnormal execution body is accumulated from the condition that the number of abnormal execution bodies is zero at the first time, and once the abnormal execution body is accumulatedAnd (4) immediately setting the tau to zero when the abnormal execution body is not zero, and restarting the tau accumulation when the number of the abnormal execution bodies is zero. The time interval scheduling time update function of the scheduling period is as follows:
Figure BDA0002929860520000038
where δ is a constant greater than zero, depending on the particular network conditions,
Figure BDA0002929860520000039
indicates the time interval from the (i-1) th scheduling to the ith scheduling, ξnIndicating the existence of abnormal SF executive threshold, if the number of abnormal SF executive is more than xinThe current system is considered to need to improve the system security by reducing the scheduling time to reduce the number of abnormal execution bodies. If the number of abnormal SF executors is less than or equal to xinIt is considered that the number of abnormally executed bodies can be reduced only by internal adjustment of the scheduling algorithm itself.
The invention has the beneficial effects that: compared with the traditional scheduling method, the method takes the abnormal executive information, the heterogeneous degree of the executive and the actual load capacity of the system as the scheduling influence factors, so that the scheduling method can be adaptively adjusted according to the network change, and the safety of the system is improved.
Drawings
Fig. 1 is a flowchart of a scheduling method in a scheduling period.
Detailed Description
In order to make the scheduling method of the present application clearer, the following will clearly and completely describe the technical solution of the present application with reference to the accompanying drawings and the specific embodiments of the present application:
as shown in fig. 1, the present invention provides a scheduling method of a mimicry service function chain, which includes the following steps:
(1) sorting executives in a heterogeneous SF executable pool according to the reliability of a mimicry Service Function (SF) executable, and selecting the executives with the top 15% of the reliability from the heterogeneous SF executable pool as an SF executable set meeting the requirement; the heterogeneous SF execution pool has l SF execution entities for executing different types of service functions, which specifically includes the following steps:
SF={S1,S2,…,Si,…,Sl}
wherein S isiDenotes a set of SF executors that perform the service function of the ith class.
(2) Time interval T passing scheduling cyclesEntering the next scheduling cycle, assuming that the ith service function is needed, setting a set U to represent a set SiA set of all elements of the SF execution block set SFo which do not belong to the previous scheduling cycle;
time interval T of the scheduling cyclesThe real-time dynamic adjustment specifically comprises the following steps: let r beiTo represent
Figure BDA0002929860520000041
Total number of abnormal SF executors, TsHas a maximum value of ximaxThe tau represents the number of times that the number of the abnormal execution bodies is zero, accumulation is started from the condition that the number of the abnormal execution bodies is zero at the first time, the tau is set to be zero once the abnormal execution bodies are not zero, and the tau is restarted when the number of the abnormal execution bodies is zero. The time interval of the scheduling period schedules the time update function as follows:
Figure BDA0002929860520000042
where δ is a constant greater than zero, depending on the particular network conditions,
Figure BDA0002929860520000043
indicates the time interval from the (i-1) th scheduling to the ith scheduling, ξnIndicating the existence of abnormal SF execution body threshold value, if the number of the abnormal SF execution bodies is more than xinThe current system is considered to need to increase the system security by reducing the scheduling time to reduce the number of abnormal execution bodies. If different, theThe number of constant SF executives is less than or equal to xinIt is considered that the number of abnormally executed bodies can be reduced only by internal adjustment of the scheduling algorithm itself.
(3) To pair
Figure BDA0002929860520000051
Calculate the ith executive SF in UiReliability of (S) (. zeta.)iThe concrete formula is as follows:
Figure BDA0002929860520000052
wherein σiRepresents SFiBase degree of selection, Δ dlRepresents the system load, Δ daAn increment, ξ, representing the total number of anomalous executables relative to the value corresponding to the previous scheduling cyclelAn increase threshold, ξ, representing the system loadaA growth threshold, γ, representing the number of abnormally executed entitiesiRepresents SFiThe degree of isomerism with all elements in the set SFo,
Figure BDA0002929860520000053
represents SFiThe confidence level of the device itself is determined,
Figure BDA0002929860520000054
indicating updated SF according to network traffic changesiThe execution speed influence value of (1);
SFibase degree of selection σ ofiThe calculation formula is as follows:
Figure BDA0002929860520000055
wherein, taubelThe confidence level is represented to affect the weight,
Figure BDA0002929860520000056
represents SFiConfidence of itself, τisoRepresenting the influence weight, τ, of the degree of isomerismvIndicating the execution speed of the SF executiveThe degree affects the weight value and, therefore,
Figure BDA0002929860520000057
indicating updated SF according to network traffic changesiIs the execution speed influence value ofoRepresenting the isomerous discount factor. n denotes the total number of elements in the set SFo, SFoiAnd SFojRespectively representing the ith and jth elements in the SFo execution volume set. Alpha (SFo)i,SFoj) Represents SFoiAnd SFojThe degree of isomerism of (a).
Degree of isomerism alpha (SF)i,SFj) The calculation formula is as follows
Figure BDA0002929860520000058
Wherein lgNumber of heterogeneous factor types, delta, of the g-th heterogeneous element of SF executantgRepresents the weight, delta, of the g-th heterogeneous elementgkWeight, SF, of the kth heterogeneous factor representing the g-th heterogeneous elementiAnd SFjRepresenting the ith and jth elements in the SF execution block set. e represents the number of heterogeneous element types, such as various hardware, operating systems, software, etc., that make up the elements in the SF execution set.
SFiDegree of isomerism γ with all elements of the set SFoiThe calculation formula is as follows:
Figure BDA0002929860520000059
wherein, deltaoRepresenting a heterogeneous discount factor, SFojRepresents the jth element in the SFo execution volume set, and n represents the total number of elements in the set SFo.
The overall isomerization p of the combination is calculated as follows:
Figure BDA0002929860520000061
wherein, deltaoA discount factor for the degree of isomerism is indicated,
Figure BDA0002929860520000062
and
Figure BDA0002929860520000063
respectively represent the ith and jth elements in the SFo execution body set, and n represents the total number of elements in the set SFo.
(4) After sequencing the executors in the set U according to the credibility value calculated in the step (3), selecting the executors with the 15% of credibility from the set U as a new SF executor set by the scheduler;
(5) traversing all SF executives in the new SF executant set obtained in the step (4), combining all sets which meet the ith service function and comprise a plurality of SF executants, and calculating the overall isomerism rho of each combination;
(6) and (4) selecting the combination with the maximum overall isomerism in the step (5) as a new online SF execution body set. The invention takes the abnormal executive body information, the isomerism degree of the executive body and the actual load capacity of the system as the scheduling influence factors, so that the scheduling method can carry out self-adaptive adjustment according to the network change, thereby improving the safety of the system, and the specific explanation is as follows:
suppose the system spends W resources per schedulesIf the scheduling time interval is Ts. The total scheduling cost of the system versus the system runtime t is then as follows:
Figure BDA0002929860520000064
assume that the attack strengths of the attackers are as follows:
ATT={att1,att2,…,atti},i→+∞
the period from the (i-1) th scheduling to the ith scheduling is called the ith scheduling period. Then, attiRepresenting the actual attack strength of the attacker in the ith scheduling period.Considering that the probability of system crash in each scheduling period must be taken into account along with the scheduling time TsWill become larger and the magnitude of the increase will become slower with increasing time, so the present application describes the scheduling time interval T in the ith scheduling period using the following functionsActual attack Strength att of the AttackeriAnd the system crash probability:
Figure BDA0002929860520000065
wherein λ is a constant greater than zero, determined by the specific network conditions. Setting scheduling time
Figure BDA0002929860520000066
Setting h e N*(positive integer). If atti> 1, then from the very beginning of the system
Figure BDA0002929860520000067
Within the time, if the scheduling time is set as
Figure BDA0002929860520000068
The probability of crash of the system is then as follows:
Figure BDA0002929860520000069
if the scheduling time is set to
Figure BDA0002929860520000071
The crash probability of the system is as follows
Figure BDA0002929860520000072
Because h is more than 1, the syndrome can be proved by combining with the popularization form of the Cauchi inequality
Figure BDA0002929860520000073
Because of the scheduling time
Figure BDA0002929860520000074
Is necessarily greater than zero, so can be obtained
Figure BDA0002929860520000075
And due to atti> 1, and therefore have
Figure BDA0002929860520000076
From a combination of the above analyses, when atti> 1, must have
Figure BDA0002929860520000077
If 0 < atti< 1, then from the very beginning of the system
Figure BDA0002929860520000078
Within the time, if the scheduling time is set as
Figure BDA0002929860520000079
The probability of crash of the system is then as follows:
Figure BDA00029298605200000710
if the scheduling time is set to
Figure BDA00029298605200000711
The probability of crash of the system is then as follows:
Figure BDA0002929860520000081
it is apparent that when 0 < attiLess than 1, there must be
Figure BDA0002929860520000082
It can be seen that when the system running time is t, the average collapse probability of the system between the beginning and the latest ending scheduling period is as follows:
Figure BDA0002929860520000083
therefore, it can be found that for the same period of system running time T, if T is usedsSet to a larger value, the average crash probability of the system is higher but the overall scheduling cost is lower; if it is set to a smaller value, the average probability of crash of the system is lower but the overall scheduling cost is higher. Since the attack strength of an attacker varies, if the setting T is adoptedsThe constant value method cannot guarantee that the average crash probability and the total scheduling cost of the system are always at a better balance point. The method dynamically adjusts T according to the number of abnormal SF executorssThe method can ensure that the system spends less scheduling cost as much as possible while keeping certain safety.
The following set is set:
So={so1,so2,…,son}
wherein, soiThe set of on-line SF executors representing the ith scheduling cycle. The safety of the system in each scheduling period and the isomerous degree alpha (so) between the SF execution body sets of the two scheduling periods before and after the system in each scheduling periodi,soi-1) And the overall isomerism beta (so) of the selected set of SF executorsi) And (4) positively correlating. Therefore, if only the above two factors are considered in scheduling, the security of the system will be expressed as follows:
ρ1=δ1(α(soi,soi-1)+β(soi))
wherein, delta1Is a constant determined by the specific network conditions. The scheduling scheme provided by the application adds SF executive confidence B on the basis of the factorseValue of system load LoAnd (4) properly adjusting the scheduling selection strategy. The safety is expressed as follows:
ρ2=δ2τ(ρ1+Be+Lo)
wherein, delta2Is a constant, determined by the specific network conditions, and τ represents the abnormal SF executable growth value. Therefore, the scheduling scheme can remarkably improve the safety of the system.
The above-described embodiments are intended to illustrate rather than to limit the invention, and any modifications and variations of the present invention are within the spirit of the invention and the scope of the appended claims.

Claims (7)

1. A scheduling method of a mimicry service function chain is characterized by comprising the following steps:
(1) selecting an SF execution body set meeting the requirement from a heterogeneous SF execution body pool according to the reliability of the mimicry service function execution body; the heterogeneous SF execution entity pool comprises l SF execution entities for executing different types of service functions, and the specific steps are as follows:
SF={S1,S2,…,Si,…,Sl}
wherein S isiA set of SF executors representing the execution of class i service functions;
(2) time interval T passing scheduling cyclesEntering the next scheduling cycle, assuming that the ith service function is needed, setting a set U to represent a set SiA set of all elements of the SF execution block set SFo which do not belong to the previous scheduling cycle;
(3) for is to
Figure FDA0003584374780000011
Calculate the ith executive SF in UiZeta degree of trustworthinessiThe concrete formula is as follows:
Figure FDA0003584374780000012
wherein σiRepresents SFiBase degree of selection, Δ dlRepresents the system load, Δ daAn increment, ξ, representing the total number of anomalous executables relative to the value corresponding to the previous scheduling cyclelAn increase threshold, ξ, representing the system loadaA growth threshold, gamma, representing the number of abnormally executed bodiesiRepresents SFiThe degree of isomerism with all elements in the set SFo,
Figure FDA0003584374780000013
represents SFiThe confidence level of the device itself is determined,
Figure FDA0003584374780000014
indicating updated SF according to network traffic changesiThe execution speed influence value of (1);
(4) the scheduler selects a new SF execution body set from the set U according to the credibility value calculated in the step (3);
(5) traversing all SF executives in the new SF executant set obtained in the step (4), combining all sets which meet the ith service function and comprise a plurality of SF executants, and calculating the overall isomerism rho of each combination;
(6) and (4) selecting the combination with the maximum overall isomerism in the step (5) as a new online SF execution body set.
2. The method of claim 1, wherein in steps (1) and (4), after the executables in the heterogeneous SF executable pool are sorted according to the reliability, the executables with the top 15% reliability are selected to form an SF executable set.
3. Scheduling of a mimicry service function chain according to claim 1Method characterized by SFiBase degree of selection σ ofiThe calculation formula is as follows:
Figure FDA0003584374780000015
wherein, taubelThe confidence level is represented to affect the weight,
Figure FDA0003584374780000016
represents SFiConfidence of itself, τisoRepresenting the influence weight, τ, of the degree of isomerismvIndicating that the SF execution speed affects the weight,
Figure FDA0003584374780000017
indicating updated SF according to network traffic changesiIs performed at a speed influence value of δoRepresenting a heterogeneity discount factor; n denotes the total number of elements in the set SFo, SFoiAnd SFojRespectively representing the ith and jth elements in the SFo execution body set; alpha (SFo)i,SFoj) Represents SFoiAnd SFojThe degree of isomerism of (a).
4. The method of claim 3, wherein SF is configured to perform scheduling of service function chainsiDegree of isomerism gamma with all elements of the SFo setiThe calculation formula is as follows:
Figure FDA0003584374780000021
wherein, deltaoRepresenting a heterogeneous discount factor, SFojRepresents the jth element in the SFo execution volume set, and n represents the total number of elements in the set SFo.
5. The method according to claim 3, wherein the overall isomerous degree p of the combination is calculated as follows:
Figure FDA0003584374780000022
wherein, deltaoRepresenting a heterogeneous discount factor, SFoiAnd SFojRespectively represent the ith and jth elements in the SFo execution body set, and n represents the total number of elements in the set SFo.
6. Method for scheduling a mimicry service function chain according to any of claims 3-5, wherein the isomerism degree α (SF)i,SFj) The calculation formula is as follows
Figure FDA0003584374780000023
Wherein lgNumber of heterogeneous factor types, delta, of the g-th heterogeneous element of SF executantgRepresents the weight, delta, of the g-th heterogeneous elementgkWeight, SF, of the kth heterogeneous factor representing the g-th heterogeneous elementiAnd SFjThe ith and jth elements in the SF execution body set are represented, and e represents the number of heterogeneous element types forming the elements in the SF execution body set.
7. The method of claim 1, wherein the scheduling period is TsThe real-time dynamic adjustment specifically comprises the following steps: let r beiRepresent
Figure FDA0003584374780000026
Total number of abnormal SF executors, TsHas a maximum value of ximaxTau represents the number of times that the number of abnormal executives is zero, the sum is started from the condition that the number of the abnormal executives is zero at the first time, the tau is set to zero immediately once the abnormal executives are not zero, and the tau is restarted when the number of the abnormal executives is zeroAccumulating; the time interval scheduling time update function of the scheduling period is as follows:
Figure FDA0003584374780000024
where δ is a constant greater than zero, depending on the particular network conditions,
Figure FDA0003584374780000025
indicates the time interval from the (i-1) th scheduling to the ith scheduling, ξnIndicating the existence of abnormal SF execution body threshold value, if the number of the abnormal SF execution bodies is more than xinThe current system is considered to need to improve the system safety by reducing the scheduling time so as to reduce the number of abnormal execution bodies; if the number of abnormal SF executors is less than or equal to xinIt is considered that the number of abnormally executed bodies can be reduced only by internal adjustment of the scheduling algorithm itself.
CN202110144910.7A 2021-02-02 2021-02-02 Scheduling method of mimicry service function chain Active CN112866277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110144910.7A CN112866277B (en) 2021-02-02 2021-02-02 Scheduling method of mimicry service function chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110144910.7A CN112866277B (en) 2021-02-02 2021-02-02 Scheduling method of mimicry service function chain

Publications (2)

Publication Number Publication Date
CN112866277A CN112866277A (en) 2021-05-28
CN112866277B true CN112866277B (en) 2022-06-17

Family

ID=75986390

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110144910.7A Active CN112866277B (en) 2021-02-02 2021-02-02 Scheduling method of mimicry service function chain

Country Status (1)

Country Link
CN (1) CN112866277B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114257519B (en) * 2021-11-02 2023-05-16 中国人民解放军战略支援部队信息工程大学 Method and device for evaluating isomerism degree of multifunctional equivalent executor system
CN114884751B (en) * 2022-07-07 2022-10-18 国网江苏省电力有限公司信息通信分公司 Scheduling opportunity and scheduling quantity dynamic adjustment method of endogenous security system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180225139A1 (en) * 2015-08-03 2018-08-09 Nokia Solutions And Networks Oy Load and software configuration control among composite service function chains
CN109525418B (en) * 2018-10-11 2021-10-08 浙江工商大学 Scheduling method for guaranteeing service deployment executor set heterogeneity under mimicry defense

Also Published As

Publication number Publication date
CN112866277A (en) 2021-05-28

Similar Documents

Publication Publication Date Title
CN112866277B (en) Scheduling method of mimicry service function chain
US10715448B2 (en) System and/or method for predictive resource management in file transfer servers
US8621480B2 (en) Load balancer with starvation avoidance
CN109617826B (en) Storm dynamic load balancing method based on cuckoo search
CN109413024B (en) Reverse data verification method and system for multi-mode judgment result of heterogeneous functional equivalent
CN110611672B (en) Network space safety protection method, server equipment, node equipment and system
CN109818951A (en) A kind of function equivalence executes body credibility evaluation method and device
CN111866101A (en) Access request processing method and device, storage medium and electronic equipment
Son Covert timing channel analysis of rate monotonic real-time scheduling algorithm in mls systems
CN114448711A (en) Mimicry defense system
Lehoczky et al. Scheduling periodic and aperiodic tasks using the slack stealing algorithm
CN111782378B (en) Adaptive processing performance adjustment method, server and readable storage medium
CN113254190B (en) Load capacity based dynamic flow scheduling method, system and computer storage medium
CN109862016B (en) Countermeasure method for cloud computing automatic expansion Yo-Yo attack
Zhang et al. Scheduling algorithm based on heterogeneity and confidence for mimic defense
CN117076042A (en) Workload scheduling method, apparatus, device, storage medium and program product
Yoshimoto et al. Optimal arbitration of control tasks by job skipping in cyber-physical systems
CN113904937B (en) Service function chain migration method and device, electronic equipment and storage medium
CN109271295A (en) A kind of abnormal operation prediction technique under cloud cluster environment
CN110034946A (en) Adaptive service degradation method and apparatus
Huo et al. First passage risk probability optimality for continuous time Markov decision processes
CN110380987A (en) The method and device of the request serviced is called in a kind of processing
CN114884751B (en) Scheduling opportunity and scheduling quantity dynamic adjustment method of endogenous security system
Mantel et al. Information-theoretic modeling and analysis of interrupt-related covert channels
CN112308354A (en) System overload control method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant