CN115292718A - Scheduling method and device of executive body and electronic equipment - Google Patents

Scheduling method and device of executive body and electronic equipment Download PDF

Info

Publication number
CN115292718A
CN115292718A CN202210982569.7A CN202210982569A CN115292718A CN 115292718 A CN115292718 A CN 115292718A CN 202210982569 A CN202210982569 A CN 202210982569A CN 115292718 A CN115292718 A CN 115292718A
Authority
CN
China
Prior art keywords
similarity
executive
index
current
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210982569.7A
Other languages
Chinese (zh)
Inventor
席泽生
张波
何川
缪巍巍
曾锃
张瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Smart Grid Research Institute Co ltd
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
State Grid Smart Grid Research Institute Co ltd
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Smart Grid Research Institute Co ltd, State Grid Corp of China SGCC, State Grid Jiangsu Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd filed Critical State Grid Smart Grid Research Institute Co ltd
Priority to CN202210982569.7A priority Critical patent/CN115292718A/en
Publication of CN115292718A publication Critical patent/CN115292718A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a scheduling method and a scheduling device of an executive body and electronic equipment, wherein the method comprises the following steps: generating a similarity index of each executive body based on the similarity of each executive body relative to other executive bodies; based on the voting difference condition of each executive relative to the executive set in a preset time period, calculating the historical work performance index of each executive; correspondingly fusing the similarity index and the historical working performance index of each executive body to obtain a comprehensive evaluation index of each executive body; and extracting a preset number of target executives from each executor based on the comprehensive evaluation index of each executor. The technical scheme provided by the invention reduces the possibility of successful attack of the system.

Description

Scheduling method and device of executive body and electronic equipment
Technical Field
The invention relates to the technical field of endogenous security, in particular to a scheduling method and device of an executive body and electronic equipment.
Background
With the rapid development of information technology, society gradually enters the age of ' everything interconnection ', and networks become an indispensable important part of people's daily life. More and more intelligent terminals have access requirements, and higher requirements are put forward for safe and stable operation of a network. However, the traditional network defense technology can only exert the effectiveness based on prior knowledge, and the software and hardware bugs have unavailability, so that the positions of attackers and defenders are unequal, and the network attack and defense are in a situation of easy attack and difficulty for a long time. The network attack mimicry defense technology changes the condition of inequality and realizes active defense on unknown vulnerabilities and backdoor threats.
The mimicry defense is a revolutionary defense technical system with inclusivity, openness and initiative. The mimicry defense no longer pursues to establish a loopless, backdoor-free, defect-free and perfect defense system to resist the network space security threat, but adopts various and constantly-changing evaluation and deployment mechanisms and strategies to construct a dynamic, heterogeneous, redundant and uncertain system architecture, forms the dilemmas of 'difficult detection, difficult penetration, difficult attack excitation, difficult attack achievement utilization' and the like, and breaks through the static property, the certainty and the similarity of the network architecture formed by the attack chain. Generally speaking, the mimicry defense technology is implemented by deploying an execution body set, wherein the execution body set comprises a plurality of execution bodies, each execution body comprises different types of modules, each module comprises a plurality of component types, for example, each execution body is divided according to functions, and the modules comprise a processor, an operating system, application software, a protocol stack and the like. Taking a processor as an example, the type of components included in the processor is x86, GPU, FPGA, ARM, etc., and assuming that the component used by the processor of one execution body is x86CPU and the component used by the processor of the other execution body is ARM core, it is considered that the processor modules of the two execution bodies are different, and the other modules are the same. When the system operates, all the executors receive the input of a user, the back end votes the output of each executor, whether the output of the user is responded is determined according to the voting result, if a certain executor suffers from network attack and the output is abnormal, the bidding voting result of each executor is inconsistent, and the back end refuses the response. Since there is a difference between the same modules in different executives, a hacker needs to penetrate all executives to attack successfully, and the mimicry defense also replaces the executives in the executor set at a preset period or when a certain executor is broken, so that the cost for the hacker to penetrate the executives is significantly increased.
Because of functional equivalence, all the heterogeneous executors cannot be completely different, and the difference between the heterogeneous executors is also divided by the size, so that the possibility of bugs or defect intersections existing among several equivalent bodies with large similarity is high, for example, x86 CPUs and some GPUs have some common parts. Because the existing mimicry decision strategy mainly decides the majority of consistency, if the generated scheduling strategy selects a functional equivalent execution entity set with relatively high similarity, an attacker can use the possibly existing bug defect intersections to attack to obtain majority of consistent error results, and further obtain erroneous output through arbitration.
There are some limitations to the current research on scheduling executive sets. The existing research has insufficient partition granularity of the execution unit, which causes the execution units to have low heterogeneity and high similarity, thereby increasing the possibility of successful attack of the system.
Disclosure of Invention
In view of this, embodiments of the present invention provide a scheduling method and apparatus for an executable, and an electronic device, so as to reduce the possibility of success of system attack.
According to a first aspect, an embodiment of the present invention provides a scheduling method for an executable, where the method includes: generating a similarity index of each executive body based on the similarity of each executive body relative to other executive bodies; based on the voting difference condition of each executive relative to the executive set in a preset time period, calculating the historical work performance index of each executive; correspondingly fusing the similarity index and the historical working performance index of each executive body to obtain a comprehensive evaluation index of each executive body; and extracting a preset number of target executives from each executor based on the comprehensive evaluation index of each executor.
Optionally, the generating a similarity index of each executable based on the similarity of each executable with respect to other executors includes: traversing and calculating the similarity between the current executive body and the same modules of other executive bodies to obtain a plurality of module similarity values of the current executive body; and calculating the square sum of the similarity values of the modules to obtain the similarity index of the current executive body.
Optionally, the traversing calculates similarity between the current executable and the same module of each other executable, and obtains a plurality of module similarity values of the current executable, including: aiming at a current module which is the same as a current module in a certain other execution body in the current execution body, acquiring a first module type of the current module in the current execution body, and acquiring a second module type of the current module in the certain other execution body; and determining the similarity between the current module in the current execution body and the current module in the certain other execution body according to the similarity between the first component type and the second component type.
Optionally, if the current module is a processor or an operating system, the step of calculating the similarity between the first component type and the second component type includes: acquiring respective vulnerabilities of a first component type and a second component type, and acquiring a common vulnerability of the first component type and the second component type; calculating an overall vulnerability index based on respective vulnerabilities of the first component type and the second component type, and calculating a common vulnerability index based on the common vulnerabilities; and taking the ratio of the common vulnerability indicator to the whole vulnerability indicator as the similarity between the first component type and the second component type.
Optionally, the calculating the historical performance index of each executive based on the voting difference situation of each executive relative to the set of executives within the preset time period includes: counting the difference times of the output of the current executive body and the voting output of the executive body set in the preset time period; obtaining the latest time when the output of the current executive body is different from the voting output of the voting of the executive body set; calculating the historical performance indicator of the current executive based on the recent time and the number of differences.
Optionally, said calculating said historical performance indicator for a current executable based on said recent time and said number of discrepancies comprises: normalizing and negating the length of the latest time to obtain a time index of the current executive body; and calculating the product of the time index and the difference times to obtain the historical work performance index of the current executive body.
Optionally, correspondingly fusing the similarity index and the historical performance index of each executable, including: and performing weighted fusion on the similarity index and the historical working performance index of the current executive body according to a preset weight to obtain the comprehensive evaluation index of the current executive body.
Optionally, the extracting a preset number of target executives from each executor based on the comprehensive evaluation index of each executor includes: sequencing the execution bodies according to the sequence of the comprehensive evaluation indexes from small to large to obtain an execution body sequence; and extracting the former preset number of executors from the execution body sequence as the target execution body.
According to a second aspect, an embodiment of the present invention provides an apparatus for scheduling an executable, where the apparatus includes: the similarity calculation module is used for generating a similarity index of each executive body based on the similarity of each executive body relative to other executive bodies; the work performance evaluation module is used for calculating historical work performance indexes of all executives based on voting difference conditions of all executives relative to the executant set in a preset time period; the index fusion module is used for correspondingly fusing the similarity index and the historical working performance index of each executive body to obtain a comprehensive evaluation index of each executive body; and the executive scheduling module is used for extracting a preset number of target executives from each executive based on the comprehensive evaluation index of each executive.
According to a third aspect, embodiments of the present invention provide an electronic device, comprising: a memory and a processor, the memory and the processor being communicatively coupled to each other, the memory having stored therein computer instructions, and the processor performing the method of the first aspect, or any one of the optional embodiments of the first aspect, by executing the computer instructions.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores computer instructions for causing a computer to thereby perform the method of the first aspect, or any one of the optional implementation manners of the first aspect.
The technical scheme provided by the application has the following advantages:
according to the technical scheme, a similarity index is created for each executive body through the similarity of each executive body relative to other executive bodies, and the historical work performance index of each executive body is calculated based on the voting difference situation of each executive body relative to an executive body set in a preset time period. And then fusing the two indexes of each executive body to generate a comprehensive evaluation index. Therefore, whether each executive body has greater similarity relative to other executive bodies and whether the similarity is inconsistent with the voting condition of the majority of executive bodies is comprehensively represented, and the excellence of each executive body is further judged. And finally, selecting a plurality of executors with smaller similarity and voting difference as target executors according to the magnitude of the comprehensive evaluation indexes of the executors, and forming a new executer set by using the target executors, thereby reducing the possibility that the executer set is broken by hackers.
In addition, in one embodiment, the similarity index of each executive body calculates the similarity of each module according to the component similarity of the same module of the current executive body and other executive bodies, and then the similarity indexes of the current executive body are obtained through fusion calculation of the similarity of each module, so that the reliability of the similarity indexes is improved. The historical work performance index of each executive body is the difference frequency of the current executive body which is in disagreement with the voting table of the executive body set, the latest time of the current executive body which has the difference in recent voting is counted, the historical work performance index of the current executive body is obtained by combining the latest time and the difference frequency, and the reliability of the historical work performance index is also improved.
Drawings
The features and advantages of the present invention will be more clearly understood by reference to the accompanying drawings, which are illustrative and not to be construed as limiting the invention in any way, and in which:
FIG. 1 is a schematic diagram illustrating steps of a scheduling method for an executable according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a scheduling method of an executable according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a scheduling apparatus of an executor according to an embodiment of the present invention;
fig. 4 shows a schematic structural diagram of an electronic device in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
Referring to fig. 1, in an embodiment, a method for scheduling an executable includes the following steps:
step S101: and generating a similarity index of each executive body based on the similarity of each executive body relative to other executive bodies.
Step S102: and calculating the historical working performance index of each executive body based on the voting difference condition of each executive body relative to the executive body set in the preset time period.
Step S103: and correspondingly fusing the similarity index and the historical working performance index of each executive body to obtain the comprehensive evaluation index of each executive body.
Step S104: and extracting a preset number of target executives from each executor based on the comprehensive evaluation index of each executor.
Specifically, in the present embodiment, a similarity index is first created for each executable according to the similarity of each executable with respect to other executors, so as to quantify the similarity of each executable with respect to all other heterogeneous executors. And then, obtaining the voting difference condition of each executive relative to the executive set in a preset time period (namely whether the output of each executive is consistent with the output after voting of the original executive set), and creating a historical work performance index of each executive for quantifying the self-trust degree according to the difference condition. And then fusing the two indexes of each executive body to generate a comprehensive evaluation index of each executive body. Therefore, whether each executive body has greater similarity relative to other executive bodies and whether the voting condition of the executive bodies is inconsistent with the voting condition of the majority of executive bodies is comprehensively characterized, and the excellence of each executive body is further judged. And finally, selecting a plurality of executors with smaller similarity and voting difference as target executors according to the magnitude of the comprehensive evaluation indexes of the executors, and forming a new executer set by using the target executors, thereby reducing the possibility that the executer set is broken by hackers.
Specifically, in an embodiment, the step S101 specifically includes the following steps:
the method comprises the following steps: and traversing and calculating the similarity between the current executive body and the same module of each other executive body to obtain a plurality of module similarity values of the current executive body.
Step two: and calculating the square sum of the similarity values of the modules to obtain the similarity index of the current executive body.
Specifically, in this embodiment, the similarity between each execution body and each other execution body is calculated from the perspective of the module, and the division granularity of the similarity index is further refined. For example: each executive body comprises five modules of a programming language, a transmission protocol, a processor, an operating system and a compiling mode. Assume that there is a first executable, a second executable, and a third executable at present. For a first execution body, calculating the similarity between a programming language module of the first execution body and a programming language module of a second execution body, and then respectively calculating the similarities of four same modules of a transmission protocol, a processor, an operating system and a compiling mode to obtain 5 module similarity values of the first execution body relative to the second execution body, wherein the module similarity values are used for dividing the similarity between the execution bodies into module dimensions, and the calculation similarity between the first execution body and a third execution body is the same, so that the first execution body obtains 10 module similarity values in total. And then, calculating the square of the similarity value of each module of the first executive body, and summing the 10 squares to obtain the similarity index after the quantization of the first executive body. This is by way of example only and not by way of limitation.
Specifically, in an embodiment, the step one specifically includes the following steps:
step three: and aiming at a current module in the current execution body which is the same as that in some other execution body, acquiring a first component type of the current module in the current execution body, and acquiring a second component type of the current module in some other execution body.
Step four: and determining the similarity between the current module in the current execution body and the current module in some other execution body according to the similarity between the first component type and the second component type.
Specifically, in this embodiment, similarity calculation between the same modules of different executives is performed based on the similarity of the components, so that the accuracy of calculating the similarity of the modules is improved by using a more matched component similarity calculation mode for different functional modules. In this embodiment, if the module for calculating the similarity is a programming language, the similarity of the programming language set can be generated according to the experience of the current expert system. If the module for calculating the similarity is a transmission protocol, the similarity between the transmission protocols is calculated through symbol similarity measurement and characteristic extraction of transmission stream data information. If the module for calculating the similarity is a compiling mode, considering that the compiling mode is related to the programming language, combining the similarity of the programming language and quantizing the similarity between the compiling modes through the similarity of the functions.
In this embodiment, if two modules for calculating similarity belong to a processor or an operating system, and for respective component types of the two modules, first obtaining respective vulnerabilities of a first component type and a second component type, and obtaining a common vulnerability of the first component type and the second component type; then calculating an overall vulnerability index based on respective vulnerabilities of the first component type and the second component type, and calculating a common vulnerability index based on the common vulnerabilities; and finally, taking the ratio of the common vulnerability index to the whole vulnerability index as the similarity between the first component type and the second component type. The specific process is referred to the following formula:
Figure BDA0003800811650000081
assuming that the module for calculating the similarity between the first executable and the second executable is a processor, the components used are components i and j, respectively, where d is in And d jn Respectively representing the vulnerability scores, d, contained in Components i and j ijn A score representing the common vulnerabilities that components i and j contain. num i Representing the number of vulnerabilities contained in component i. num j Representing the number of vulnerabilities contained in component j. num ij Representing the number of common bugs contained in the component i and the component j, and the bug information participating in the calculationCan be extracted from the general leak library used in the prior art. Through the formula, the similarity between the processors or the operating systems of the two executors is calculated, compared with the mode of directly comparing a hardware architecture, a hardware circuit and hardware in the prior art, the mode of calculating the similarity between the processors and the operating systems in the step is more suitable for the field of mimicry defense, and the similarity calculation accuracy is improved. Wherein, if the bugs contained in the components i and j are identical, c is ij =1, completely different, then c ij =0。
Specifically, in an embodiment, in order to increase the calculation speed when executing the scheduling of the entity, the specific principle described in the step one to the step four is implemented in the following specific manner:
measuring the similarity between the components, firstly dividing the executive into a plurality of modules according to functions, such as: the system is divided into five modules, namely a programming language, a transmission protocol, a processor, an operating system and a compiling mode, and each module can be composed of different types of components, which is only used as an example and is not limited thereto. Defining a feature vector beta of an executable i :β i =[β 1 i β 2 i β 3 i β 4 i β 5 i ]。β i The specific component types of the respective modules constituting the execution body i are represented, and the values thereof represent the numbers of the components only. Then, a similarity matrix C of the ith module is defined l
Figure BDA0003800811650000091
Each element in the matrix
Figure BDA0003800811650000092
Representing the similarity between the component type i and the component type j of the ith module, wherein j is not more than n, n represents the number of the component types contained in the current module, the similarity between each component and the self type is 1 and represents complete similarity, C l Is a symmetric matrix. In this embodiment, a total of 5 modules are included, and the value range of l is [1,5 ]]To sum up5 similarity matrices are given.
Assuming that the programming language module is the 1 st module and contains n =4 component types, the similarity analysis of the 4 components through the above steps constitutes the similarity matrix C of the programming language module 1 In which C is 1 Each value in (a) represents the degree of similarity of a programming language across the set, as shown in the table below.
TABLE 1 similarity results between Components in a Programming language Module
Figure BDA0003800811650000093
Similarity matrix C created from Table 1 1 The following were used:
Figure BDA0003800811650000094
each module of each executive considers that a component type is used, and assuming that two executors 1 and 2 exist, the programming language module of the executor 1 may be Java language, the programming language module of the executor 2 may be Python language, the similarity between the components of the Python language and the Java language is 0.6, the similarity between the programming language module of the executor 1 and the programming language module of the executor 2 is 0.6, and other transmission protocols, processors, operating systems and compiling mode modules are the same. If the executor 1 is divided into 5 modules according to this embodiment, the programming language may use Java, the transport protocol may use UDP, the processor x86CPU, the operating system Windows, and the compiling method may use just-in-time compiling, and the executor 1= { Java, UDP, x86CPU, windows, just-in-time compiling }.
Process for generating similarity matrix of other modules, and similarity matrix C of programming language module 1 The same process is not described herein again. The similarity matrix of each module is created in advance, that is, the similarity between different components of the same module is calculated in advance, and the purpose is to further improve the efficiency of subsequently calculating the similarity index of each executable.
Then, based on the similarity matrix of each module, a similarity matrix H of each executive body is created k . The elements in the executable similarity matrix are module similarity values used for characterizing one executable relative to other executors between the same modules.
Figure BDA0003800811650000101
Element h in the matrix al k Indicating a module similarity value between component types of the functionally identical ith modules in the two executables for executables k compared to executables a. First, pass through the feature vectors β of the execution block k and the execution block a k And beta a . The number of the components of the first module of executables k and a can be found to be
Figure BDA0003800811650000102
And
Figure BDA0003800811650000103
then directly according to the corresponding number from the similarity matrix C of the l-th module l Querying the corresponding component similarity, filling in H k That h can be obtained accurately and rapidly al k The value of (c). Namely, it is
Figure BDA0003800811650000104
When i = k, h ij k =1。
For example: the execution body 1 feature vector may be represented as beta 1 =[23113] T The execution volume 2 feature vector may be expressed as β 2 =[32131] T . Respectively calculating similarity matrixes C of 5 modules l Then, the characteristic vector of the executive body is used for inquiring the corresponding serial number of the corresponding module component, thereby inquiring the similarity matrix C l And obtaining similarity values of the components of each module of the executive body and corresponding components of other executive bodies. Assuming that the programming language module of executors 1 and 2 is the 1 st module, β is 1 1 =2,β 1 2 =3。H 1 Is the similarity matrix of the execution volume 1, where h 21 1 The component similarity values of the 1 st modules of the execution entity 1 and the execution entity 2 are shown in the similarity matrix C of Table 1 1 The similarity between Java (2) and Python (3) is found by fast query 21 1 =c 23 1 =0.6. Suppose that there is currently an executable 3, whose programming language is C + +, and β 1 3 If =4, then h is obtained by referring to the similarity matrix query of the programming language module 31 1 =c 24 1 =0.8。
After the similarity matrix of each executive body is calculated, the square sum of the similarity values of a plurality of modules of each executive body can be calculated by utilizing the similarity matrix of each executive body, and the similarity index of each executive body is obtained.
Similarity index D of, for example, an executable k k By its similarity matrix H k Calculated by the following formula.
Figure BDA0003800811650000111
a is the number of all executors, l is the type of the module, that is, the similarity values of each module of the executor k are squared and then summed, the subtraction in the formula represents the sum of squares of each element and subtracts the value of the comparison between the executor k and each module, and only the similarity between the executor k and other executors is reserved. Based on this, if D k The larger the value, the higher the similarity between this executable k and all other executables. The above calculation process is only exemplified by 5 modules, but not limited thereto, and the calculation process is also applicable to different module divisions of the executable.
Specifically, in an embodiment, the step S102 specifically includes the following steps:
step five: and counting the difference times between the output of the current executive body and the voting output of the executive body set in a preset time period.
Step six: and acquiring the latest time when the output of the current executive is different from the voting output of the executive set.
Step seven: and calculating the historical work performance index of the current executive body based on the recent time and the difference times.
Specifically, in this embodiment, when quantifying the historical performance indicator of the current executable, the voting difference number of the current executable within a preset time period is counted first, that is, the number of times of the current executable that is not trusted is counted. Untrusted means that the output result of the current execution body does not match the final voting result of the execution body set. The last time refers to the last untrusted time, i.e. the time when the executor has not passed the final voting result last time. In the present embodiment, considering that the too long history has a large gap from the actual situation and loses the reference value, the preset time period is set as the first 5 scheduling cycles of the current time, which is only an example and not limited thereto. Let G k The number of times the executor k is not trusted is represented, then
Figure BDA0003800811650000121
g kj Representing the case where the executive k votes at scheduling period j.
g kj The values of (A) are as follows:
Figure BDA0003800811650000122
and 0 represents that the voting is consistent with the final voting result, and the executive body is trusted in the scheduling period. 1 represents that the vote does not accord with the final result, and the executive body is not trusted in the scheduling period and may be attacked.
And then, calculating the historical work performance index of the current executive body by introducing two factors of the recent time and the difference times, thereby accurately quantifying the possibility that the current executive body is not broken by a hacker in a preset time period.
Specifically, in this embodiment, the specific step of calculating the historical performance index includes:
1. and normalizing the length of the latest time and negating to obtain the time index of the current executive body.
2. And calculating the product of the time index and the difference times to obtain the historical work performance index of the current executive body.
Specifically, after normalizing and negating the latest time when the current execution body is not trusted, the time index of the current execution body is obtained, for example: setting a complete process of executing one input and outputting a final voting result to be called a scheduling period, wherein in the last input and output period, the operation result of the execution body k is inconsistent with the voting result, and the time index L is obtained after the normalization and negation of the last time k =0.9, if the last untrusted status of the execution block k is that the operation result in the penultimate cycle of the input and output does not match the voting result, then L k =0.8, and so on, the values of the time index L are [0.9,0.8,0.7,0.6,0.5, \8230]. And then, calculating the product of the time index and the difference times of the current executive body to obtain the historical work performance index of the current executive body. In this embodiment, if the historical performance indicator data is larger, the probability that the current executable is not trusted and broken is higher.
Based on the above steps three to seven, as shown in fig. 2, in an embodiment, the step S103 specifically includes the following steps:
step eight: and performing weighted fusion on the similarity index and the historical working performance index of the current executive body according to a preset weight to obtain a comprehensive evaluation index of the current executive body.
Specifically, the embodiment finds the comprehensive evaluation index of each executable through a weighted fusion algorithm, for example:
CI=αD+βR
in the formula, α and β are weights of the similarity index of the executive body and the historical performance index, respectively. D represents the similarity index of the executive body, R represents the historical work performance index of the executive body, and CI represents the comprehensive evaluation index of the executive body. Through the steps of the embodiment, the comprehensive quantification of the similarity and the trust degree of each executive body is realized, and a scalar index for evaluating the excellence of each executive body is obtained.
Finally, sequencing the execution bodies according to the sequence of the comprehensive evaluation indexes from small to large to obtain an execution body sequence; and extracts a previous preset number (e.g., the previous n) of executors from the sequence of executors as a target executors.
The method comprises the steps of extracting a preset number of executors with the minimum comprehensive evaluation index in an executor sequence as target executors, and using an executor set formed by the target executors for mimicry defense, so that on one hand, the difference among the executors in the executor set is remarkably improved, on the other hand, each executor is guaranteed to be an executor which is not easy to be broken, and the possibility that the executor set is broken is remarkably reduced.
Through the steps, according to the technical scheme provided by the application, the similarity index is created for each executive body through the similarity of each executive body relative to other executive bodies, and the historical work performance index of each executive body is calculated based on the voting difference condition of each executive body relative to the executive body set in the preset time period. And then fusing the two indexes of each executive body to generate a comprehensive evaluation index. Therefore, whether each executive body has greater similarity relative to other executive bodies and whether the voting condition of the executive bodies is inconsistent with the voting condition of the majority of executive bodies is comprehensively characterized, and the excellence of each executive body is further judged. And finally, selecting a plurality of executors with smaller similarity and voting difference as target executors according to the magnitude of the comprehensive evaluation indexes of the executors, and forming a new executer set by using the target executors, thereby reducing the possibility that the executer set is broken by hackers.
In addition, in one embodiment, the similarity index of each executive body calculates the similarity of each module according to the component similarity of the same module of the current executive body and other executive bodies, and then the similarity indexes of the current executive body are obtained through fusion calculation of the similarity of each module, so that the reliability of the similarity indexes is improved. The historical work performance index of each executive body is the difference frequency of the current executive body which is in disagreement with the voting table of the executive body set, the latest time of the current executive body which has the difference in recent voting is counted, the historical work performance index of the current executive body is obtained by combining the latest time and the difference frequency, and the reliability of the historical work performance index is also improved.
As shown in fig. 3, the present embodiment further provides an apparatus for scheduling an executable, where the apparatus includes:
the similarity calculation module 101 is configured to generate a similarity index for each executable based on the similarity of each executable with respect to other executors. For details, refer to the related description of step S101 in the above method embodiment, and no further description is provided here.
And the work performance evaluation module 102 is configured to calculate a historical work performance index of each executive based on a voting difference situation of each executive relative to the executive set within a preset time period. For details, refer to the related description of step S102 in the above method embodiment, and details are not repeated herein.
And the index fusion module 103 is configured to correspondingly fuse the similarity index and the historical performance index of each execution body to obtain a comprehensive evaluation index of each execution body. For details, refer to the related description of step S103 in the above method embodiment, and no further description is provided here.
And the executive scheduling module 104 is configured to extract a preset number of target executives from each executive based on the comprehensive evaluation index of each executive. For details, refer to the related description of step S104 in the above method embodiment, and no further description is provided here.
The scheduling apparatus of an executor provided in the embodiment of the present invention is configured to execute the scheduling method of an executor provided in the above embodiment, and its implementation manner is the same as the principle, and details refer to the related description of the above method embodiment and are not described again.
Through the cooperative cooperation of the components, the technical scheme provided by the application establishes the similarity index for each executive body through the similarity of each executive body relative to other executive bodies, and calculates the historical work performance index of each executive body based on the voting difference condition of each executive body relative to the executive body set in the preset time period. And then fusing the two indexes of each executive body to generate a comprehensive evaluation index. Therefore, whether each executive body has greater similarity relative to other executive bodies and whether the voting condition of the executive bodies is inconsistent with the voting condition of the majority of executive bodies is comprehensively characterized, and the excellence of each executive body is further judged. And finally, selecting a plurality of executors with smaller similarity and voting difference as target executors according to the magnitude of the comprehensive evaluation indexes of the executors, and forming a new executer set by using the target executors, thereby reducing the possibility that the executer set is broken by hackers.
In addition, in one embodiment, the similarity index of each executive body calculates the similarity of each module according to the component similarity of the same module of the current executive body and other executive bodies, and then the similarity indexes of the current executive body are obtained through fusion calculation of the similarity of each module, so that the reliability of the similarity indexes is improved. The historical working performance index of each executive body is obtained by calculating the number of times of inconsistency of voting tables of the current executive body relative to the executive body set, counting the latest time of the current executive body with the difference in recent voting, and combining the latest time and the number of times of the difference to calculate the historical working performance index of the current executive body, so that the reliability of the historical working performance index is improved.
Fig. 4 shows an electronic device according to an embodiment of the present invention, where the device includes a processor 901 and a memory 902, which may be connected by a bus or by other means, and fig. 4 illustrates an example of a connection by a bus.
Processor 901 may be a Central Processing Unit (CPU). The Processor 901 may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 902, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the methods in the above-described method embodiments. The processor 901 executes various functional applications and data processing of the processor by executing non-transitory software programs, instructions and modules stored in the memory 902, that is, implements the methods in the above-described method embodiments.
The memory 902 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 901, and the like. Further, the memory 902 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 902 may optionally include memory located remotely from the processor 901, which may be connected to the processor 901 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more modules are stored in the memory 902, which when executed by the processor 901 performs the methods in the above-described method embodiments.
The specific details of the electronic device may be understood by referring to the corresponding related description and effects in the above method embodiments, which are not described herein again.
Those skilled in the art will understand that all or part of the processes in the methods of the embodiments described above may be implemented by instructing the relevant hardware through a computer program, and the implemented program may be stored in a computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art can make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.

Claims (11)

1. A method for scheduling an executable, the method comprising:
generating a similarity index of each executive body based on the similarity of each executive body relative to other executive bodies;
based on the voting difference condition of each executive relative to the executive set in a preset time period, calculating the historical work performance index of each executive;
correspondingly fusing the similarity index and the historical working performance index of each executive body to obtain a comprehensive evaluation index of each executive body;
and extracting a preset number of target executors from each executor based on the comprehensive evaluation index of each executor.
2. The method of claim 1, wherein generating a similarity index for each executable based on the similarity of each executable with respect to other executables comprises:
traversing and calculating the similarity between the current executive body and the same modules of other executive bodies to obtain a plurality of module similarity values of the current executive body;
and calculating the square sum of the similarity values of the modules to obtain the similarity index of the current executive body.
3. The method of claim 2, wherein said traversing calculates similarity between the same module of the current executable and each other executable to obtain module similarity values for the current executable, comprising:
aiming at a current module which is the same as a current module in a current execution body and some other execution body, acquiring a first module type of the current module in the current execution body, and acquiring a second module type of the current module in the some other execution body;
and determining the similarity between the current module in the current execution body and the current module in the certain other execution body according to the similarity between the first component type and the second component type.
4. The method of claim 3, wherein if the current module is a processor or an operating system, the step of calculating the similarity between the first component type and the second component type comprises:
acquiring respective vulnerabilities of a first component type and a second component type, and acquiring a common vulnerability of the first component type and the second component type;
calculating an overall vulnerability index based on respective vulnerabilities of the first component type and the second component type, and calculating a common vulnerability index based on the common vulnerabilities;
and taking the ratio of the common vulnerability indicator to the overall vulnerability indicator as the similarity between the first component type and the second component type.
5. The method of claim 1, wherein calculating the historical performance indicators of each executive based on the voting difference situation of each executive relative to the set of executives within the preset time period comprises:
counting the difference times of the output of the current executive body and the voting output of the executive body set in the preset time period;
obtaining the latest time when the output of the current executive body is different from the voting output of the voting of the executive body set;
calculating the historical performance indicator of the current executive based on the recent time and the number of differences.
6. The method of claim 5, wherein said calculating the historical performance metric for a current executable based on the most recent time and the number of discrepancies comprises:
normalizing the length of the latest time and negating to obtain a time index of the current executive body;
and calculating the product of the time index and the difference times to obtain the historical work performance index of the current executive body.
7. The method according to claim 1 or 6, wherein correspondingly fusing the similarity index and the historical performance index of each executable, comprises:
and performing weighted fusion on the similarity index and the historical working performance index of the current executive body according to a preset weight to obtain the comprehensive evaluation index of the current executive body.
8. The method of claim 7, wherein the extracting a preset number of target executives from each executor based on the composite evaluation index of each executor comprises:
sequencing the execution bodies according to the sequence of the comprehensive evaluation indexes from small to large to obtain an execution body sequence;
and extracting the former preset number of executors from the execution body sequence as the target execution body.
9. An apparatus for scheduling executables, the apparatus comprising:
the similarity calculation module is used for generating a similarity index of each executive body based on the similarity of each executive body relative to other executive bodies;
the work performance evaluation module is used for calculating historical work performance indexes of all executives based on voting difference conditions of all executives relative to the executant set in a preset time period;
the index fusion module is used for correspondingly fusing the similarity index and the historical working performance index of each executive body to obtain a comprehensive evaluation index of each executive body;
and the executive scheduling module is used for extracting a preset number of target executives from each executive based on the comprehensive evaluation index of each executive.
10. An electronic device, comprising:
a memory and a processor communicatively coupled to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method of any of claims 1-8.
11. A computer-readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1-8.
CN202210982569.7A 2022-08-16 2022-08-16 Scheduling method and device of executive body and electronic equipment Pending CN115292718A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210982569.7A CN115292718A (en) 2022-08-16 2022-08-16 Scheduling method and device of executive body and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210982569.7A CN115292718A (en) 2022-08-16 2022-08-16 Scheduling method and device of executive body and electronic equipment

Publications (1)

Publication Number Publication Date
CN115292718A true CN115292718A (en) 2022-11-04

Family

ID=83829226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210982569.7A Pending CN115292718A (en) 2022-08-16 2022-08-16 Scheduling method and device of executive body and electronic equipment

Country Status (1)

Country Link
CN (1) CN115292718A (en)

Similar Documents

Publication Publication Date Title
CN113468071B (en) Fuzzy test case generation method, system, computer equipment and storage medium
CN110474900B (en) Game protocol testing method and device
WO2017152877A1 (en) Network threat event evaluation method and apparatus
CN114915475B (en) Method, device, equipment and storage medium for determining attack path
CN110704464B (en) Method and device for processing bifurcation problem
JP2021180033A (en) Property graph data model representing system architecture
CN111709022B (en) Hybrid alarm association method based on AP clustering and causal relationship
RU2587429C2 (en) System and method for evaluation of reliability of categorisation rules
Chen et al. Invariants based failure diagnosis in distributed computing systems
CN115484112B (en) Payment big data safety protection method, system and cloud platform
US9552284B2 (en) Determining valid inputs for an unknown binary program
CN116015913A (en) Network attack prediction method based on ATT & CK framework
CN106095669B (en) Parallel program testing method based on scheduling sequence reduction
CN115292718A (en) Scheduling method and device of executive body and electronic equipment
CN114679335B (en) Power monitoring system network security risk assessment training method, assessment method and equipment
CN113839963B (en) Network security vulnerability intelligent detection method based on artificial intelligence and big data
CN114491889A (en) Method and device for identifying network key nodes of combat system
CN110708342B (en) Method and system for quantifying influence of malicious attack on information physical power system
CN115277153B (en) Smart grid 5G network risk assessment system and assessment method
US11526606B1 (en) Configuring machine learning model thresholds in models using imbalanced data sets
US20240163297A1 (en) Artificial intelligence-based cyber training method and apparatus
CN115766293B (en) Risk file detection method and device, electronic equipment and storage medium
CN115361231B (en) Host abnormal flow detection method, system and equipment based on access baseline
CN117749441A (en) Network attack prediction method, device, equipment and storage medium
CN107040554B (en) Method for defending CC attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination