CN116668097A - Mimicry HSS network element signaling processing method and system - Google Patents
Mimicry HSS network element signaling processing method and system Download PDFInfo
- Publication number
- CN116668097A CN116668097A CN202310559039.6A CN202310559039A CN116668097A CN 116668097 A CN116668097 A CN 116668097A CN 202310559039 A CN202310559039 A CN 202310559039A CN 116668097 A CN116668097 A CN 116668097A
- Authority
- CN
- China
- Prior art keywords
- network element
- heterogeneous
- mimicry
- hss network
- element signaling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000011664 signaling Effects 0.000 title claims abstract description 108
- 238000003672 processing method Methods 0.000 title claims description 18
- 238000012545 processing Methods 0.000 claims abstract description 104
- 238000000034 method Methods 0.000 claims abstract description 30
- 230000002159 abnormal effect Effects 0.000 claims description 31
- 238000004891 communication Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 claims description 8
- 230000005856 abnormality Effects 0.000 claims description 4
- 230000007123 defense Effects 0.000 abstract description 6
- 238000004140 cleaning Methods 0.000 description 5
- 238000004088 simulation Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000006317 isomerization reaction Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1016—IP multimedia subsystem [IMS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a method and a system for processing a mimicry HSS network element signaling, wherein the method comprises the following steps: receiving HSS network element signaling through the input agent distributor, and distributing the HSS network element signaling to a plurality of equivalent heterogeneous executors after copying a plurality of copies; carrying out service processing on the distributed HSS network element signaling through a plurality of equivalent heterogeneous executors, and inputting the obtained pending service processing result to the output proxy resolver; the output agent arbitrator performs mimicry arbitration according to a preset arbitration algorithm, and determines a target business processing result from a plurality of business processing results to be arbitrated. According to the technical scheme of the embodiment of the application, mimicry defense can be realized through a plurality of heterogeneous executors and resolvers, the security of HSS network element signaling is improved, and the network security is improved.
Description
Technical Field
The application relates to the technical field of network security, in particular to a mimicry HSS network element signaling processing method and a mimicry HSS network element signaling processing system.
Background
The IP multimedia system (IP Multimedia Subsystem, IMS) is an important solution for the convergence of mobile and fixed networks, is an important way to introduce differentiated services for the convergence of voice, data, video, etc., and its security is an important ring in the construction of network security. The IMS introduces a home subscriber server (Home Subscriber Server, HSS) functional entity, the HSS is responsible for the management and maintenance of subscription data of various types of fixed and mobile broadband access users, and supports IMS service users IMS data storage, authentication and addressing functions.
With the development of IMS core network deployment application, the attack frequency of the IMS core network is higher and higher, and especially when an attacker attacks by utilizing unknown vulnerabilities and unknown backdoors of IMS core network element equipment, the traditional precaution means are similar to dummy, the security of HSS network element signaling cannot be ensured, and great hidden danger is caused to network information security.
Disclosure of Invention
The present application aims to solve at least one of the technical problems existing in the prior art. Therefore, the application provides a mimicry HSS network element signaling processing method and a mimicry HSS network element signaling processing system, which can improve the reliability and the safety of the HSS network element signaling and realize mimicry defense.
In a first aspect, an embodiment of the present application provides a method for processing a signaling of a proposed HSS network element, which is applied to a proposed HSS network element signaling processing system, where the proposed HSS network element signaling processing system includes an input proxy dispatcher, a plurality of equivalent heterogeneous executors, and an output proxy arbitrator, where the input proxy dispatcher is communicatively connected to the HSS network element, and execution architectures of the plurality of equivalent heterogeneous executors are different but service processing functions are the same, and the proposed HSS network element signaling processing method includes:
receiving HSS network element signaling through the input agent distributor, and distributing the HSS network element signaling to a plurality of equivalent heterogeneous executors after copying a plurality of copies;
carrying out service processing on the distributed HSS network element signaling through a plurality of equivalent heterogeneous executors, and inputting the obtained pending service processing result to the output proxy resolver;
the output agent arbitrator performs mimicry arbitration according to a preset arbitration algorithm, and determines a target business processing result from a plurality of business processing results to be arbitrated.
According to some embodiments of the application, the execution body architecture includes a host and a virtual machine, the hardware and the operating system of the host of different equivalent heterogeneous executives are different, the operating system platform of the virtual machine of different equivalent heterogeneous executives is different, and the signaling of the HSS network element is distributed to a plurality of equivalent heterogeneous executives after being duplicated for a plurality of copies, including:
determining a plurality of target heterogeneous executions from a plurality of the equivalent heterogeneous executions;
copying a plurality of HSS network element signaling according to the number of the target heterogeneous executors;
and distributing the HSS network element signaling to each target heterogeneous executable.
According to some embodiments of the application, before the receiving HSS network element signalling by the input proxy distributor, the method further comprises:
acquiring a preset historical reference confidence coefficient, wherein the historical reference confidence coefficient belongs to a historical reference heterogeneous executor;
an initial confidence of the equivalent heterogeneous execution is determined based on a degree of similarity between the execution architecture of the historical reference heterogeneous execution and the execution architecture of the equivalent heterogeneous execution.
According to some embodiments of the application, the output agent arbitrator performs a mimicry arbitration according to a preset arbitration algorithm, and determines a target service processing result from a plurality of pending service processing results, including:
acquiring target confidence coefficient sent by the target heterogeneous execution body, wherein the target confidence coefficient is obtained based on the judging information of the initial confidence coefficient iteration repeated historical mimicry judgment, and the judging information is used for indicating a security situation, a system resource condition, an exception processing result, an attacked frequency and a historical judging result when the target heterogeneous execution body carries out mimicry judgment;
determining a plurality of execution body sets based on a plurality of target heterogeneous execution bodies, wherein the pending service processing results output by the target heterogeneous execution bodies belonging to the same execution body set are the same;
determining a sum of the target confidence levels of all the target heterogeneous executives in the execution body set as a set confidence level;
and judging the pending service processing result corresponding to the executive body set with the maximum set confidence as the target service processing result.
According to some embodiments of the application, after the determining a target business process result from the plurality of pending business process results, the method further comprises:
saving the judging information of the simulated judging;
and based on a preset period, the target heterogeneous executor carries out weighted iteration according to the saved arbitration information and the current target confidence coefficient to obtain a new target confidence coefficient.
According to some embodiments of the application, the proposed HSS network element signaling processing system further comprises a feedback controller and a proposed scheduling module, the method further comprising, after determining a target traffic processing result from the plurality of pending traffic processing results:
the output agent arbitrator sends arbitration information of the current mimicry arbitration to the feedback controller;
when the feedback controller determines at least one abnormal heterogeneous executing body according to the judging information of the current mimicry judgment, a first scheduling strategy and a second scheduling strategy are generated;
the first scheduling strategy is sent to the mimicry scheduling module, and the mimicry scheduling module controls the abnormal heterogeneous execution body to be offline and cleaned according to the first scheduling strategy;
and sending the second scheduling policy to the input agent distributor, wherein the input agent distributor deletes the abnormal heterogeneous executable from the optional equivalent heterogeneous executable according to the second scheduling policy.
According to some embodiments of the application, before the mimicry scheduling module controls the heterogeneous execution to be offline and cleaned according to the first scheduling policy, the method further includes:
determining that the service carried by the abnormal heterogeneous executor is executed;
or, scheduling the service carried by the abnormal heterogeneous executable to the equivalent heterogeneous executable without abnormality.
In a second aspect, an embodiment of the present application provides a proposed HSS network element signaling processing system, configured to execute the proposed HSS network element signaling processing method according to the first aspect, where the proposed HSS network element signaling processing system includes:
an input agent distributor, configured to receive HSS network element signaling, copy multiple copies of the HSS network element signaling, and distribute the copies of the HSS network element signaling to multiple equivalent heterogeneous executors;
the equivalent heterogeneous executors are used for carrying out service processing on the distributed HSS network element signaling, and inputting the obtained pending service processing result to the output proxy arbitrator, wherein the execution body architectures of a plurality of equivalent heterogeneous executors are different but the service processing functions are the same;
and the output proxy arbitrator is used for performing mimicry arbitration according to a preset arbitration algorithm and determining a target business processing result from a plurality of business processing results to be arbitrated.
In a third aspect, an embodiment of the present application provides a mimicking HSS network element signalling processing apparatus, including at least one control processor and a memory communicatively coupled to the at least one control processor, the memory storing instructions executable by the at least one control processor to enable the at least one control processor to perform a mimicking HSS network element signalling processing method as described in the first aspect, or a mimicking HSS network element signalling processing system as described in the second aspect.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium storing computer executable instructions for performing the proposed HSS network element signalling method according to the first aspect.
The mimicry HSS network element signaling processing method according to the embodiment of the application has at least the following beneficial effects: receiving HSS network element signaling through the input agent distributor, and distributing the HSS network element signaling to a plurality of equivalent heterogeneous executors after copying a plurality of copies; carrying out service processing on the distributed HSS network element signaling through a plurality of equivalent heterogeneous executors, and inputting the obtained pending service processing result to the output proxy resolver; the output agent arbitrator performs mimicry arbitration according to a preset arbitration algorithm, and determines a target business processing result from a plurality of business processing results to be arbitrated. According to the technical scheme of the embodiment of the application, mimicry defense can be realized through a plurality of heterogeneous executors and resolvers, the security of HSS network element signaling is improved, and the network security is improved.
Drawings
FIG. 1 is a schematic diagram of a proposed HSS signaling processing system according to one embodiment of the present application;
fig. 2 is a flowchart of a mimicry HSS network element signaling processing method provided in one embodiment of the present application;
FIG. 3 is a flow chart of determining a target heterogeneous execution object provided in another embodiment of the present application;
FIG. 4 is a flow chart for determining initial confidence provided by another embodiment of the present application;
FIG. 5 is a flow chart of a mimetic arbitration provided by another embodiment of the present application;
FIG. 6 is a flow chart of updating confidence provided by another embodiment of the present application;
FIG. 7 is a flow chart for deleting an abnormal heterogeneous executable provided by another embodiment of the present application;
FIG. 8 is a flow chart for ensuring traffic is not impacted prior to deleting an abnormal heterogeneous executable provided by another embodiment of the present application;
fig. 9 is a block diagram of a proposed HSS network element signaling processing apparatus according to another embodiment of the application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the application.
In the description of the present application, it should be understood that references to orientation descriptions such as upper, lower, front, rear, left, right, etc. are based on the orientation or positional relationship shown in the drawings, are merely for convenience of description of the present application and to simplify the description, and do not indicate or imply that the apparatus or elements referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be construed as limiting the present application.
In the description of the present application, a number means one or more, a number means two or more, and greater than, less than, exceeding, etc. are understood to not include the present number, and above, below, within, etc. are understood to include the present number. The description of the first and second is for the purpose of distinguishing between technical features only and should not be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present application, unless explicitly defined otherwise, terms such as arrangement, installation, connection, etc. should be construed broadly and the specific meaning of the terms in the present application can be reasonably determined by a person skilled in the art in combination with the specific contents of the technical scheme.
The embodiment of the application provides a method and a system for processing a mimicked HSS network element signaling, wherein the mimicked HSS network element signaling processing method comprises the following steps: receiving HSS network element signaling through the input agent distributor, and distributing the HSS network element signaling to a plurality of equivalent heterogeneous executors after copying a plurality of copies; carrying out service processing on the distributed HSS network element signaling through a plurality of equivalent heterogeneous executors, and inputting the obtained pending service processing result to the output proxy resolver; the output agent arbitrator performs mimicry arbitration according to a preset arbitration algorithm, and determines a target business processing result from a plurality of business processing results to be arbitrated. According to the technical scheme of the embodiment of the application, mimicry defense can be realized through a plurality of heterogeneous executors and resolvers, the security of HSS network element signaling is improved, and the network security is improved.
First, the structure of the proposed HSS network element signaling processing system of the present application is illustrated, the present example is not limited to the structure of the system, but a specific implementation environment of the technical solution of the present application may be implemented, referring to fig. 1, fig. 1 is a schematic structural diagram of the proposed HSS network element signaling processing system of the present application, where the system includes an input agent distributor 100, a plurality of equivalent heterogeneous executors 101, an output agent arbitrator 102, a feedback controller 103, and a proposed scheduling module 104, and the input agent distributor 100 is communicatively connected to the HSS network element.
In some embodiments, the input proxy distributor 100 is configured to, when receiving service signaling, duplicate received signaling messages into multiple copies, and distribute the signaling to multiple equivalent heterogeneous executors 101; the equivalent heterogeneous executor 101 is used for performing service processing on the signaling message, and outputting a processing result to the output proxy resolver 102; the output agent arbitrator 102 performs a pseudo-arbitration on the processing result of the equivalent heterogeneous executable 101 by using an arbitration algorithm, outputs a final execution result, and outputs decision information to the feedback controller 103; the feedback controller 103 sends a first scheduling strategy and a cleaning instruction to the mimicry scheduling module 104 according to the arbitration information, and the mimicry scheduling module 104 performs executable cleaning on the isomerism participating in mimicry arbitration at this time; the feedback controller 103 simultaneously sends a second scheduling policy to the input agent distributor 100, and deletes the equivalent heterogeneous executor 101 with abnormal performance from the distribution set of the agent distributor 100; the mimicry scheduling module 104 is configured to receive an instruction of the feedback controller 103, and dynamically operate the equivalent heterogeneous execution body 101 based on a scheduling algorithm, including scheduling of the equivalent heterogeneous execution body 101, and cleaning operation of the equivalent heterogeneous execution body 101 in an abnormal state.
Illustratively, the execution body architectures of the equivalent heterogeneous execution bodies 101 are different but the service processing functions are the same, and the proposed HSS network element signaling processing system deploys N hosts of heterogeneous platforms, where N is a natural number greater than 1, and host s= { S m M=1, 2,..m }, where S m The method comprises the steps that an mth host computer is adopted, wherein each host computer is subjected to hardware and operating system isomerization, the hardware architecture can be X86 or ARM, and the operating system can be Centos, ubuntu, debian or Kylin; virtual machines under different operating system platforms are deployed on each host machine, and the virtual machines K= { K n N=1, 2,..n }, where K n For the nth virtual machine, the virtualization technology of the virtual machine may be KVM, and the containerization technology may be Docker. On the basis of the above, the equivalent heterogeneous executable 101 is the nth virtual machine on the mth host, and the executable t= { T mn M=1, 2,..m; n=1, 2,..n }, where T mn Is the nth virtual machine on the mth host.
The control method of the embodiment of the present application is further described below based on the proposed HSS network element signaling processing system shown in fig. 1.
Referring to fig. 2, fig. 2 is a flowchart of a proposed HSS network element signaling processing method according to an embodiment of the present application, where the proposed HSS network element signaling processing method includes, but is not limited to, the following steps:
s21, receiving HSS network element signaling through an input agent distributor, copying the HSS network element signaling for a plurality of times, and distributing the copied HSS network element signaling to a plurality of equivalent heterogeneous executors;
s22, carrying out service processing on distributed HSS network element signaling through a plurality of equivalent heterogeneous executors, and inputting the obtained service processing result to be arbitrated into an output proxy arbitrator;
s23, the output agent arbitrator performs mimicry arbitration according to a preset arbitration algorithm, and determines a target business processing result from a plurality of business processing results to be arbitrated.
It should be noted that, when the input proxy distributor acquires the HSS network element signaling, copies the HSS network element signaling and distributes the HSS network element signaling to a plurality of equivalent heterogeneous executors, based on the description of the system structure, the equivalent heterogeneous executors have the same function, but different architecture, so that the security, the resource condition and the attacked condition of each equivalent heterogeneous executor are different, different outputs can be obtained under the same input condition, thereby realizing the simulation of the service processing result under different hardware.
After the output proxy arbitrator obtains the multiple pending service processing results, the output proxy arbitrator performs mimicry arbitration according to a preset arbitration algorithm, so as to obtain a final output response, the arbitration algorithm can perform mimicry arbitration on multiple equivalent heterogeneous executors, the preset arbitration algorithm determines a final target service processing result, and the arbitration algorithm can perform iterative judgment arbitration on the current security situation, system resource situation, abnormal processing result, attacked frequency, historical performance of the equivalent heterogeneous executors and other information weighting parameters. Through the technical scheme of the embodiment, the simulation of service processing can be performed through a plurality of equivalent heterogeneous executors, the mimicry judgment is performed through the output proxy judgment device, and mimicry simulation is performed on different processing scenes of the HSS network element signaling, so that an optimal service processing result is obtained, mimicry defense can be realized, and the security of the HSS network element signaling is improved.
In addition, referring to fig. 3, step S22 shown in fig. 2 further includes, but is not limited to, the following steps:
s31, determining a plurality of target heterogeneous executions from a plurality of equivalent heterogeneous executions;
s32, copying a plurality of HSS network element signaling according to the number of target heterogeneous executors;
and S33, distributing HSS network element signaling to each target heterogeneous executable.
Since the number of equivalent heterogeneous executives may be plural, the input agent distributor may determine a specific number according to actual mimicry requirements, for example, when selecting an execution body for specific distribution, the input agent distributor knows the configuration of the equivalent heterogeneous executives, so that the input agent distributor is provided with executionLine pool t= { T mn M=1, 2,..m; n=1, 2..n }, where M is the number of hosts and N is the number of virtual machines; the input agent distributor dynamically selects k target heterogeneous executors from the execution body pool to work, wherein the target heterogeneous executors can be expressed asThe specific numerical values of i.ltoreq.m, j.ltoreq.n, and k can be adjusted according to actual situation requirements, for example, in order to improve security, all equivalent heterogeneous executors are determined to be target heterogeneous executors, or in order to save resources, only a plurality of target heterogeneous executors are adopted, the specific numerical values of k are not limited, and k is a natural number greater than 1.
After determining k target heterogeneous executors, the input proxy distributor copies the acquired HSS network element signaling into k parts, and sends a part of HSS network element signaling to each target heterogeneous executor, so that the input of each target heterogeneous executor is the same, and the input is processed by the target heterogeneous executor to obtain k pending service processing results.
In addition, in an embodiment, referring to fig. 4, before performing step S21 shown in fig. 2, the method further includes, but is not limited to, the following steps:
s41, acquiring a preset historical reference confidence coefficient, wherein the historical reference confidence coefficient belongs to a historical reference heterogeneous executor;
s42, determining initial confidence of the equivalent heterogeneous execution body based on the similarity degree between the execution body structure of the historical reference heterogeneous execution body and the execution body structure of the equivalent heterogeneous execution body.
It should be noted that, in order to implement the mimicry arbitration, the confidence level of each equivalent heterogeneous execution body may be used as an arbitration basis, and the higher the confidence level, the more reliable the service processing result of the equivalent heterogeneous execution body is, the higher the security is. Based on this, the initial confidence of the equivalent heterogeneous execution body can be determined as { ω ] according to the hardware architecture, the system platform and the historical reference confidence of the equivalent heterogeneous execution body in the system initialization stage 1 ,ω 2 ,...ω M }. Example(s)For example, the equivalent heterogeneous execution body is a host machine configured with different virtual machines, so that the historical reference heterogeneous execution body with the same architecture can be queried from the historical information, and under the condition that the architecture is similar, the security situation, the attacked frequency, the resource condition and the exception handling result have certain similarity, and the corresponding historical reference confidence is determined as the initial confidence, so that the equivalent heterogeneous execution body can provide an initial mimicry decision basis for the output proxy resolver.
In addition, referring to fig. 5, in an embodiment, step S23 shown in fig. 2 further includes, but is not limited to, the following steps:
s51, acquiring target confidence coefficient sent by a target heterogeneous execution body, wherein the target confidence coefficient is obtained based on decision information of initial confidence coefficient iteration multiple historical mimicry decisions, and the decision information is used for indicating a security situation, a system resource condition, an abnormal processing result, an attacked frequency and a historical decision result when the target heterogeneous execution body performs mimicry decisions;
s52, determining a plurality of execution body sets based on a plurality of target heterogeneous execution bodies, wherein the pending service processing results output by the target heterogeneous execution bodies belonging to the same execution body set are the same;
s53, determining the sum of the target confidence degrees of all target heterogeneous executors in the execution body set as the set confidence degree;
s54, the pending business processing result corresponding to the executive aggregate with the largest aggregate confidence is arbitrated into a target business processing result.
It should be noted that, according to the description of the above embodiment, after having the initial confidence, the system may execute the mimetic arbitration of the HSS network element signaling, iterate the confidence of the equivalent heterogeneous executor according to the arbitration information generated by each mimetic arbitration, so as to effectively improve the accuracy of the confidence. The arbitration information may be factors influencing the arbitration result, such as security situation, system resource status, exception handling result, attacked frequency and historical arbitration result when performing mimicry arbitration, and those skilled in the art may increase or decrease the content of the arbitration information according to the actual requirement, which is not limited herein. After the arbitration information is obtained, a weighting coefficient can be set for each parameter of the arbitration information, and weighting iteration is performed on the basis of the current confidence level, so that the confidence level is updated. It is noted that the confidence coefficient has a value interval of [0,1], and the description is not repeated in the following.
It should be noted that, in order to implement the mimicry arbitration, the arbitration algorithm in this embodiment superimposes the confidence of the same processing result, and the target heterogeneous executor selects an equivalent heterogeneous executor performing the service processing simulation, where each target heterogeneous executor is different in architecture, but the pending service processing result output by at least two target heterogeneous executors may also appear to be the same, and if at this moment 2x+1 target heterogeneous executors operate, the target heterogeneous executor with consistent output result is first divided into an execution set G k Obtain the sequence { G of the execution body set 1 ,G 2 ,...G K ,..}, K is a natural number,o i =o j ,/>and Sigma|G K |=2x+1,f i Representing the ith target isomer, f j Indicating the j-th target heterogeneous actuator, o is the target confidence, < ->Is a real number. On the basis of this, calculate each executable set G k Is>And then, the service processing result to be arbitrated corresponding to the executive aggregate with the maximum aggregate confidence is arbitrated into a target service processing result, thereby completing the mimicry arbitration.
If there are two execution body sets, the confidence of the sets is the same, i.e., W i =W j And randomly selecting a set of results as target business processing results.
Additionally, in one embodiment, referring to fig. 6, after performing step S23 shown in fig. 2, the method further includes, but is not limited to, the following steps:
s61, saving the judging information of the simulated judging;
s62, based on a preset period, the target heterogeneous executor carries out weighted iteration according to the stored arbitration information and the current target confidence coefficient to obtain a new target confidence coefficient.
It should be noted that, after each simulation decision is completed, the decision information may be saved, and the weighted iteration is performed on the target confidence coefficient according to the preset period to update, and of course, the update may be performed once after each decision information is obtained, and the specific update frequency may be set according to the actual requirement. By updating the target confidence, the security of the equivalent heterogeneous executor can be better represented, so that a more accurate judging result is obtained in the subsequent mimicry judgment, and the security of the HSS network element signaling is improved.
Additionally, in an embodiment, referring to fig. 7, after performing step S23 shown in fig. 2, the method further includes, but is not limited to, the following steps:
s71, the output agent arbitrator sends the arbitrating information of the current mimicry arbitrator to the feedback controller;
s72, when the feedback controller determines at least one abnormal heterogeneous executing body according to the judging information of the mimicry judgment, a first scheduling strategy and a second scheduling strategy are generated;
s73, the first scheduling strategy is sent to a mimicry scheduling module, and the mimicry scheduling module controls the abnormal heterogeneous execution body to be offline and cleaned according to the first scheduling strategy;
s74, the second scheduling policy is sent to the input agent distributor, and the input agent distributor deletes the abnormal heterogeneous executable from the selectable equivalent heterogeneous executable according to the second scheduling policy.
In order to realize mimicry defense, the abnormal execution body can be cleaned, and in this embodiment, after the output proxy resolver outputs the resolution information, when the abnormal execution body is found, the abnormal alarm information is carried and sent to the feedback controller, and the abnormal alarm information can be carried and sent in the resolution information or sent independently. After the feedback controller determines that the heterogeneous execution body is abnormal, the feedback controller sends a first scheduling strategy to the mimicry scheduling module, so that the mimicry scheduling module responds to the first scheduling strategy to perform offline and cleaning on the equivalent heterogeneous execution body identified as the abnormal architecture execution body, and the equivalent heterogeneous execution body is prevented from participating in subsequent transmission of HSS network element signaling.
It should be noted that, in addition to cleaning the executing body with the exception, the feedback controller sends a second scheduling policy to the input proxy dispatcher, so that the equivalent heterogeneous executing body determined as the abnormal heterogeneous executing body is deleted from the executing body pool according to the second scheduling policy by the input proxy dispatcher, and HSS network element signaling is prevented from being sent to the executing body pool again.
Additionally, in an embodiment, referring to fig. 8, after performing step S73 shown in fig. 7, the method further includes, but is not limited to, the following steps:
s81, determining that the service carried by the abnormal heterogeneous executor is executed;
s82, scheduling the business carried by the abnormal heterogeneous executable to the equivalent heterogeneous executable without abnormality.
Before the abnormal heterogeneous execution body is put down and cleaned, it needs to ensure that the current carried service of the abnormal heterogeneous execution body is not affected, so that the carried service can be completely executed or scheduled to other equivalent heterogeneous execution bodies without abnormality, and after the operations are completed, the abnormal heterogeneous execution body is put down, cleaned and the like until the resolver state returns to the stable equilibrium state.
As shown in fig. 9, fig. 9 is a block diagram of a proposed HSS network element signaling processing apparatus according to an embodiment of the application. The application also provides a mimicry HSS network element signaling processing device, which comprises:
the processor 901 may be implemented by a general purpose central processing unit (Central Processing Unit, CPU), a microprocessor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing related programs, so as to implement the technical scheme provided by the embodiments of the present application;
the Memory 902 may be implemented in the form of a Read Only Memory (ROM), a static storage device, a dynamic storage device, or a random access Memory (Random Access Memory, RAM). The memory 902 may store an operating system and other application programs, and when the technical solutions provided in the embodiments of the present disclosure are implemented by software or firmware, relevant program codes are stored in the memory 902, and the processor 901 invokes a method for processing HSS network element signaling that executes the mimicry of the embodiments of the present disclosure;
an input/output interface 903 for inputting and outputting information;
the communication interface 904 is configured to implement communication interaction between the device and other devices, and may implement communication in a wired manner (e.g. USB, network cable, etc.), or may implement communication in a wireless manner (e.g. mobile network, WIFI, bluetooth, etc.);
a bus 905 that transfers information between the various components of the device (e.g., the processor 901, the memory 902, the input/output interface 903, and the communication interface 904);
wherein the processor 901, the memory 902, the input/output interface 903 and the communication interface 904 are communicatively coupled to each other within the device via a bus 905.
The embodiment of the application also provides a storage medium, which is a computer readable storage medium, and the storage medium stores a computer program, and the computer program realizes the mimicry HSS network element signaling processing method when being executed by a processor.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The apparatus embodiments described above are merely illustrative, in which the elements illustrated as separate components may or may not be physically separate, implemented to reside in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically include computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and may include any information delivery media.
While the preferred embodiment of the present application has been described in detail, the present application is not limited to the above embodiments, and those skilled in the art can make various equivalent modifications or substitutions without departing from the spirit and scope of the present application, and these equivalent modifications or substitutions are included in the scope of the present application as defined in the appended claims.
Claims (10)
1. The method is characterized by being applied to a mimicry HSS network element signaling processing system, wherein the mimicry HSS network element signaling processing system comprises an input agent distributor, a plurality of equivalent heterogeneous executors and an output agent arbitrator, the input agent distributor is in communication connection with the HSS network element, the execution architectures of the equivalent heterogeneous executors are different but the service processing functions are the same, and the mimicry HSS network element signaling processing method comprises the following steps:
receiving HSS network element signaling through the input agent distributor, and distributing the HSS network element signaling to a plurality of equivalent heterogeneous executors after copying a plurality of copies;
carrying out service processing on the distributed HSS network element signaling through a plurality of equivalent heterogeneous executors, and inputting the obtained pending service processing result to the output proxy resolver;
the output agent arbitrator performs mimicry arbitration according to a preset arbitration algorithm, and determines a target business processing result from a plurality of business processing results to be arbitrated.
2. The method of claim 1, wherein the execution body architecture includes a host and a virtual machine, the hardware and the operating systems of the host of different equivalent heterogeneous executions are different, the operating system platforms of the virtual machines of different equivalent heterogeneous executions are different, and the distributing the HSS network element signaling to a plurality of equivalent heterogeneous executions after copying the HSS network element signaling includes:
determining a plurality of target heterogeneous executions from a plurality of the equivalent heterogeneous executions;
copying a plurality of HSS network element signaling according to the number of the target heterogeneous executors;
and distributing the HSS network element signaling to each target heterogeneous executable.
3. The mimicry HSS network element signaling processing method of claim 2, wherein prior to the receiving HSS network element signaling through the input proxy distributor, the method further includes:
acquiring a preset historical reference confidence coefficient, wherein the historical reference confidence coefficient belongs to a historical reference heterogeneous executor;
an initial confidence of the equivalent heterogeneous execution is determined based on a degree of similarity between the execution architecture of the historical reference heterogeneous execution and the execution architecture of the equivalent heterogeneous execution.
4. The proposed HSS network element signaling processing method of claim 3, wherein said outputting proxy arbitrator performs proposed arbitration according to a preset arbitration algorithm, and determining a target service processing result from a plurality of said proposed service processing results comprises:
acquiring target confidence coefficient sent by the target heterogeneous execution body, wherein the target confidence coefficient is obtained based on the judging information of the initial confidence coefficient iteration repeated historical mimicry judgment, and the judging information is used for indicating a security situation, a system resource condition, an exception processing result, an attacked frequency and a historical judging result when the target heterogeneous execution body carries out mimicry judgment;
determining a plurality of execution body sets based on a plurality of target heterogeneous execution bodies, wherein the pending service processing results output by the target heterogeneous execution bodies belonging to the same execution body set are the same;
determining a sum of the target confidence levels of all the target heterogeneous executives in the execution body set as a set confidence level;
and judging the pending service processing result corresponding to the executive body set with the maximum set confidence as the target service processing result.
5. The proposed HSS signaling method of claim 4, wherein after said determining a target traffic handling result from among said plurality of pending traffic handling results, said method further comprises:
saving the judging information of the simulated judging;
and based on a preset period, the target heterogeneous executor carries out weighted iteration according to the saved arbitration information and the current target confidence coefficient to obtain a new target confidence coefficient.
6. The proposed HSS network element signaling method of claim 4, wherein said proposed HSS network element signaling system further comprises a feedback controller and a proposed scheduling module, said method further comprising, after said determining a target service processing result from among said plurality of said pending service processing results:
the output agent arbitrator sends arbitration information of the current mimicry arbitration to the feedback controller;
when the feedback controller determines at least one abnormal heterogeneous executing body according to the judging information of the current mimicry judgment, a first scheduling strategy and a second scheduling strategy are generated;
the first scheduling strategy is sent to the mimicry scheduling module, and the mimicry scheduling module controls the abnormal heterogeneous execution body to be offline and cleaned according to the first scheduling strategy;
and sending the second scheduling policy to the input agent distributor, wherein the input agent distributor deletes the abnormal heterogeneous executable from the optional equivalent heterogeneous executable according to the second scheduling policy.
7. The mimicry HSS network element signaling processing method of claim 6, wherein before the mimicry scheduling module controls the heterogeneous execution to be down-line and cleaned according to the first scheduling policy, the method further includes:
determining that the service carried by the abnormal heterogeneous executor is executed;
or, scheduling the service carried by the abnormal heterogeneous executable to the equivalent heterogeneous executable without abnormality.
8. A mimicry HSS network element signaling processing system, configured to perform the mimicry HSS network element signaling processing method of any one of claims 1 to 7, the mimicry HSS network element signaling processing system comprising:
an input agent distributor, configured to receive HSS network element signaling, copy multiple copies of the HSS network element signaling, and distribute the copies of the HSS network element signaling to multiple equivalent heterogeneous executors;
the plurality of equivalent heterogeneous executors are used for carrying out service processing on the distributed HSS network element signaling, and inputting the obtained pending service processing result to the output proxy resolver, wherein the execution body architectures of the plurality of equivalent heterogeneous executors are different but the service processing functions are the same;
and the output proxy arbitrator is used for performing mimicry arbitration according to a preset arbitration algorithm and determining a target business processing result from a plurality of business processing results to be arbitrated.
9. A mimicry HSS network element signalling processing apparatus, comprising at least one control processor and a memory for communication connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the mimicry HSS network element signalling method according to any of claims 1 to 7.
10. A computer readable storage medium storing computer executable instructions for causing a computer to perform the mimicry HSS network element signalling method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310559039.6A CN116668097A (en) | 2023-05-17 | 2023-05-17 | Mimicry HSS network element signaling processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310559039.6A CN116668097A (en) | 2023-05-17 | 2023-05-17 | Mimicry HSS network element signaling processing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116668097A true CN116668097A (en) | 2023-08-29 |
Family
ID=87716355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310559039.6A Pending CN116668097A (en) | 2023-05-17 | 2023-05-17 | Mimicry HSS network element signaling processing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116668097A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117056914A (en) * | 2023-10-11 | 2023-11-14 | 井芯微电子技术(天津)有限公司 | Endogenous security processing method and system based on heterogeneous operating system |
-
2023
- 2023-05-17 CN CN202310559039.6A patent/CN116668097A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117056914A (en) * | 2023-10-11 | 2023-11-14 | 井芯微电子技术(天津)有限公司 | Endogenous security processing method and system based on heterogeneous operating system |
| CN117056914B (en) * | 2023-10-11 | 2024-01-23 | 井芯微电子技术(天津)有限公司 | Endogenous security processing method and system based on heterogeneous operating system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9201644B2 (en) | Distributed update service | |
| CN109587168B (en) | Network function deployment method based on mimicry defense in software defined network | |
| CN108028853B (en) | System, method, and medium for customizable event-triggered computation at edge locations | |
| WO2019179543A3 (en) | Retrieving public data for blockchain networks using trusted execution environments | |
| CN110704167B (en) | Method, device, equipment and storage medium for creating virtual machine | |
| CN110784515B (en) | Data storage method based on distributed cluster and related equipment thereof | |
| CN106899680A (en) | The burst treating method and apparatus of multi-tiling chain | |
| CN109886693B (en) | Consensus realization method, device, equipment and medium for block chain system | |
| CN109358971B (en) | Rapid and load-balancing service function chain deployment method in dynamic network environment | |
| WO2016161066A1 (en) | Escalation of feedback instances | |
| CN109257334A (en) | A kind of data chain loading system, method and storage medium based on block chain | |
| CN116668097A (en) | Mimicry HSS network element signaling processing method and system | |
| US10884880B2 (en) | Method for transmitting request message and apparatus | |
| CN105553975A (en) | Method for providing network service, device and system | |
| CN112636982A (en) | Network countermeasure environment configuration method and experiment cloud platform system for network countermeasure | |
| CN111143023A (en) | Resource changing method and device, equipment and storage medium | |
| WO2018236688A1 (en) | Security orchestration and network immune system deployment framework | |
| CN104333614B (en) | The method, apparatus and system of terminal recognition | |
| CN113076248B (en) | Application processing method, device and equipment and readable storage medium | |
| WO2016161064A1 (en) | Modes of policy participation for feedback instances | |
| CN114968470A (en) | Container detection method and device based on k8s cluster, electronic equipment and storage device | |
| CN110913019A (en) | Security protection method and device for cloud service | |
| CN110474787B (en) | Node fault detection method and device | |
| CN115032994A (en) | Pilot reselection method and device for unmanned ship formation and storage medium | |
| CN111163055B (en) | Weak authentication method and device for non-ground network access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |