Scheduling Algorithm Based on Heterogeneity and Confidence for Mimic Defense

  • Wenjian Zhang Information Engineering University, Zhengzhou 450002, China
  • Shuai Wei Information Engineering University, Zhengzhou 450002, China
  • Le Tian Information Engineering University, Zhengzhou 450002, China
  • Ke Song Information Engineering University, Zhengzhou 450002, China
  • Zhengbin Zhu Information Engineering University, Zhengzhou 450002, China
Keywords: Mimic defense, security, heterogeneity, confidence, TOPSIS, operating efficiency

Abstract

As a defense technology with endogenous security, mimic defense plays an important role in network security research. The scheduling of executors is one of the severe problems to take into account for mimic defense, and current research lacks comprehensive consideration of the influence of system architecture and attack behavior on scheduling algorithm. Based on previous research, this paper first introduces concept of heterogeneity and confidence according to vulnerability attributes and attack distribution characteristics to characterize the executors. Moreover, the TOPSIS (Technique for Order Preference by Similarity to an Ideal Solution) algorithm is brought in to optimize the system security and improve operating efficiency. Experimental results showed that,compared with the existing algorithms, Random, MD, RSMS, it improves the security of the system in non-uniform distributed attack scenario and the operating efficiency in each attack scenario.

Downloads

Download data is not yet available.

Author Biographies

Wenjian Zhang, Information Engineering University, Zhengzhou 450002, China

Wenjian Zhang is a Research Associate of the Information Engineering University, Zhengzhou, China. He received the B.S. and M.S. degrees in Electronic and Information Engineering System from Information Engineering University, Zhengzhou, Henan, China, in 2010 and 2013, respectively, where he is currently pursuing the Ph.D. degree in system from Information Engineering University. His research focuses on information security, network programmable design, integrated circuit design.

Shuai Wei, Information Engineering University, Zhengzhou 450002, China

Shuai Wei is a Research Associate of the Information Engineering University, Zhengzhou, China. He received the B.S. degree in computer science and technology, the M.S. degree in Software Engineering, and the Ph.D. degree in High performance computing and Parallel Compiling in 2005, 2008, and 2012, respectively. His research focuses on high performance computing, cyber security, and machine learning.

Le Tian, Information Engineering University, Zhengzhou 450002, China

Le Tian is a Research Associate of the Information Engineering University, Zhengzhou, China. He received the B.S. and M.S. degrees in electronic and information engineering system from Information Engineering University, Zhengzhou, Henan, China, in 2010 and 2013, respectively. And Le Tian received his Ph.D. degree in Computer Science from the University of Antwerp in the Internet technology and Data science Lab (IDLab), Belgium, in 2019. His research focuses on IEEE 802.11 WLANs, Internet of Things, network protocols and network architectures.

Ke Song, Information Engineering University, Zhengzhou 450002, China

Ke Song is a Associate researcher of the Information Engineering University, Zhengzhou, China. He received the B.S. in Automation from Hefei University of Technology, Hefei, Anhui, China, in 1999. And he received the M.S. degrees in Control Science and Engineering from Xi’an Jiaotong University, Xi’an, Shanxi, China, in 2004. And Ke Song received his Ph.D. degree in Computer Science and Technology from Fifty-sixth Institute, Wuxi, Jiangsu, China, in 2020. His research focuses on Integrated circuit design technology and information security VLSI/SoC, Network architecture and network security technology.

Zhengbin Zhu, Information Engineering University, Zhengzhou 450002, China

Zhengbin Zhu is a Ph.D. student at the University of Information Engineering University since spring 2019. He attended the Wuhan University, majoring in mathematics where he received his B.Sc. in Information and Computing Science in 2015. Zhu is now mainly focusing on Cyberspace Mimic Defense.

References

E.Cole, Network security bible, John Wiley & Sons, 2011.

J. H. Cho,et al., Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense,Ieee Communications Surveys and Tutorials, 22(1): 709-745, 2020.

J. X. Wu, Intention and vision of mimic computing and mimic security defense, Telecommunications Science, 30 (7): 2-7, 2014.

J. J. Zheng, and A. S.Namin, A Survey on the Moving Target Defense Strategies: An Architectural Perspective, Journal of Computer Science and Technology, 34(1): 207-233, 2019.

J. X. Wu, Research on mimic defense in cyberspace. Journal of information security, (4): 1-10, 2016.

C. Qi, et al., An aware-scheduling security architecture with priority-equal multi-controller for SDN, China Communications, 14(9): 144-154, 2017.

H. C. Hu, et al., MNOS: a mimic network operating system for software defined networks, IET Information Security, 11(6): 345-355, 2017.

Z. Zhang, B. L. Ma, andJ. X.Wu, Test and analysis of web server mimic defense principle verification system, Journal of information security, 2 (01): 13-28, 2017.

L. M. Pu, et al., Heterogeneous executor scheduling algorithm for mimic cloud service, Journal on Communications, 41 (03): 17-24, 2020.

K. Song,et al., Endogenous security architecture of Ethernet switch based on mimic defense, Journal on Communications, 41 (5): 18-26, 2020.

W. J. Zhang,et al., A programmable semantic parsing method for mimic judgment, Journal on Communications, 41 (4): 62-69, 2020.

H. C. Hu,et al., Mimic defense: a designed-in cybersecurity defense framework, IET Information Security, 12(3): 226-237, 2017.

W.Guo,et al., Scheduling Sequence Control Method Based on Sliding Window in Cyberspace Mimic Defense, IEEE Access, 8: 1517 - 1533, 2019.

C. Qi,et al. Dynamic-scheduling mechanism of controllers based on security policy in software-defined network, Electronics letters, 52(23): 1918-1920, 2016.

C. H. Li, et al., Mimic defense method of service deployment in SDN. Journal on Communications, 39 (S2): 121-130, 2018.

Q. R. Liu, S. J. Lin, and Z. Y.Gu, Heterogeneous functional equivalence scheduling algorithm for mimic security defense, Journal on Communications, 39 (07): 188-198, 2018.

J. X. Zhang, J. M. Pang, Z. Zhang. A mimic structured method to quantify the heterogeneity of web servers, Journal on Communications, 31 (02): 564-577, 2020.

Z. Q. Wu, et al., A mimic ruling optimization method based on executive heterogeneity, Computer Engineering: 1-8, 2019.

M.Behzadian,et al., A state-of the-art survey of TOPSIS applications, Expert Systems with applications, 39(17): 13051-13069, 2012.

M. Garcia,et al., OS diversity for intrusion tolerance: Myth or reality?, IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN), Hong Kong: 383-394, 2011.

M. Garcia,et al., Analysis of operating system diversity for intrusion tolerance, Software-Practice & Experience, 44(6): 735-770, 2014.

Published
2020-12-25
Section
Advanced Practice in Web Engineering