Moving Target Defense Strategy Optimization Scheme for Cloud NativeEnvironment Based on Deep Reinforcement Learning br

被引：1

作者：

Zhang, Shuai ^{[1
]}

Guo, Yunfei ^{[1
]}

Sun, Penghao ^{[2
]}

Cheng, Guozhen ^{[1
]}

Hu, Hongchao ^{[1
]}

机构：

[1] Strateg Support Force Informat Engn Univ, Inst Informat Technol, Zhengzhou 450002, Peoples R China

[2] PLA Acad Mil Sci, Beijing 100000, Peoples R China

来源：

JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY | 2023年 / 45卷 / 02期

关键词：

Cloud native; Moving Target Defense (MTD); Reinforcement learning; Microservice;

D O I：

10.11999/JEIT211589

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

To deal with the difficulty of configuring Moving Target Defense (MTD) strategy under complexityattack scenarios in the cloud native environment, a deep reinforcement learning based moving target defensestrategy optimization scheme (SmartSCR) is proposed. First, the security threats together with the attackpaths are analyzed considering the characteristics of containerization and microservice. Then, in order toevaluate the defense efficiency of moving target defense under complexity attack scenarios in the cloud nativeenvironment, the microservice attack graph model is proposed to defense quantify efficiency. Finally, theoptimization of moving target defense strategy is modeled as a Markov decision process. A deep reinforcementlearning based strategy is proposed to handle the state space explosion under large scale cloud nativeapplications, thus to solve out the optimal configuration for moving target defense strategy. The experimentresults show that SmartSCR can quickly converge under large scale cloud native applications, and achieve nearoptimal defense efficiency

引用

页码：608 / 616

页数：9

共 15 条

[1] Kube5G: A Cloud-Native 5G Service Platform
Arouk, Osama
Nikaein, Navid
[J]. 2020 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2020,
[2] MTD CBITS: Moving Target Defense for Cloud-Based IT Systems
Bardas, Alexandru G.
Sundaramurthy, Sathya Chandran
Ou, Xinming
DeLoach, Scott A.
[J]. COMPUTER SECURITY - ESORICS 2017, PT I, 2018, 10492 : 167 - 186
[3] China Academy of Information and Communications Technology, 2021, CLOUD COMP WHIT PAP
[4] A Study on the Security Implications of Information Leakages in Container Clouds
Gao, Xing
Steenkamer, Benjamin
Gu, Zhongshu
Kayaalp, Mehmet
Pendarakis, Dimitrios
Wang, Haining
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2021, 18 (01) : 174 - 191
[5] Gluck A, 2020, Introducing domain-oriented microservice architecture
[6] DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-Based Cloud
Jin, Hai
Li, Zhi
Zou, Deqing
Yuan, Bin
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2021, 18 (03) : 1125 - 1136
[7] PerfSim: A Performance Simulator for Cloud Native Microservice Chains
Khan, Michel Gokan
Taheri, Javid
Al-Dulaimy, Auday
Kassler, Andreas
[J]. IEEE TRANSACTIONS ON CLOUD COMPUTING, 2023, 11 (02) : 1395 - 1413
[8] Larsen P., 2015, Synthesis Lectures on Information Security, Privacy, Trust, V10, P1
[9] ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks
Lu, Kangjie
Song, Chengyu
Lee, Byoungyoung
Chung, Simon P.
Kim, Taesoo
Lee, Wenke
[J]. CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 280 - 291
[10] Meier R, 2018, PROCEEDINGS OF THE 27TH USENIX SECURITY SYMPOSIUM, P693

← 1 2 →