Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning

ZHANG Shuai; GUO Yunfei; SUN Penghao; CHENG Guozhen; HU Hongchao

doi:10.11999/JEIT211589

Volume 45 Issue 2

Feb. 2023

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2023 > 45(2): 608-616

ZHANG Shuai, GUO Yunfei, SUN Penghao, CHENG Guozhen, HU Hongchao. Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning[J]. Journal of Electronics & Information Technology, 2023, 45(2): 608-616. doi: 10.11999/JEIT211589

Citation:

ZHANG Shuai, GUO Yunfei, SUN Penghao, CHENG Guozhen, HU Hongchao. Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning[J]. Journal of Electronics & Information Technology, 2023, 45(2): 608-616. doi: 10.11999/JEIT211589

Citation:

ZHANG Shuai, GUO Yunfei, SUN Penghao, CHENG Guozhen, HU Hongchao. Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning[J]. Journal of Electronics & Information Technology, 2023, 45(2): 608-616. doi: 10.11999/JEIT211589

PDF( 2840 KB)

Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning

doi: 10.11999/JEIT211589

1.
Institute of Information Technology, Strategic Support Force Information Engineering University, Zhengzhou 450002, China
2.
PLA Academy of Military Sciences, Beijing 100000, China

Funds: The National Key Research and Development Plan (2021YFB1006200, 2021YFB1006201), The National Natural Science Foundation of China (62072467)

Received Date: 2021-12-29
Accepted Date: 2022-06-08
Rev Recd Date: 2022-05-19

Available Online: 2022-06-13

Publish Date: 2023-02-07

Abstract

Abstract

To deal with the difficulty of configuring Moving Target Defense (MTD) strategy under complexity attack scenarios in the cloud native environment, a deep reinforcement learning based moving target defense strategy optimization scheme (SmartSCR) is proposed. First, the security threats together with the attack paths are analyzed considering the characteristics of containerization and microservice. Then, in order to evaluate the defense efficiency of moving target defense under complexity attack scenarios in the cloud native environment, the microservice attack graph model is proposed to defense quantify efficiency. Finally, the optimization of moving target defense strategy is modeled as a Markov decision process. A deep reinforcement learning based strategy is proposed to handle the state space explosion under large scale cloud native applications, thus to solve out the optimal configuration for moving target defense strategy. The experiment results show that SmartSCR can quickly converge under large scale cloud native applications, and achieve near optimal defense efficiency.
- Cloud native,
- Moving Target Defense (MTD),
- Reinforcement learning,
- Microservice

FullText(HTML)

References(15)

References

[1]	中国信息通信研究院. 云计算白皮书[R]. 中国信息通信研究院, 2021. China Academy of Information and Communications Technology. Cloud computing white paper[R]. China Academy of Information and Communications Technology, 2021.
[2]	ZHOU Xiang, PENG Xin, XIE Tao, et al. Fault analysis and debugging of microservice systems: Industrial survey, benchmark system, and empirical study[J]. IEEE Transactions on Software Engineering, 2021, 47(2): 243–260. doi: 10.1109/TSE.2018.2887384
[3]	KHAN M G, TAHERI J, Al-DULAIMY A, et al. PerfSim: A performance simulator for cloud native microservice chains[J]. IEEE Transactions on Cloud Computing, To be published.
[4]	AROUK O and NIKAEIN N. Kube5G: A cloud-native 5G service platform[C]. 2020 IEEE Global Communications Conference, Taipei, China, 2020: 1–6.
[5]	GAO Xing, STEENKAMER B, GU Zhongshu, et al. A study on the security implications of information leakages in container clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(1): 174–191. doi: 10.1109/TDSC.2018.2879605
[6]	NIFE F N and KOTULSKI Z. Application-aware firewall mechanism for software defined networks[J]. Journal of Network and Systems Management, 2020, 28(3): 605–626. doi: 10.1007/s10922-020-09518-z
[7]	BARDAS A G, SUNDARAMURTHY S C, OU Xinming, et al. MTD CBITS: Moving target defense for cloud-based IT systems[C]. The 22nd European Symposium on Research in Computer Security, Oslo, Norway, 2017: 167–186.
[8]	LU Kangjie, SONG Chengyu, LEE B, et al. ASLR-guard: Stopping address space leakage for code reuse attacks[C]. The 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, USA, 2015: 280–291.
[9]	LARSEN P, BRUNTHALER S, DAVI L, et al. Automated Software Diversity[M]. Morgan & Claypool, 2015: 1–8.
[10]	MEIER R, TSANKOV P, LENDERS V, et al. NetHide: Secure and practical network topology obfuscation[C]. The 27th USENIX Security Symposium, Baltimore, USA, 2018: 1–18.
[11]	JIN Hai, LI Zhi, ZOU Deqing, et al. DSEOM: A framework for dynamic security evaluation and optimization of MTD in container-based cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(3): 1125–1136. doi: 10.1109/TDSC.2019.2916666
[12]	GLUCK A. Introducing domain-oriented microservice architecture[EB/OL].https://eng.uber.com/microservice-architecture, 2021.
[13]	NIST. National vulnerability database[EB/OL]. https://nvd.nist.gov/vuln, 2021.
[14]	PENG Wei, LI Feng, HUANG C T, et al. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces[C]. 2014 IEEE International Conference on Communications, Sydney, Australia, 2014: 804–809.
[15]	邱航, 汤红波, 游伟. 基于深度Q网络的在线服务功能链部署方法[J]. 电子与信息学报, 2021, 43(11): 3122–3130. doi: 10.11999/JEIT201009 QIU Hang, TANG Hongbo, and YOU Wei. Online service function chain deployment method based on deep Q network[J]. Journal of Electronics &Information Technology, 2021, 43(11): 3122–3130. doi: 10.11999/JEIT201009