Advanced Search
Volume 45 Issue 2
Feb.  2023
Turn off MathJax
Article Contents
ZHANG Shuai, GUO Yunfei, SUN Penghao, CHENG Guozhen, HU Hongchao. Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning[J]. Journal of Electronics & Information Technology, 2023, 45(2): 608-616. doi: 10.11999/JEIT211589
Citation: ZHANG Shuai, GUO Yunfei, SUN Penghao, CHENG Guozhen, HU Hongchao. Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning[J]. Journal of Electronics & Information Technology, 2023, 45(2): 608-616. doi: 10.11999/JEIT211589

Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment Based on Deep Reinforcement Learning

doi: 10.11999/JEIT211589
Funds:  The National Key Research and Development Plan (2021YFB1006200, 2021YFB1006201), The National Natural Science Foundation of China (62072467)
  • Received Date: 2021-12-29
  • Accepted Date: 2022-06-08
  • Rev Recd Date: 2022-05-19
  • Available Online: 2022-06-13
  • Publish Date: 2023-02-07
  • To deal with the difficulty of configuring Moving Target Defense (MTD) strategy under complexity attack scenarios in the cloud native environment, a deep reinforcement learning based moving target defense strategy optimization scheme (SmartSCR) is proposed. First, the security threats together with the attack paths are analyzed considering the characteristics of containerization and microservice. Then, in order to evaluate the defense efficiency of moving target defense under complexity attack scenarios in the cloud native environment, the microservice attack graph model is proposed to defense quantify efficiency. Finally, the optimization of moving target defense strategy is modeled as a Markov decision process. A deep reinforcement learning based strategy is proposed to handle the state space explosion under large scale cloud native applications, thus to solve out the optimal configuration for moving target defense strategy. The experiment results show that SmartSCR can quickly converge under large scale cloud native applications, and achieve near optimal defense efficiency.
  • loading
  • [1]
    中国信息通信研究院. 云计算白皮书[R]. 中国信息通信研究院, 2021.

    China Academy of Information and Communications Technology. Cloud computing white paper[R]. China Academy of Information and Communications Technology, 2021.
    [2]
    ZHOU Xiang, PENG Xin, XIE Tao, et al. Fault analysis and debugging of microservice systems: Industrial survey, benchmark system, and empirical study[J]. IEEE Transactions on Software Engineering, 2021, 47(2): 243–260. doi: 10.1109/TSE.2018.2887384
    [3]
    KHAN M G, TAHERI J, Al-DULAIMY A, et al. PerfSim: A performance simulator for cloud native microservice chains[J]. IEEE Transactions on Cloud Computing, To be published.
    [4]
    AROUK O and NIKAEIN N. Kube5G: A cloud-native 5G service platform[C]. 2020 IEEE Global Communications Conference, Taipei, China, 2020: 1–6.
    [5]
    GAO Xing, STEENKAMER B, GU Zhongshu, et al. A study on the security implications of information leakages in container clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(1): 174–191. doi: 10.1109/TDSC.2018.2879605
    [6]
    NIFE F N and KOTULSKI Z. Application-aware firewall mechanism for software defined networks[J]. Journal of Network and Systems Management, 2020, 28(3): 605–626. doi: 10.1007/s10922-020-09518-z
    [7]
    BARDAS A G, SUNDARAMURTHY S C, OU Xinming, et al. MTD CBITS: Moving target defense for cloud-based IT systems[C]. The 22nd European Symposium on Research in Computer Security, Oslo, Norway, 2017: 167–186.
    [8]
    LU Kangjie, SONG Chengyu, LEE B, et al. ASLR-guard: Stopping address space leakage for code reuse attacks[C]. The 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, USA, 2015: 280–291.
    [9]
    LARSEN P, BRUNTHALER S, DAVI L, et al. Automated Software Diversity[M]. Morgan & Claypool, 2015: 1–8.
    [10]
    MEIER R, TSANKOV P, LENDERS V, et al. NetHide: Secure and practical network topology obfuscation[C]. The 27th USENIX Security Symposium, Baltimore, USA, 2018: 1–18.
    [11]
    JIN Hai, LI Zhi, ZOU Deqing, et al. DSEOM: A framework for dynamic security evaluation and optimization of MTD in container-based cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(3): 1125–1136. doi: 10.1109/TDSC.2019.2916666
    [12]
    GLUCK A. Introducing domain-oriented microservice architecture[EB/OL].https://eng.uber.com/microservice-architecture, 2021.
    [13]
    NIST. National vulnerability database[EB/OL]. https://nvd.nist.gov/vuln, 2021.
    [14]
    PENG Wei, LI Feng, HUANG C T, et al. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces[C]. 2014 IEEE International Conference on Communications, Sydney, Australia, 2014: 804–809.
    [15]
    邱航, 汤红波, 游伟. 基于深度Q网络的在线服务功能链部署方法[J]. 电子与信息学报, 2021, 43(11): 3122–3130. doi: 10.11999/JEIT201009

    QIU Hang, TANG Hongbo, and YOU Wei. Online service function chain deployment method based on deep Q network[J]. Journal of Electronics &Information Technology, 2021, 43(11): 3122–3130. doi: 10.11999/JEIT201009
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(4)  / Tables(2)

    Article Metrics

    Article views (963) PDF downloads(186) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return