Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (9): 82-89.doi: 10.11896/jsjkx.221000199

• Data Security • Previous Articles     Next Articles

Microservice Moving Target Defense Strategy Based on Adaptive Genetic Algorithm

LIU Xuanyu, ZHANG Shuai, HUO Shumin, SHANG Ke   

  1. Institute of Information Technology,PLA Strategic Support Force Information Engineering University,Zhengzhou 450000,China
  • Received:2022-10-24 Revised:2023-02-08 Online:2023-09-15 Published:2023-09-01
  • About author:LIU Xuanyu,born in 1998,postgra-duate.Her main research interests include cloud computing security and cyberspace security.
    ZHANG Shuai,born in 1994,Ph.D,research assistant.His main research interests include cloud computing security and cyberspace security.
  • Supported by:
    National Natural Science Foundation of China(62072467) and National Key Research and Development Program of China(2021YFB1006200,2021YFB1006201).

PDF (PC)

1893

Abstract: Microservice architecture can effectively improve the agility of software due to its flexible,scalable and other characte-ristics,and has become the most mainstream method of application delivery in the cloud.However,the microservice splitting makes the attack surface of applications grow explosively,which brings great challenges to the design of mobile target defense strategy with the core of “strategic defense”.To solve this problem,a microservice moving target defense strategy based on adaptive genetic algorithm(AGA),namely dynamic rotation strategy(DRS),is proposed.Firstly,based on the characteristics of microservice,the attack path of attackers is analyzed.Then,a microservice attack graph model is proposed to formalize various attack scena-rios,and the security gains and return of defense(RoD) of moving target defense strategies are quantitatively analyzed.Finally,AGA is used to solve the optimal security configuration of mobile target defense,that is,the optimal dynamic rotation cycle of microservices.Experiments show that DRS is scalable,and the defense return rate of DRS increases by 17.25%,41.01% and 222.88% respectively compared with the unified configuration strategy,DSEOM and random configuration strategy.

Key words: Cloud computing, Microservice, Adaptive genetic algorithm, Moving target defense

CLC Number: 

  • TP393
[1]GAO X,STEENKAMER B,GU Z,et al.A study on the security implications of information leakages in container clouds[J].IEEE Transactions on Dependable and Secure Computing,2018,18(1):174-191.
[2]BUZACHIS A,CELESTI A,GALLETTA A,et al.Evaluating an application aware distributed Dijkstra shortest path algorithm in hybrid cloud/edge environments[J].IEEE Transactions on Sustainable Computing,2021,7(2):289-298.
[3]CERNY T,DONAHOO M J,PECHANEC J.Disambiguationand comparison of soa,microservices and self-contained systems[C]//Proceedings of the International Conference on Research in Adaptive and Convergent Systems.2017:228-235.
[4]PRACHITMUTITA I,AITTINONMONGKOL W,POJJANASUKSAKUL N,et al.Auto-scaling microservices on IaaS under SLA with cost-effective framework[C]//2018 Tenth International Conference on Advanced Computational Intelligence(ICACI).IEEE,2018:583-588.
[5]SULTAN S,AHMAD I,DIMITRIOU T.Container security:Issues,challenges,and the road ahead[J].IEEE Access,2019,7:52976-52996.
[6]SOLDANI J,TAMBURRI D A,VAN DEN HEUVEL W J.Thepains and gains of microservices:A systematic grey literature review[J].Journal of Systems and Software,2018,146:215-232.
[7]HEORHIADI V,RAJAGOPALAN S,JAMJOOM H,et al.Gremlin:Systematic resilience testing of microservices[C]//2016 IEEE 36th International Conference on Distributed Computing Systems(ICDCS).IEEE,2016:57-66.
[8]ZHANG S,GUO Y F,SUN P H,et al.Deep ReinforcementLearning based Moving Target Defense Strategy Optimization Scheme for Cloud Native Environment[J].Journal of Electro-nics & Information Technology,2022,44:1-9.
[9]WANG Y,GUO Y,GUO Z,et al.Securing the intermediate data of scientific workflows in clouds with ACISO[J].IEEE Access,2019,7:126603-126617.
[10]ALAVIZADEH H,HONG J B,JANG-JACCARD J,et al.Comprehensive security assessment of combined MTD techniques for the cloud[C]//Proceedings of the 5th ACM Workshop on Mo-ving Target Defense.2018:11-20.
[11]ALAVIZADEH H,HONG J B,KIM D S,et al.Evaluating the effectiveness of shuffle and redundancy mtd techniques in the cloud[J].Computers & Security,2021,102:102091.
[12]ALAVIZADEH H,JANG-JACCARD J,KIM D S.Evaluation for combination of shuffle and diversity on moving target defense strategy for cloud computing[C]//2018 17th IEEE International Conference on Trust,Security And Privacy In Computing And Communications/12th IEEE International Conference on Big Data Science And Engineering(TrustCom/BigDataSE).IEEE,2018:573-578.
[13]CHO J H,SHARMA D P,ALAVIZADEH H,et al.Toward proactive,adaptive defense:A survey on moving target defense[J].IEEE Communications Surveys & Tutorials,2020,22(1):709-745.
[14]WANG L,WU D.Moving target defense against network reconnaissance with software defined networking[C]//International Conference on Information Security.Cham:Springer,2016:203-217.
[15]TORQUATO M,MACIEL P,VIEIRA M.Analysis of vm migration scheduling as moving target defense against insider attacks[C]//Proceedings of the 36th Annual ACM Symposium on Applied Computing.2021:194-202.
[16]JIN H,LI Z,ZOU D,et al.Dseom:A framework for dynamic security evaluation and optimization of mtd in container-based cloud[J].IEEE Transactions on Dependable and Secure Computing,2019,18(3):1125-1136.
[17]YING F,ZHAO S,DENG H.Microservice Security Framework for IoT by Mimic Defense Mechanism[J].Sensors,2022,22(6):2418.
[18]NIFE F N,KOTULSKI Z.Application-aware firewall mecha-nism for software defined networks[J].Journal of Network and Systems Management,2020,28(3):605-626.
[19]BARDAS A G,SUNDARAMURTHY S C,OU X,et al.MTD CBITS:Moving target defense for cloud-based IT systems[C]//European Symposium on Research in Computer Security.Cham:Springer,2017:167-186.
[20]ZENG W,HU H C,LI L S,et al.Dynamic heterogeneous sche-duling method based on Stackelberg game model in container cloud[J].Chinese Journal of Network and Information Security,2021,7(3):95-104.
[21]CONNELL W,MENASCE D A,ALBANESE M.Performancemodeling of moving target defenses with reconfiguration limits[J].IEEE Transactions on Dependable and Secure Computing,2018,18(1):205-219.
[22]MALEKI H,VALIZADEH S,KOCH W,et al.Markov mode-ling of moving target defense games[C]//Proceedings of the 2016 ACM Workshop on Moving Target Defense.2016:81-92.
[23]PENG W,LI F,HUANG C T,et al.A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces[C]//2014 IEEE International Conference on Communications(ICC).IEEE,2014:804-809.
[24]HONG J B,KIM D S.Assessing the effectiveness of moving target defenses using security models[J].IEEE Transactions on Dependable and Secure Computing,2015,13(2):163-177.
[25]ALAVIZADEH H,KIM D S,JANG-JACCARD J.Model-based evaluation of combinations of shuffle and diversity MTD techniques on the cloud[J].Future Generation Computer Systems,2020,111:507-522.
[26]HUTCHINS E M,CLOPPERT M J,AMIN R M.Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J].Leading Issues in Information Warfare & Security Research,2011,1(1):80.
[27]INGOLS K,LIPPMANN R,PIWOWARSKI K.Practical attack graph generation for network defense[C]//2006 22nd Annual Computer Security Applications Conference(ACSAC'06).IEEE,2006:121-130.
[28]FIRST.Common Vulnerability Scoring System v3.1:Specification Document[EB/OL].https://www.first.org/cvss/v3.1/specification-document.
[29]LI H,GUO Y,SUN P,et al.An optimal defensive deceptionframework for the container-based cloud with deep reinforcement learning[J].IET Information Security,2022,16(3):178-192.
[30]CASAS I,TAHERI J,RANJAN R,et al.GA-ETI:an enhanced genetic algorithm for the scheduling of scientific workflows in cloud environments[J].Journal of Computational Science,2018,26:318-331.
[31]TAHIR M,SARDARAZ M,MEHMOOD Z,et al.CryptoGA:a cryptosystem based on genetic algorithm for cloud data security[J].Cluster Computing,2021,24(2):739-752.
[1] LI Yinghao, GUO Haogong, LIU Panpan, XIANG Yihao, LIU Chengming. Cloud Platform Load Prediction Method Based on Temporal Convolutional Network [J]. Computer Science, 2023, 50(7): 254-260.
[2] ZAHO Peng, ZHOU Jiantao, ZHAO Daming. Cloud Computing Load Prediction Method Based on Hybrid Model of CEEMDAN-ConvLSTM [J]. Computer Science, 2023, 50(6A): 220300272-9.
[3] YANG Qianlong, JIANG Lingyun. Study on Load Balancing Algorithm of Microservices Based on Machine Learning [J]. Computer Science, 2023, 50(5): 313-321.
[4] SHANG Yuye, YUAN Jiabin. Task Offloading Method Based on Cloud-Edge-End Cooperation in Deep Space Environment [J]. Computer Science, 2023, 50(2): 80-88.
[5] GAO Chun-gang, WANG Yong-jie, XIONG Xin-li. MTDCD:A Hybrid Defense Mechanism Against Network Intrusion [J]. Computer Science, 2022, 49(7): 324-331.
[6] GAO Shi-yao, CHEN Yan-li, XU Yu-lan. Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing [J]. Computer Science, 2022, 49(3): 313-321.
[7] MA Xin-yu, JIANG Chun-mao, HUANG Chun-mei. Optimal Scheduling of Cloud Task Based on Three-way Clustering [J]. Computer Science, 2022, 49(11A): 211100139-7.
[8] ZHOU Qian, DAI Hua, SHENG Wen-jie, HU Zheng, YANG Geng. Research on Verifiable Keyword Search over Encrypted Cloud Data:A Survey [J]. Computer Science, 2022, 49(10): 272-278.
[9] WANG Zheng, JIANG Chun-mao. Cloud Task Scheduling Algorithm Based on Three-way Decisions [J]. Computer Science, 2021, 48(6A): 420-426.
[10] PAN Rui-jie, WANG Gao-cai, HUANG Heng-yi. Attribute Access Control Based on Dynamic User Trust in Cloud Computing [J]. Computer Science, 2021, 48(5): 313-319.
[11] CHEN Yu-ping, LIU Bo, LIN Wei-wei, CHENG Hui-wen. Survey of Cloud-edge Collaboration [J]. Computer Science, 2021, 48(3): 259-268.
[12] JIANG Hui-min, JIANG Zhe-yuan. Reference Model and Development Methodology for Enterprise Cloud Service Architecture [J]. Computer Science, 2021, 48(2): 13-22.
[13] LU Yi-fan, CAO Rui-hao, WANG Jun-li, YAN Chun-gang. Method of Encapsulating Procuratorate Affair Services Based on Microservices [J]. Computer Science, 2021, 48(2): 33-40.
[14] WANG Wen-juan, DU Xue-hui, REN Zhi-yu, SHAN Di-bin. Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation [J]. Computer Science, 2021, 48(2): 317-323.
[15] WANG Tao, ZHANG Shu-dong, LI An, SHAO Ya-ru, ZHANG Wen-bo. Anomaly Propagation Based Fault Diagnosis for Microservices [J]. Computer Science, 2021, 48(12): 8-16.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.