Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (5): 375-383.doi: 10.11896/jsjkx.240500033

• Information Security • Previous Articles     Next Articles

Intrusion Tolerance Scheduling Algorithm for Microservice Workflow Based on Deep Reinforcement Learning

LI Yuanbo1,2, HU Hongchao1, YANG Xiaohan1, GUO Wei1, LIU Wenyan1,3   

  1. 1 Institute of Information Technology,Information Engineering University,Zhengzhou 450000,China
    2 School of Computer Science,Luoyang Institute of Science and Technology,Luoyang,Henan 471000,China
    3 Key Laboratory of Cyberspace Security,Ministry of Education,Zhengzhou 450000,China
  • Received:2024-05-09 Revised:2024-09-14 Online:2025-05-15 Published:2025-05-12
  • About author:LI Yuanbo,born in 1988,doctoral candidate.His main research interests include cloud computing,endogenous security and active defense.
    HU Hongchao,born in 1982,professor,Ph.D supervisor.His main research interests include cloud computing and network security.
  • Supported by:
    National Natural Science Foundation of China(62072467),National Key Research and Development Program of China(2021YFB1006201),Science and Technology Research Project of Henan Province(242102210127) and Major Science and Technology Special Projects of Henan Province(221100211200-02).

PDF (PC)

73

Abstract: With the rapid development of microservices and container technology,applications executed in the cloud can be completed by multiple microservices with dependencies.However,microservices for container clouds face many security threats due to shared resources.Attackers in the cloud can destroy them directly or indirectly through side channels,container escape,resulting in incorrect output results,which will bring huge losses to users in the cloud.Therefore,an intrusion tolerance scheduling algorithm for microservice workflow(ITSAMW) is proposed to improve the security of the system under the container clouds.Firstly,ITSAMW builds three replicas of each microservice and uses a voting mechanism to guarantee security.ITSAMW studies how to schedule these microservice replicas and proves the location constraints that microservice intrusion tolerance scheduling needs to meet.Secondly,it constructs a microservices scheduling and completion delay model,redefines the security scheduling problem of microservices,and solves the problem with deep reinforcement learning.Finally,in order to verify the effectiveness of ITSAMW,experiments are conducted by using the container clouds simulation platform that Kubernetes builds and are evaluated by using intrusion tolerance,completion delay and load balancing.Experimental results show that compared with the existing methods,under the condition that the completion delay of ITSAMW is increased by 17.6%,the intrusion tolerance is increased by 28.1%,and the load balancing is reduced by 13.7%.

Key words: Microservices, Container cloud, Workflow, Intrusion tolerance, Deep reinforcement learning

CLC Number: 

  • TP393.08
[1]ZHOU X,PENG X,XIE T,et al.Fault Analysis and Debugging of Microservice Systems:Industrial Survey,Benchmark System,and Empirical Study[J].IEEE Transactions on Software Engineering,2021,47(2):243-260.
[2]KHAN M,TAHERI J,Al-DULAIMY A,et al.PerfSim:A Performance Simulator for Cloud Native Computing[J].IEEE Transactions on Cloud Computing,2021,11(2):1395-1413.
[3]AROUK O,NIKAEIN N.Kube5G:A Cloud-Native 5G Service Platform[C]// Proceedings of Global Communications Confe-rence(GLOBECOM).IEEE,2020:1-8.
[4]ZHAO P,WU L,HONG Z,et al.Research on Multi-cloud Access Control Policy Integration Framework[J].China Communications,2019,16(9):222-234.
[5]PEREIRA-VALE A,FERNANDEZ E B,MONGE R,et al.Security in Microservice-based Systems:A Multivocal Literature Review[J].Computers & Security,2021,103:102200.
[6]LI C,LIU J,WANG M,et al.Fault-tolerant Scheduling and Data Placement for Scientific Workflow Processing in Geo-distributed Clouds[J].Journal of Systems and Software,2022,187:111227.
[7]WEN Z,QASHA R,LI Z,et al.Dynamically Partitioning Workflow Over Federated Clouds for Optimising the Monetary Cost and Handling Run-time Failures[J].IEEE Transactions on Cloud Computing,2020,8(4):1093-1107.
[8]ZHOU X,ZHANG G,SUN J,et al.Minimizing Cost andMakespan for Workflow Scheduling in Cloud Using Fuzzy Domi-nance Sort Based HEFT[J].Future Generation Computer Systems,2019,93:278-289.
[9]WU Q,ISHIKAWA F,ZHU Q,et al.Deadline-Constrained Cost Optimization Approaches for Workflow Scheduling in Clouds[J].IEEE Transactions on Parallel and Distributed Systems,2017,28(12):3401-3412.
[10]ARABNEJAD V,BUBENDORFER K,NG B.Dynamic Multi-workflow Scheduling:A Deadline and Cost-aware Approach for Commercial Clouds[J].Future Generation Computer Systems,2019,100:98-108.
[11]ZHOU Z,YU S,CHEN W,et al.CE-IoT:Cost-effective Cloud-edge Resource Provisioning for Heterogeneous IoT Applications[J].IEEE Internet of Things Journal,2020,7(9):8600-8614.
[12]WANG S,DING Z,JIANG C.Elastic Scheduling for Microservice Applications in Clouds[J].IEEE Transactions on Parallel and Distributed Systems,2021,32(1):98-115.
[13]LI W,LI X,RUIZ R.Scheduling Microservice-based Workflows to Containers in on-demand Cloud Resources[C]//2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design(CSCWD).IEEE,2021:61-66.
[14]YAO G,DING Y,REN L,et al.An Immune System-inspiredRescheduling Algorithm for Workflow in Cloud Systems[J].Knowledge-Based Systems,2016,99:39-50.
[15]GILL S S,BUYYA R.SECURE:Self-protection Approach in Cloud Resource Management[J].IEEE Cloud Computing,2018,5(1):60-72.
[16]YAO G,DING Y,HAO K.Using Imbalance Characteristic for Fault-tolerant Workflow Scheduling in Cloud Systems[J].IEEE Transactions on Parallel and Distributed Systems,2017,28(12):3671-3683.
[17]ZHOU C,WANG T,LI L,et al.Makespan and Security-aware Workflow Scheduling for Cloud Service Cost Minimization Using Firefly Optimizer[C]//International Conference on Algorithms and Architectures for Parallel Processing.Springer Nature Switzerland,2023:620-641.
[18]MENG S,HUANG W,YIN X,et al.Security-aware DynamicScheduling for Real-time Optimization in Cloud-based Industrial Applications[J].IEEE Transactions on Industrial Informatics,2021,17(6):4219-4228.
[19]DING Y,YAO G,HAO K.Fault-tolerant Elastic Scheduling Algorithm for Workflow in Cloud Systems[J].Information Sciences,2018,393:47-65.
[20]WANG Y,GUO Y,GUO Z,et al.Protecting Scientific Workflows in Clouds with an Intrusion Tolerant System[J].IET Information Security,2020,14(2):157-165.
[21]LI H,GUO Y,SUN P,et al.An Optimal Defensive Deception Framework for the Container-based Cloud with Deep Reinforcement Learning[J].IET Information Security,2022,16(3):178-192.
[22]ZHOU D,CHEN H,CHENG G.A Security Containers Placement Algorithm Based on DQN for Microservices to Defend Against Co-Resident Threat[C]//2023 8th International Confe-rence on Computer and Communication Systems(ICCCS).IEEE,2023:683-688.
[1] ZHENG Longhai, XIAO Bohuai, YAO Zewei, CHEN Xing, MO Yuchang. Graph Reinforcement Learning Based Multi-edge Cooperative Load Balancing Method [J]. Computer Science, 2025, 52(3): 338-348.
[2] DU Likuan, LIU Chen, WANG Junlu, SONG Baoyan. Self-learning Star Chain Space Adaptive Allocation Method [J]. Computer Science, 2025, 52(3): 359-365.
[3] HUO Xingpeng, SHA Letian, LIU Jianwen, WU Shang, SU Ziyue. Windows Domain Penetration Testing Attack Path Generation Based on Deep Reinforcement Learning [J]. Computer Science, 2025, 52(3): 400-406.
[4] XU Donghong, LI Bin, QI Yong. Task Scheduling Strategy Based on Improved A2C Algorithm for Cloud Data Center [J]. Computer Science, 2025, 52(2): 310-322.
[5] WANG Tianjiu, LIU Quan, WU Lan. Offline Reinforcement Learning Algorithm for Conservative Q-learning Based on Uncertainty Weight [J]. Computer Science, 2024, 51(9): 265-272.
[6] ZHOU Wenhui, PENG Qinghua, XIE Lei. Study on Adaptive Cloud-Edge Collaborative Scheduling Methods for Multi-object State Perception [J]. Computer Science, 2024, 51(9): 319-330.
[7] GAO Yuzhao, NIE Yiming. Survey of Multi-agent Deep Reinforcement Learning Based on Value Function Factorization [J]. Computer Science, 2024, 51(6A): 230300170-9.
[8] WANG Shuanqi, ZHAO Jianxin, LIU Chi, WU Wei, LIU Zhao. Fuzz Testing Method of Binary Code Based on Deep Reinforcement Learning [J]. Computer Science, 2024, 51(6A): 230800078-7.
[9] LI Danyang, WU Liangji, LIU Hui, JIANG Jingqing. Deep Reinforcement Learning Based Thermal Awareness Energy Consumption OptimizationMethod for Data Centers [J]. Computer Science, 2024, 51(6A): 230500109-8.
[10] YANG Xiuwen, CUI Yunhe, QIAN Qing, GUO Chun, SHEN Guowei. COURIER:Edge Computing Task Scheduling and Offloading Method Based on Non-preemptivePriorities Queuing and Prioritized Experience Replay DRL [J]. Computer Science, 2024, 51(5): 293-305.
[11] LI Junwei, LIU Quan, XU Yapeng. Option-Critic Algorithm Based on Mutual Information Optimization [J]. Computer Science, 2024, 51(2): 252-258.
[12] SHI Dianxi, PENG Yingxuan, YANG Huanhuan, OUYANG Qianying, ZHANG Yuhui, HAO Feng. DQN-based Multi-agent Motion Planning Method with Deep Reinforcement Learning [J]. Computer Science, 2024, 51(2): 268-277.
[13] ZHAO Xiaoyan, ZHAO Bin, ZHANG Junna, YUAN Peiyan. Study on Cache-oriented Dynamic Collaborative Task Migration Technology [J]. Computer Science, 2024, 51(2): 300-310.
[14] WANG Kewen, ZHANG Weiting, LIAO Peixi. Deterministic Transmission Scheduling Mechanism for Mixed Traffic Flows Towards Digital Twin Networks [J]. Computer Science, 2024, 51(12): 37-45.
[15] LU Yue, WANG Qiong, LIU Shun, LI Qingtao, LIU Yang, WANG Hongbiao. Reinforcement Learning Algorithm for Charging/Discharging Control of Electric Vehicles Considering Battery Loss [J]. Computer Science, 2024, 51(11A): 231200147-7.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.