Affiliation:
1. Institute of Information Technology, PLA Information Engineering University, Zhengzhou 450001, China
2. National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450001, China
Abstract
Due to the fine-grained splitting of microservices and frequent communication between microservices, the exposed attack surface of microservices has exploded, facilitating the lateral movement of attackers between microservices. To solve this problem, a multi-dimensional moving target defense method based on an adaptive simulated annealing genetic algorithm (MD2RS) is proposed. Firstly, according to the characteristics of microservices in the cloud, a microservice attack graph is proposed to quantify the attack scenario of microservices in the cloud so as to conveniently and intuitively observe the vulnerability of microservices in the cloud and the dependency relationship between microservices. Secondly, the security gain and resource cost are quantified for the key nodes selected by measuring the degree of dependence of each node according to the degree centrality. Finally, the Adaptive Simulated Annealing Genetic Algorithm (ASAGA) is used to solve the optimal security configuration information of the moving target defense, that is, the combination of the number of copies of the multi-copy deployment and the rotation cycle of the dynamic rotation of microservices, in order to quickly evaluate the security risks of microservices and optimize the security policy. Experiments show that the defense return rate of MD2RS is 85.95% higher than that of the mainstream methods, and the experimental results are conducive to applying this method to the dynamic defense of microservices in the cloud.
Funder
National Key Research and Development Program of China
Major Science and Technology Project of Henan Province in China
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference34 articles.
1. Cloud-native applications;Gannon;IEEE Cloud Comput.,2017
2. A study on the security implications of information leakages in container clouds;Gao;IEEE Trans. Dependable Secur. Comput.,2018
3. Bardas, A.G., Sundaramurthy, S.C., Ou, X., and DeLoach, S.A. (2017). Computer Security–ESORICS 2017, Proceedings of the 22nd European Symposium on Research in Computer Security, Oslo, Norway, 11–15 September 2017, Springer. Proceedings, Part I 22.
4. Toward proactive, adaptive defense: A survey on moving target defense;Cho;IEEE Commun. Surv. Tutor.,2020
5. Evaluating the effectiveness of shuffle and redundancy mtd techniques in the cloud;Alavizadeh;Comput. Secur.,2021