基于安全威胁预测的5G网络切片功能迁移策略

doi:10.11772/j.issn.1001-9081.2018061399

计算机应用 ›› 2019, Vol. 39 ›› Issue (2): 446-452.DOI: 10.11772/j.issn.1001-9081.2018061399

基于安全威胁预测的5G网络切片功能迁移策略

何赞园, 王凯, 牛犇, 游伟, 汤红波

国家数字交换系统工程技术研究中心, 郑州 450002

收稿日期:2018-07-05 修回日期:2018-09-13 出版日期:2019-02-10 发布日期:2019-02-15
通讯作者: 何赞园
作者简介:何赞园(1975-)男,河南灵宝人,副研究员,硕士,主要研究方向:网络空间安全;王凯(1980-)男,河南南阳人,副研究员,博士研究生,主要研究方向:网络空间安全;牛犇(1992-),男,内蒙古呼和浩特人,硕士研究生,主要研究方向:5G网络安全、网络功能虚拟化;游伟(1984-),男,江西宜春人,讲师,博士,主要研究方向:密码学、5G网络安全;汤红波(1968-)男,湖北孝感人,教授,博士生导师,硕士,主要研究方向:移动通信网络、新型网络体系结构。
基金资助:
国家重点研发计划项目（2016YFB0801605）；国家自然科学基金创新研究群体项目（61521003）。

5G network slicing function migration strategy based on security threat prediction

HE Zanyuan, WANG Kai, NIU Ben, YOU Wei, TANG Hongbo

National Digital Switching System Engineering and Technological R & D Center, Zhengzhou Henan 450002, China

Received:2018-07-05 Revised:2018-09-13 Online:2019-02-10 Published:2019-02-15
Supported by:
This work is partially supported by the National Key Research and Development Program (2016YFB0801605), the Program of National Natural Science Foundation of Innovative Research Groups (61521003).

摘要/Abstract

摘要： 随着虚拟化技术的发展，同驻攻击成为窃取用户敏感信息的重要攻击手段。针对现有虚拟机动态迁移方法对同驻攻击反应的滞后性，在5G网络切片背景下，提出了一种基于安全威胁预测的虚拟网络功能迁移策略。首先，通过隐马尔可夫模型（HMM）对网络切片运行安全进行建模，利用多源异构数据信息对网络安全威胁进行威胁预测；然后，根据安全预测结果，采用相应的虚拟网络功能迁移策略迁移以使迁移开销最小。仿真实验结果表明:利用HMM能对安全威胁进行有效的预测，同时该迁移策略能够有效减少迁移开销与信息泄漏时间，具有较好的同驻攻击防御效果。

关键词: 网络切片, 安全威胁, 迁移, 同驻攻击

Abstract: With the development of virtualization technology, co-resident attack becomes a common means to steal sensitive information from users. Aiming at the hysteresis of existing virtual machine dynamic migration method reacting to co-resident attacks, a virtual network function migration strategy based on security threat prediction in the context of 5G network slicing was proposed. Firstly, network slicing operation security was modeled based on Hidden Markov Model (HMM), and the network security threats were predicted by multi-source heterogeneous data. Then according to the security prediction results, the migration cost was minimized by adopting the corresponding virtual network function migration strategy. Simulation experimental results show that the proposed strategy can effectively predict the security threats and effectively reduce the migration overhead and information leakage time by using HMM, which has a better defense effect against co-resident attack.

Key words: network slicing, security threat, migration, co-resident attack

中图分类号:

TN915.81

何赞园, 王凯, 牛犇, 游伟, 汤红波. 基于安全威胁预测的5G网络切片功能迁移策略[J]. 计算机应用, 2019, 39(2): 446-452.

HE Zanyuan, WANG Kai, NIU Ben, YOU Wei, TANG Hongbo. 5G network slicing function migration strategy based on security threat prediction[J]. Journal of Computer Applications, 2019, 39(2): 446-452.

参考文献

[1] FOUKAS X, PATOUNAS G, ELMOKASHFI A, et al. Network slicing in 5G:survey and challenges[J]. IEEE Communications Magazine, 2017, 55(5):94-100.
[2] ORDONEZ-LUCENA J, AMEIGEIRAS P, LOPEZ D, et al. Network slicing for 5G with SDN/NFV:concepts, architectures, and challenges[J]. IEEE Communications Magazine, 2017, 55(5):80-87.
[3] FISCHER A, de MEER H. Position paper:secure virtual network embedding[J]. Praxis der Informationsverarbeitung und Kommunikation, 2011, 34(4):190-193.
[4] ALJUHANI A, ALHARBI T. Virtualized network functions security attacks and vulnerabilities[C]//Proceedings of the 2017 IEEE 7th Annual Computing and Communication Workshop and Conference. Piscataway, NJ:IEEE, 2017:1-4.
[5] IRAZOQUI G, EISENBARTH T, SUNAR B. SMYMA:a shared cache attack that works across cores and defies VM sandboxing-and it's application to AES[C]//Proceedings of the 2015 IEEE Symposium on Security and Privacy. Piscataway, NJ:IEEE, 2015:591-604.
[6] LIU F, YAROM Y, GE Q, et al. Last-level cache side-channel attacks are practical[C]//Proceedings of the 2015 IEEE Symposium on Security and Privacy. Piscataway, NJ IEEE, 2015:605-622.
[7] NAHAPETIAN A. Side-channel attacks on mobile and wearable systems[C]//Proceedings of the 2016 IEEE 13th Consumer Communications & Networking Conference. Piscataway, NJ:IEEE, 2016:243-247.
[8] VARADARAJAN V, RISTENPART T, SWIFT M. Scheduler-based defenses against cross-VM side-channels[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. Berkeley, CA:USENIX Association, 2014:687-702.
[9] MOON S-J, SEKAR V, REITER M K. NOMAD:mitigating arbitrary cloud side channels via provider-assisted migration[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2015:1595-1606.
[10] VATTIKONDA B C, DAS S, SHACHAM H. Eliminating fine grained timers in Xen[C]//Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. New York:ACM, 2011:41-46.
[11] WU J, DING L, LIN Y, et al. XenPump:a new method to mitigate timing channel in cloud computing[C]//Proceedings of the 2012 IEEE Fifth International Conference on Cloud Computing. Washington, DC:IEEE Computer Society, 2012:678-685.
[12] HAN Y, CHAN J, ALPCAN T, et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable & Secure Computing, 2017, 14(1):95-108.
[13] 赵硕,季新生,毛宇星,等.基于安全等级的虚拟机动态迁移方法[J].通信学报,2017,38(7):165-174. (ZHAO S, JI X S, MAO Y X, et al. Research on dynamic migration of virtual machine based on security level[J]. Journal on Communications, 2017, 38(7):165-174.)
[14] BASS T. Intrusion detection systems and multisensor data fusion[J]. Communications of the ACM, 2000, 43(4):99-105.
[15] 龚正虎,卓莹.网络态势感知研究[J].软件学报,2010,21(7):1605-1619. (GONG Z H, ZHUO Y. Research on cyberspace situational awareness[J]. Journal of Software, 2010, 21(7):1605-1619.)
[16] HUO Q, CHAN C, LEE C H. Bayesian adaptive learning of the parameters of hidden Markov model for speech recognition[J]. IEEE Transactions on Speech and Audio Processing, 1995, 3(5):334-345.
[17] 牛犇,游伟,汤洪波.基于安全信任的网络切片部署策略研究[J/OL].计算机应用研究,2019[2018-04-06]. http://www.arocmag.com/article/02-2019-02-043.html. (NIU B, YOU W, TANG H B. Research on network slicing deployment strategy based on security trust[J/OL]. Application Research of Computers, 2009[2018-04-06]. http://www.arocmag.com/article/02-2019-02-043.html.
[18] 汪京培,孙斌,钮心忻,等.基于可信建模过程的信任模型评估算法[J].清华大学学报(自然科学版),2013,53(12):1699-1707. (WANG J P, SUN B, NIU X X, et al. A trust model evaluation algorithm based on trusted modeling process[J]. Journal of Tsinghua University (Science and Technology), 2013, 53(12):1699-1707.
[19] 孟顺梅.云计算环境下可信服务组合及其关键技术研究[D].南京:南京大学,2016:20-43. (MENG S M. Trusted service composition and its key technologies in cloud environment[D]. Nanjing:Nanjing University, 2016:20-43.)
[20] SHAO W, HU W, HUANG X. A new implicit enumeration method for linear 0-1 programming[C]//Proceedings of the 2008 International Workshop on Modelling, Simulation and Optimization. Washington, DC:IEEE Computer Society, 2008:298-301.
[21] GEOFFRION A M. An improved implicit enumeration approach for integer programming[J]. Operations Research, 1969, 17(3):437-454.
[22] 王军,李端.多项式0-1规划中隐枚举算法的改进及应用[J].系统工程理论与实践,2007,27(3):21-27. (WANG J, LI D. A new implicit enumeration method for polynomial 0-1 programming and applications[J]. System Engineering-Theory & Practice, 2007, 27(3):21-27.)
[23] HARRINGTON P. Machine learning in Action[M]. Greenwich, CT:Manning Publications Co., 2012:15-31.
[24] ZHAO Y M, LO S, ZEGURA E, et al. Virtual network migration on the GENI wide-area SDN-enabled infrastructure[C]//Proceedings of the 2017 IEEE Conference on Computer Communications Workshops. Piscataway, NJ:IEEE, 2017:265-270.

基于安全威胁预测的5G网络切片功能迁移策略

5G network slicing function migration strategy based on security threat prediction

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	郭棉, 张锦友. 移动边缘计算环境中面向机器学习的计算迁移策略[J]. 计算机应用, 2021, 41(9): 2639-2645.
[2]	尚芳剑, 李信, 翟迪, 陆阳, 张东磊, 钱玉文. 智能电网中两阶段网络切片资源分配技术[J]. 计算机应用, 2021, 41(7): 2033-2038.
[3]	程美英, 钱乾, 倪志伟, 朱旭辉. 信息筛选多任务优化自组织迁移算法[J]. 计算机应用, 2021, 41(6): 1748-1755.
[4]	尹飞, 龙玲莉, 孔峥, 邵涵, 李鑫, 钱柱中. 面向动态负载的集群容器部署方法[J]. 计算机应用, 2021, 41(6): 1581-1588.
[5]	陈争涛, 黄灿, 杨波, 赵立, 廖勇. 基于迁移学习的并行卷积神经网络牦牛脸识别算法[J]. 计算机应用, 2021, 41(5): 1332-1336.
[6]	王艺洁, 凡佳飞, 王陈宇. 云边环境下基于博弈论的两阶段任务迁移策略[J]. 计算机应用, 2021, 41(5): 1392-1398.
[7]	杨翎, 姜春茂. 基于三支决策的虚拟机节能迁移策略[J]. 计算机应用, 2021, 41(4): 990-998.
[8]	王锦凯, 贾旭. 基于迁移孪生非负矩阵分解的静脉识别算法[J]. 计算机应用, 2021, 41(3): 898-903.
[9]	蒋宁, 方景龙, 杨庆. 基于单点多盒检测器的全局-局部层级的域适应目标检测[J]. 计算机应用, 2021, 41(2): 517-522.
[10]	时永鹏, 张俊杰, 夏玉杰, 高雅, 张尚伟. 基于NOMA的5G超密网计算迁移与资源分配策略[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3319-3324.
[11]	刘晓龙, 王士同. 渐进式分离的开放集模糊域自适应算法[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3127-3131.
[12]	曹建芳, 闫敏敏, 贾一鸣, 田晓东. 融合迁移学习的Inception-v3模型在古壁画朝代识别中的应用[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3219-3227.
[13]	赵津, 宋文爱, 邰隽, 杨吉江, 王青, 李晓丹, 雷毅, 邱悦. 儿童阻塞性睡眠呼吸暂停计算机人脸辅助诊断综述[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3394-3401.
[14]	魏淳武, 赵涓涓, 唐笑先, 强彦. 基于多时期蒸馏网络的随访数据知识提取方法[J]. 计算机应用, 2021, 41(10): 2871-2878.
[15]	黄学雨, 徐浩特, 陶剑文. 具有特征选择的多源自适应分类框架[J]. 计算机应用, 2020, 40(9): 2499-2506.