Search

EP-4738767-A1 - EXECUTOR SCHEDULING OPTIMIZATION METHOD AND DEVICE FOR MIMIC DEFENSE FRAMEWORK

EP4738767A1EP 4738767 A1EP4738767 A1EP 4738767A1EP-4738767-A1

Abstract

The present application relates to the technical field of network security, and discloses an executor scheduling optimization method and device for a mimic defense framework. The method comprises: using a plurality of executors corresponding to a source program to be tested, so as to form a plurality of executor sets; calculating the heterogeneity of each executor set and a security defense coefficient of each executor set; using the heterogeneity of each executor set and the security defense coefficient of each executor set to calculate a scheduling function score of each executor set, and determining final scheduled objects on the basis of the scheduling function score of each executor set; and according to a decision result of each executor among the final scheduled objects in a mimic defense framework, updating the number of executors scheduled from among the final scheduled objects during each scheduling. In the technical solution provided by the present application, scheduling efficiency is optimized while guaranteeing the maximization of difference between executors, and the security and performance of a system are improved.

Inventors

  • WANG, Yunfan
  • ZHANG, YINAN
  • HAO, Fuzhong
  • LYU, Zhuo
  • ZHANG, TAO
  • MA, YUANYUAN
  • ZHANG, BO
  • Xi, Zesheng
  • HE, CHUAN
  • CHEN, LU
  • LIU, BO
  • YU, Xinsheng

Assignees

  • State Grid Smart Grid Research Institute Co., Ltd.
  • The 32nd Research Institute of China Electronics Technology Group Corporation
  • Hangzhou UWNTEK Automation System Co., Ltd.
  • State Grid Henan Electric Power Company

Dates

Publication Date
20260506
Application Date
20240821

Claims (14)

  1. An execution entity scheduling optimization method for a mimicry defense framework, characterized by comprising: constructing a plurality of execution entity sets using a plurality of execution entities corresponding to a source program under test; calculating a heterogeneity degree of each execution entity set and a security defense coefficient of each execution entity set; calculating a scheduling function score of each execution entity set, and determining a final scheduling object according to the scheduling function score of each execution entity set using the heterogeneity degree of each execution set and the security defense coefficient of each execution set; and updating a number of execution entities scheduled from the final scheduling object each scheduling time according to a decision result of each execution entity in the final scheduling object within the mimicry defense framework.
  2. The method according to claim 1, wherein the constructing the plurality of execution entity sets using the plurality of execution entities corresponding to the source program under test, comprises: constructing an execution entity pool using the plurality of execution entities corresponding to the source program under test; and constructing the plurality of execution entity sets by selecting a plurality of groups of a preset number of execution entities from the execution entity pool.
  3. The method according to claim 1, wherein the calculating the heterogeneity degree of each execution entity set, comprises: obtaining a heterogeneity degree among each execution entity in each execution entity set by using a code similarity measurement method; and calculating the heterogeneity degree of each execution entity set by using the heterogeneity degree among each execution entity in each execution entity set.
  4. The method according to claim 1, wherein the calculating the security defense coefficient of each execution entity set, comprises: determining a security defense coefficient of each execution entity in each execution entity set according to an output status of each execution entity in each execution entity set; and calculating the security defense coefficient of each execution entity set by using the security defense coefficient of each execution entity in each execution entity set.
  5. The method according to claim 1, wherein the determining the final scheduling object according to the scheduling function score of each execution entity set, comprises: selecting an execution entity set corresponding to a smallest scheduling function score as the final scheduling object from all the execution entity sets.
  6. The method according to claim 1, wherein the updating the number of execution entities scheduled from the final scheduling object each scheduling time according to the decision result of each execution entity in the final scheduling object within the mimicry defense framework, comprises: determining an output proportion of each type of decision result, based on the decision result of each execution entity in the final scheduling object within the mimicry defense framework; selecting an output proportion with a highest ranking as a target output proportion by sorting output proportions of all types of decision results in a descending order; and updating the number of execution entities scheduled from the final scheduling object each scheduling time by using the target output proportion.
  7. The method according to claim 1 or 3, wherein a formula for the calculating the heterogeneity degree of each execution entity set, comprises: σ * = 1 2 m × ∑ i = 1 m ∑ j = 1 m σ E i E j in the formula, i ∈[1, m ], j ∈[1, m ], m is a total number of execution entities in an execution entity set; E i is an i-th execution entity, E j is a j-th execution entity, σ ( E i , E j ) is a heterogeneity degree between the i-th execution entity and the j-th execution entity, and σ * is the heterogeneity degree of the execution entity set.
  8. The method according to claim 4, wherein a formula for the calculating the security defense coefficient of each execution entity in each execution entity set, comprises: μ i = μ i ′ × ϑ , an output of the execution entity being normal μ i ′ ÷ ϑ , the output of the execution entity being abnormal in the formula, i ∈[1, m ], m is a total number of execution entities in an execution entity set; µ i is a current security defense coefficient of an i-th execution entity in the execution entity set; μ i ′ is a previous security defense coefficient of the i-th execution entity in the execution entity set; and ϑ is an update factor.
  9. The method according to claim 1 or 4, wherein a formula for the calculating the security defense coefficient of each execution set, comprises: μ * = 1 m × ∑ i = 1 m μ i in the formula, i ∈[1, m ], m is a total number of execution entities in an execution entity set; µ i is a current security defense coefficient of an i-th execution entity in the execution entity set; and µ * is a security defense coefficient of the execution entity set.
  10. The method according to claim 1, wherein a formula for the calculating the scheduling function score of each execution entity set, comprises: θ E p = σ * + μ * in the formula, θ ( E p ) is a scheduling function score of an execution entity set, σ * is a heterogeneity degree of the execution entity set, and µ * is a security defense coefficient of the execution entity set.
  11. The method according to claim 6, wherein a formula for the calculating the number of execution entities scheduled from the final scheduling object each scheduling time, comprises: m t = 1 + α U t − 2 1 − U t − 1 1 × m t − 1 in the formula, t∈ [1, T ], T is a total number of scheduling times; m ( t ) is a number of execution entities scheduled from the final scheduling object in a t-th scheduling time, α is a constant, U t − 2 1 is a target output proportion in a (t-2)-th scheduling time, U t − 1 1 is a target output proportion in a (t-1)-th scheduling time, and m ( t- 1) is a number of execution entities scheduled from a final scheduling object in the (t-1)-th scheduling time.
  12. An execution entity scheduling optimization apparatus for a mimicry defense framework, characterized by comprising: a constructing unit configured to construct a plurality of execution entity sets using a plurality of execution entities corresponding to a source program under test; a calculating unit configured to calculate a heterogeneity degree of each execution entity set and a security defense coefficient of each execution entity set; a determining unit configured to calculate a scheduling function score of each execution entity set, and determine a final scheduling object according to the scheduling function score of each execution entity set using the heterogeneity degree of each execution set and the security defense coefficient of each execution set; and an updating unit configured to update a number of execution entities scheduled from the final scheduling object each scheduling time according to a decision result of each execution entity in the final scheduling object within the mimicry defense framework.
  13. An electronic device, characterized by comprising: at least one processor and a memory; the memory and the processor are connected through a bus; the memory is configured to store one or more programs; the one or more programs, when executed by the at least one processor, cause the at least one processor to implement the execution entity scheduling optimization method for the mimicry defense framework according to any one of claims 1 to 11.
  14. A computer readable storage medium, characterized by the computer readable storage medium is stored with program codes, when the program codes are executed, the execution entity scheduling optimization method for the mimicry defense framework according to any one of claims 1 to 11 is implemented.

Description

CROSS REFERENCE TO RELATED APPLICATION(S) The present disclosure is based on and claims priority to Chinese Patent Application No. 202410670630.3, filed on May 28, 2024, entitled "an execution entity scheduling optimization method and apparatus for a mimicry defense framework", the entire contents of which are incorporated herein by reference in its entirety. TECHNICAL FIELD The present disclosure relates to, but is not limited to, the field of network security technologies, and in particular, to an execution entity scheduling optimization method and apparatus for a mimicry defense framework. BACKGROUND The mimicry defense framework is an innovative security defense concept proposed based on the biological mimicry phenomenon, aiming to fundamentally break free from the current strategic dilemma of "easy to attack but difficult to defend" in cyberspace. A core idea of the mimicry defense framework is to enable the system itself to have inherent security capabilities through a mimicry architecture with "dynamic, heterogeneous, redundant, and adjudication" mechanisms. The "dynamic" aspect refers to the system scheduling different "heterogeneous and redundant" execution units or service components according to preset rules or dynamic algorithms to ensure that the system can operate in different states, thereby confusing attackers, blocking attacks, and ensuring system security. FIG. 1 shows a basic framework of mimicry defense. When the arbiter detects an anomaly and sends a scheduling instruction to a scheduling strategy module, the scheduling strategy module will send a new execution entity based on the provided scheduling algorithm. Existing scheduling algorithms, such as round-robin scheduling algorithm and random scheduling algorithm, only implement the basic functions of the mimicry framework. They cannot dynamically analyze and judge the heterogeneity degree constructed by the execution entity, and cannot avoid the generation of common mode vulnerabilities. Therefore, they cannot effectively defend against intrusion. SUMMARY To overcome the problems existing in the above-mentioned related art, the present disclosure provides an execution entity scheduling optimization method and apparatus for a mimicry defense framework. According to a first aspect of the embodiments of the present disclosure, an execution entity scheduling optimization method for a mimicry defense framework is provided, and the method includes: constructing a plurality of execution entity sets using a plurality of execution entities corresponding to a source program under test;calculating a heterogeneity degree of each execution set and a security defense coefficient of each execution set;calculating a scheduling function score of each execution entity set, and determining a final scheduling object according to the scheduling function score of each execution entity set using the heterogeneity degree of each execution set and the security defense coefficient of each execution set; andupdating a number of execution entities scheduled from the final scheduling object for each scheduling cycle according to a decision result of each execution entity in the final scheduling object within the mimicry defense framework. In an implementation, the constructing the plurality of execution entity sets using the plurality of execution entities corresponding to the source program under test, includes: constructing an execution entity pool using the plurality of execution entities corresponding to the source program under test; andconstructing the plurality of execution entity sets by selecting a plurality of groups of a preset number of execution entities from the execution entity pool. In an implementation, the calculating the heterogeneity degree of each execution set, includes: obtaining a heterogeneity degree among each execution entity in each execution entity set by using a code similarity measurement method; andcalculating the heterogeneity degree of each execution entity set by using the heterogeneity degree among each execution entity in each execution entity set. In an implementation, the calculating the security defense coefficient of each execution set, includes: determining a security defense coefficient of each execution entity in each execution entity set according to an output status of each execution entity in each execution entity set; andcalculating and obtaining the security defense coefficient of each execution entity set by using the security defense coefficient of each execution entity in each execution entity set. In an implementation, the determining the final scheduling object according to the scheduling function score of each execution entity set, includes: selecting an execution entity set corresponding to a smallest scheduling function score as the final scheduling object from all the execution entity sets. In an implementation, the updating the number of execution entities scheduled from the final scheduling object each s