| In recent years,with the vigorous development of mobile Internet,Internet of Things and industry applications,as well as the continuous deepening of cross-field information and communication technology integration and innovation,there will be thousands of times the data traffic growth and billions of order of equipment networking demand in the mobile communication network.New technologies such as mobile edge computing architecture,network virtualization and ultra-dense networking have been introduced into the fifth-generation mobile communication(5G)network to comprehensively improve the performance of experience rate,energy efficiency,connection density and delay.Mobile edge computing(MEC)is proposed to provide IT service environment and cloud computing functions in the wireless access network close to mobile devices,able to reduce delays and ensure efficient network operation and user experience.Edge computing technology leads to the emergence of various new services,but at the same time,it also introduces more uncertain security threats and differentiated security service requirements.Edge network is close to edge users,the network environment is increasingly complex and unstable.In the meantime,the resources of edge nodes are very limited.These characteristics make it difficult for traditional security defense technology to apply to edge network.This thesis focuses on the edge computing network security defense technology,summarizes and analyzes the security challenges and key security technologies from multiple perspectives.Based on the existing virtualization edge architecture,focus on the following aspects:(1)In response to the problem of endogenous security construction of virtual resources in edge networks,this thesis starts from the perspective of endogenous security,considering a security construction of virtual resources based on the idea of dynamic heterogeneous redundancy,which exploits the characteristics of the edge network’s own architecture.In response to the differentiated security service requirements of various emerging services in 5G,an endogenous edge network security service scheme based on network functions virtualization(NFV)is proposed with dynamic heterogeneous redundancy(DHR)security model established,and the security of the model is analyzed.The results show that this model can effectively reduce the probability of successful penetration attacks against system vulnerabilities.On the basis,the heterogeneous entity set in the security model is modeled with the optimization problem established,and a heterogeneous structure algorithm of virtualized resources based on genetic strategy is proposed to solve the above optimization model.The research results show that this method can effectively improve the overall heterogeneity of the system,which enhances resistance to the attack of the edge network.(2)Aiming at the problem of resource optimization for edge endogenous security network,a lightweight active defense security scheme based on a DHR security model is proposed,where the abnormal components in the edge network are flexibly updated and maintained through discontinuous security detection,and the security and availability of the edge network are kept with low maintenance overhead.In terms of the optimal interval of discontinuous security detection,the scheme modeled as a Markov decision process by establishing the service and attack model.This thesis analyses the system utility of the edge network from the aspects of effective throughput,task failure rate and maintenance cost,proposing an optimal detection algorithm based on value iteration.Based on the optimal strategy of the edge network in each state,the lightweight edge network active defense scheme design is capable of being realized.This thesis conducts a comprehensive and in-depth security analysis of the edge network.Compared with the existing research work,the proposed design based on the optimization theory puts forward the security scheme and construction method of the virtualized edge network with better performance in dealing with the uncertain security threats in the edge network. |
PDF Full Text Request