Research On Key Issues Of LDoS Defense Based On Moving Target Defense Under Microservice Architecture

With the rapid development of Internet technology,the traditional monolithic architecture is difficult to adapt to the needs of rapid iteration of network applications,so new architecture technologies such as microservices have emerged.The microservice architecture has the advantages of flexible scaling and loose coupling,and has been widely used.However,its fine-grained form of independent services also expands the attack surface of the system and exposes it to the threats posed by cyber attacks.Low-rate Denial of Service(LDoS)is a typical attack method with low average attack traffic and high concealment,which is difficult to be effectively dealt with by traditional passive defense methods.Therefore,Moving Target Defense(MTD)technology builds a polymorphic,dynamic and randomized active defense mechanism to achieve dynamic changes in the network attack plane,balancing the original "easy to attack but difficult to defend" asymmetric situation.However,current MTD defense methods for LDoS attacks are costly to defend and difficult to deploy practically;secondly,due to the complexity of the microservice architecture,MTD may be inefficient when dynamically configured;finally,the complex communication relationship between many nodes of microservices makes LDoS attacks more easily concealed,increasing the difficulty of MTD defense.To address the above problems,this thesis proposes an adaptive moving target defense(Adaptive mOving tarGet defENse,AOGEN)method to increase the difficulty and cost of LDoS attacks from the perspectives of MTD technology polymorphism,dynamics and randomness,respectively;and designs a mix-and-wash strategy RP-shuffle to improve the efficiency of shuffle and microservice system security.Finally,the superiority of this thesis’ s approach in LDoS defense is verified through experiments.The main research contents of this thesis are as follows:(1)This thesis proposes an LDoS defense method based on adaptive MTD.Firstly,the queuing theory is used to model the defense process,and a container number optimization algorithm is proposed based on the performance prediction model to optimize the resources used by the MTD technique to reduce the resource cost and guarantee the polymorphism of MTD while ensuring the system operation performance.Secondly,a shuffle strategy selection algorithm is designed to select a better shuffle strategy from the strategy pool under the current system state to improve the dynamics of the defense.Finally,a fair shuffle process is designed to improve the randomness of the mixed shuffle execution process and enhance the security of the microservice system.(2)This thesis proposes a shuffle strategy based on historical information.Firstly,to address the problem of low efficiency of existing policy operation,user selection algorithm is proposed based on the principle of shuffle operation.Secondly,specific users are selected preferentially based on historical execution times to reduce the execution times of shuffle and improve the efficiency of defense execution.Again,to address the problem of poor security,a reputation model is established for users,and the attack status of the container in which the user is located is predicted using the random wandering model.Finally,the reputation value threshold is estimated,and the identity of users is judged based on historical reputation values to separate malicious users who implement LDoS attacks and secure the system.(3)The superiority of this method to cope with LDoS attacks under microservice architecture is verified through experiments.Firstly,a microservice-based simulation system is constructed.Secondly,the effectiveness of RP-shuffle is verified by analyzing two indicators-the proportion of malicious users and the number of required mixes.Then two evaluation indicators,the recognition rate and the false positive rate,are proposed to verify the security of the method in this thesis.Finally,the algorithm of this thesis is compared with a typical model for experiments,and the response time and overhead during the experiments are recorded,and the superiority of this method is evaluated from both performance and defense cost perspectives.