| In the current trend characterized by fragmented security demands and scenarios,protecting multiple types of heterogeneous security infrastructure poses an immense challenge.Software-defined security middle platform(SDSmp)provides robust protection for them.However,applying security defense solutions to complex and diverse business scenarios can inevitably result in performance degradation.Therefore,it is urgent to research resource scheduling algorithms based on SDSmp,which can intelligently provide effective protection measures for various security scenarios in a fragmented security environment.To address the critical protection requirements outlined in the "Regulations on the Security Protection of Critical Information Infrastructure"(No.745),we develop a software-defined security middle platform architecture(SDSmp)that caters to all scenarios,thereby tackling the issue of fragmented security requirements and scenarios that arise from the rapid expansion of infrastructure.This constitutes an initial step toward resolving the fragmentation issue.To address the challenge of mismatched security protection means and business scenarios,and to enhance security protection capabilities,we propose a real-time resource scheduling algorithm based on deep reinforcement learning(DRL)for optimizing the quality of service(QoS)in SDSmp.Additionally,to comprehensively reduce deployment and operational costs while ensuring user privacy,we propose a novel algorithm based on DRL to optimize cost in MPC-SDSmp.The specific research work and results are as follows:(1)To address the challenge of fragmented security requirements and scenarios,we propose a hierarchical SDSmp architecture that caters to all scenarios.This architecture is designed to resolve the fragmentation issue in two steps:addressing the fragmentation of security requirements and security scenarios.It provides comprehensive protection to the infrastructure plane and establishes a foundation for overcoming mismatched security protection with business scenarios.(2)To address the issue of mismatched security protection means with business scenarios and to enhance security protection capabilities,we propose a real-time resource scheduling algorithm based on DRL for optimizing QoS in SDSmp.Our approach integrates fragmented security requirements and security infrastructure into the SDSmp cloud model.By incorporating attention mechanisms and DRL,we enhance Smp’s real-time matching and dynamic adaptation capabilities.Additionally,we develop a real-time resource scheduling strategy for Smp to meet QoS requirements,ultimately improving the success rate of delivering security protection capabilities.Experimental results demonstrate that the proposed method significantly enhances QoS satisfaction compared to existing real-time methods.It ensures successful delivery rates and load balancing of Smp’s security protection capability.It reduces the average response time and exhibits excellent robustness,making it better suited for dynamic real-time environments.(3)To reduce costs,improve efficiency,and safeguard user privacy while ensuring security protection capabilities,we propose a real-time resource scheduling algorithm based on DRL to optimize costs in MPC-SDSmp.Firstly,we create an MPC-SDSmp cloud model with privacy protection capabilities to reduce deployment costs.Secondly,we design a non-linear weighted reward function to improve DRL and strengthen the intelligent scheduling module of Smp.Finally,we devise a cost-effective real-time resource scheduling strategy that satisfies security protection capability requirements,ultimately decreasing the operational expenses of Smp.Experimental results demonstrate that the proposed method significantly reduces operating costs compared to current real-time methods,while simultaneously ensuring the delivery success rate,average response time,and load balancing of security protection capabilities.Furthermore,it reduces deployment costs and safeguards user privacy against potential breaches. |
PDF Full Text Request