云原生环境下基于移动目标防御的ReDoS防御方法OACSTPCD

In addressing the inefficiencies and limitations in proactive defense against Regular Expression Denial of Service(ReDoS)attacks in cloud-native environments,we have developed a defense method based on Moving Tar-get Defense(MTD)technology.Initially,we analyzed the behaviors of both attackers and defenders within mi-croservice applications characteristic of cloud-native environments.Subsequently,leveraging Kubernetes,we de-signed an MTD-based defense system.This system incorporates dynamic and static multi-dimensional microservice weight indices based on topology information and request arrival rates,as well as service efficiency judgment indices based on queue theory.It also includes a method for selecting the timing of key microservice rotations to guide the selection and rotation timings of critical microservices.Finally,we introduced a multi-dimensional MTD heteroge-neous rotation algorithm,grounded in heterogeneity and service efficiency,and conducted simulations using Py-thon.Experimental results indicate that our proposed algorithm reduces defense latency by approximately 50%com-pared to dynamic scaling and that defense costs stabilize after the initial defense against an attack,preventing con-tinuous growth.