郑州大学学报(工学版)2024,Vol.45Issue(2):72-79,8.DOI:10.13705/j.issn.1671-6833.2023.05.009
云原生环境下基于移动目标防御的ReDoS防御方法
ReDoS Defense Method Based on Moving Target Defense in Cloud-native Environment
摘要
Abstract
In addressing the inefficiencies and limitations in proactive defense against Regular Expression Denial of Service(ReDoS)attacks in cloud-native environments,we have developed a defense method based on Moving Tar-get Defense(MTD)technology.Initially,we analyzed the behaviors of both attackers and defenders within mi-croservice applications characteristic of cloud-native environments.Subsequently,leveraging Kubernetes,we de-signed an MTD-based defense system.This system incorporates dynamic and static multi-dimensional microservice weight indices based on topology information and request arrival rates,as well as service efficiency judgment indices based on queue theory.It also includes a method for selecting the timing of key microservice rotations to guide the selection and rotation timings of critical microservices.Finally,we introduced a multi-dimensional MTD heteroge-neous rotation algorithm,grounded in heterogeneity and service efficiency,and conducted simulations using Py-thon.Experimental results indicate that our proposed algorithm reduces defense latency by approximately 50%com-pared to dynamic scaling and that defense costs stabilize after the initial defense against an attack,preventing con-tinuous growth.关键词
微服务/ReDoS/移动目标防御/异构/正则表达式Key words
microservices/ReDoS/moving target defense/heterogeneous/regular expression分类
信息技术与安全科学引用本文复制引用
扈红超,张帅普,程国振,何威振..云原生环境下基于移动目标防御的ReDoS防御方法[J].郑州大学学报(工学版),2024,45(2):72-79,8.基金项目
国家自然科学基金资助项目(2072467) (2072467)
国家重点研发计划项目(2021YFB1006200,2021YFB1006201) (2021YFB1006200,2021YFB1006201)
