通信学报2026,Vol.47Issue(1):201-212,12.DOI:10.11959/j.issn.1000−436x.2026023
基于微分博弈的容器网络安全防护方法研究
Research on container network security protection method based on differential game
摘要
Abstract
The network of cloud-edge-end collaborative passenger service systems faced severe risks of lateral movement attacks.To ensure the secure and stable operation of such critical information infrastructure,a dynamic adaptive protec-tion scheme integrating micro-segmentation and differential game was proposed.First,by distributedly collecting call data between microservices,a global traffic view of microservices was constructed.Then,using a diffusion convolutional recurrent neural network(DCRNN)-based traffic anomaly detection method,the spatiotemporal dependencies of mi-croservices remote procedure call(RPC)traffic on time series were modeled,thereby achieving traffic prediction and anomaly detection.Finally,the offensive-defensive confrontation was modeled as a non-zero-sum differential game,dy-namically solving the optimal micro-segmentation strategy based on the criteria of systematic security,business continu-ity,and resource cost optimization.Simulations and experiments demonstrate that the proposed method can effectively identify and curb lateral movement attacks,while achieving a dynamic balance between security protection and the core business performance of passenger services.This provides a theoretical basis for the cybersecurity design of a cloud-edge-end collaborative passenger transportation service system.关键词
云边端协同/横向移动/微分博弈/动态微隔离Key words
cloud-edge-end collaboration/lateral movement/differential game/dynamic micro-segmentation分类
交通工程引用本文复制引用
温佳坤,袭龙,曹源,孙永奎,张舒铭..基于微分博弈的容器网络安全防护方法研究[J].通信学报,2026,47(1):201-212,12.基金项目
国家自然科学基金资助项目(No.U2368202,No.U2468203)The National Natural Science Foundation of China(No.U2368202,No.U2468203) (No.U2368202,No.U2468203)
