摘要
针对传统动态迁移方法在应对侧信道攻击问题时存在迁移节点多、迁移频率高、迁移后服务功能链路径过长的问题,提出了一种基于风险感知的关键虚拟网络功能动态迁移方法。所提方法仅对含隐私信息的关键虚拟网络功能进行迁移,以减少迁移节点数量;结合侧信道攻击检测系统,对遭受攻击的关键虚拟网络功能执行触发式迁移,同时依据侧信道信息泄露模型对关键虚拟网络功能进行定期式迁移;采用基于逼近理想解排序的多属性节点排序方法选择迁移目的服务器,以避免迁移后路径过长。实验结果表明,所提方法在达到相同的侧信道攻击防御性能的情况下,具有更低的节点迁移数量与迁移频率,同时有效避免了迁移后服务功能链路径过长问题。
Aiming at the problems that traditional dynamic migration methods have many migration nodes,high migration frequency,and long service function chain(SFC)link path after migration when dealing with side channel attack,a dynamic migration method of critical virtual network function(VNF)based on risk awareness was proposed.In order to reduce the number of migrated nodes,only the key VNF with private information was migrated.Combined with the side channel attack detection system,the triggering migration was performed on the critical VNF which were under attack,and the key VNF was also periodically migrated according to the side channel information leakage model.Finally,a multi-attribute node sorting method base on the technique for order preference by similarity to ideal solution was used to select the migration destination server to avoid the path being too long after migration.Experiments show that the proposed method has a lower number of migration nodes and migration frequency when achieving the same side channel attack defense performance,and effectively avoids the problem that the SFC path is too long after migration.
作者
丁绍虎
谢记超
张鹏
普黎明
谷允捷
DING Shaohu;XIE Jichao;ZHANG Peng;PU Liming;GU Yunjie(Institute of Information Technology,Information Engineering University,Zhengzhou 450002,China)
出处
《通信学报》
EI
CSCD
北大核心
2020年第4期102-113,共12页
Journal on Communications
基金
国家自然科学基金资助项目(No.61802429,No.61872382,No.61521003)
国家重点研发计划基金资助项目(No.2017YFB0803201,No.2017YFB0803204)。
关键词
服务功能链
虚拟网络功能
侧信道攻击
动态迁移
多属性节点排序
service function chain
virtual network function
side-channel attack
dynamic migration
multi-attribute node sorting
