[go: up one dir, main page]

CN107943754B - Heterogeneous redundancy system optimization method based on genetic algorithm - Google Patents

Heterogeneous redundancy system optimization method based on genetic algorithm Download PDF

Info

Publication number
CN107943754B
CN107943754B CN201711293889.7A CN201711293889A CN107943754B CN 107943754 B CN107943754 B CN 107943754B CN 201711293889 A CN201711293889 A CN 201711293889A CN 107943754 B CN107943754 B CN 107943754B
Authority
CN
China
Prior art keywords
heterogeneous
genetic algorithm
similarity
fitness function
chromosome
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201711293889.7A
Other languages
Chinese (zh)
Other versions
CN107943754A (en
Inventor
汤景凡
胡恩超
张旻
姜明
梁惠兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baoding Ziyu Technology Co ltd
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN201711293889.7A priority Critical patent/CN107943754B/en
Publication of CN107943754A publication Critical patent/CN107943754A/en
Application granted granted Critical
Publication of CN107943754B publication Critical patent/CN107943754B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/12Computing arrangements based on biological models using genetic models
    • G06N3/126Evolutionary algorithms, e.g. genetic algorithms or genetic programming

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biophysics (AREA)
  • Software Systems (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physiology (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Genetics & Genomics (AREA)
  • Computational Linguistics (AREA)
  • Artificial Intelligence (AREA)
  • Biomedical Technology (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明公开了一种融合遗传算法与相似度计算的优化web异构系统的方法,针对现有技术缺失评估异构系统的异构程度的步骤以及遍历方案不通用的缺陷,本发明先合理利用现有源代码检测方案,针对不可检测的场景引入主观评判机制,计算出代码相似度。将计算出的相似度值与本单位安全部分的先验知识结合,计算出相似度。根据相似度提出遗传算法所需的适应度函数。最后将需要优化的系统代入该适应度函数下的遗传算法进行优化。经过本方法优化过的web异构系统具备更好的防御能力。

Figure 201711293889

The invention discloses a method for optimizing a heterogeneous web system by integrating genetic algorithm and similarity calculation. Aiming at the lack of steps of evaluating the heterogeneous degree of heterogeneous systems in the prior art and the defects of uncommon traversal scheme, the invention makes reasonable use of it first. The existing source code detection scheme introduces a subjective judgment mechanism for undetectable scenes to calculate the code similarity. The similarity is calculated by combining the calculated similarity value with the prior knowledge of the security part of the unit. According to the similarity, the fitness function required by the genetic algorithm is proposed. Finally, the system to be optimized is substituted into the genetic algorithm under the fitness function for optimization. The web heterogeneous system optimized by this method has better defense capability.

Figure 201711293889

Description

Heterogeneous redundancy system optimization method based on genetic algorithm
Technical Field
The invention designs a method for optimizing a heterogeneous redundancy system, and particularly relates to a heterogeneous redundancy system optimization method based on a genetic algorithm.
Background
The heterogeneous redundancy design mode realizes multilevel isomerization of server software, a file system, an operating system and the like on an executive body set. Although heterogeneous systems are diverse in design and implementation, and different in techniques and means, the goal of heterogeneous systems is to protect the confidentiality of system data from the point of intrusion prevention. The heterogeneous executives in the system are the key to shielding the attacker from sniffing. The application of heterogeneous execution sets is well-accepted by researchers, but most of the discussion on the evaluation of the degree of heterogeneity of execution sets is conceptually.
Reference to the literature
[1]Schleimer S,Wilkerson D S,Aiken A.Winnowing:local algorithms for document fingerprinting[C]//ACM SIGMOD International Conference on Management of Data.ACM,2003:76-85.
[2]Gallon L.On the Impact of Environmental Metrics on CVSS Scores[C]//IEEE Second International Conference on Social Computing.IEEE,2010:987-992.
Disclosure of Invention
The invention aims to provide a heterogeneous redundancy system optimization method based on a genetic algorithm aiming at the defects of the traditional method for constructing a web heterogeneous redundancy system.
The technical scheme adopted by the invention for solving the technical problem comprises the following steps:
the invention relates to similarity calculation and construction of a fitness function, wherein the similarity is used for evaluating the heterogeneous degree, and the fitness function is used for heuristically screening out a high-quality Web heterogeneous executive body, and the method specifically comprises the following steps:
step 1, converting a web heterogeneous redundancy model into a vector;
step 2, providing similarity definition about heterogeneous redundancy and calculating;
step 3, constructing a fitness function;
and 4, screening the genetic algorithm according to the fitness calculated by the fitness function.
Converting the web heterogeneous redundancy model into a vector in the step 1 specifically as follows:
Figure GDA0001578290650000021
wherein, alpha represents a Web heterogeneous executive, m represents the number of Web heterogeneous executors, and n represents the number of layers of a technology stack.
The similarity calculation related to the heterogeneous redundancy proposed in the step 2 is specifically as follows:
the similarity is calculated according to a hierarchy, so that each technology stack of each layer has a value of SR, and the SR of the k layer is defined as SRk,SRkThe expression of (a) is as follows:
Figure GDA0001578290650000022
wherein S iskIs a one-dimensional vector, vector S, of the k-th layerkThe ith element ofThe value of (c): and taking the ith executive body as a reference template, comparing the ith executive body with the similarity of the rest m-1 executive bodies on the kth layer technology stack, and accumulating the values obtained by Sim operation, wherein i is more than or equal to 1 and less than or equal to m, and k is more than or equal to 1 and less than or equal to n.
Figure GDA0001578290650000023
Wherein Moss is a code duplication checking system of the American Stanford university sourcing, and returns a value pair (X, Y) indicating that X% of the codes in a match Y% of the codes in b. The minimum value is taken as the source code similarity. The parameter "threshold" in the function Sim can be organized by the related parameters in CVSS v2 to obtain the following formula:
threshold=1-ηk
Figure GDA0001578290650000024
BS=round_to_1_decimal(((0.6*IMP)+(0.4*EXP)-1.5)*f(IMP))
EXP=20*(AV)*(AC)*(Au)
IMP=-10.41*(1-(1-C)(1-I)(1-A))
Figure GDA0001578290650000031
where the access vector AV depends on the amount of access needed by the attacker to exploit the vulnerability. Thus, the attacks that require physical access to the system are lower than those that any machine can attack through the internet.
Access Complexity (AC) represents the complexity of exploiting an attack. A buffer overflow attack on an Internet service is much more complex than a vulnerability of an email client, in which a user performs an attachment download and then performs an attachment download, so the AC value is low.
The authentication (Au) level required to perform the attack. For example, if an account does not need to be registered to utilize the system, the value is high. In contrast, if multiple accounts are needed to exploit this vulnerability, the value is low.
The privacy impact (C) score is low if only some (irrelevant) information is leaked. If the vulnerability is successfully exploited, the entire database is most affected.
Integrity impact (I) refers to the ability of an attacker to modify the behavior of a file or system in the event of a successful execution of a vulnerability attack. An attacker can change the code or delete any file in the system, the higher this value.
Availability impact (a) represents the force to successfully utilize system availability. A successful denial of service (DoS) will have a large impact on the application server.
Constructing a fitness function, counting the probability of each technology stack encountering attack by using prior knowledge, and calculating the value of the fitness function by combining the calculated SR value, wherein the fitness function is defined as follows:
Figure GDA0001578290650000032
wherein p isiThe method is characterized in that the number of times of attacks on the technology stack at the ith layer accounts for the total number of attacks on the system.
And 4, screening the genetic algorithm according to the fitness calculated by the fitness function, wherein the screening is as follows:
4-1. chromosome coding:
the m candidate executables are encoded as binary strings. When the ith base is 1, selecting the ith executive body, otherwise, when the ith base is 0, discarding the executive body;
4-2. parameters and operation of genetic algorithm:
the population size of the genetic algorithm is set to 50 and the selection operator of the genetic algorithm is based on the selection competition, with 10% of the optimal number remaining per generation. The crossover operator of the genetic algorithm is based on one point, and the mutation probability is 2%. Each generation must ensure that the total number of "1" s is odd and less than or equal to the maximum redundancy value after the crossover and mutation operations. To ensure this condition, the chromosomal gene is adjusted, the number of evolutions is set to 100, and the fitness function is given by the formula w (k).
4-3. method for regulating chromosomal genes:
the maximum number of "1" in the chromosome is limited to 7, that is, the maximum redundancy of DHR is 7, and the specific operations are as follows:
when the population is initialized, the number of "1" s in the chromosome is limited to 3,5 or 7.
If the chromosome number is not 3,5 or 7 after each chromosome generation after crossover and mutation, the number of "1" is adjusted by randomly mutating the gene in the chromosome;
if the number of the '1' is less than 3, randomly selecting the gene '0' in the chromosome to mutate until the number of the gene '1' reaches 3;
if the number of the '1' is more than 7, randomly selecting the gene '1' in the chromosome to mutate until the number of the gene '1' reaches 7;
IV if the number of "1" s is 4 or 6, the chromosome is first adjusted by random methods to determine "1" s as 3,5 or 7, and then using the I, II and III variant chromosome methods described above.
When we build a defense system, we often need to use a priori knowledge. We need to figure out which attacks are the most common and which attacks are adapted to our scenario. As the a priori knowledge changes, the defense system also carries various patches. For the problem of security protection, the priori knowledge is worth referencing. Although we cannot rely entirely on prior knowledge to defend against unknown vulnerability attacks, it can objectively respond to the widespread distribution of vulnerabilities. The security department of each company will also record historical attacks in the file.
The original execution set is C1,C2...CmNow we need to filter out unreliable executives from the collection to form a new system. The reliability of the different combinations is calculated by a fitness function w (K) using a conventional traversal, according to the value of a given redundancy number K. This is effective when the value of m is small. Once m is very large, e.g., m ≧The time complexity of the traversal method will become very difficult to compute results 20. Therefore, we use genetic algorithms to solve the problem of merit. The main idea is to encode the redundant system into a binary string and then evolve the string set by genetic operations such as selection, crossover and mutation to obtain the best or similar optimal heterogeneous redundant system.
The invention optimizes the web heterogeneous system, and has the following beneficial effects:
(1) an algorithm model for optimizing a Web heterogeneous system is provided. And analyzing and evaluating the similarity of each layer, and selecting, improving and designing an execution set according to the evaluation result.
(2) Heterogeneous optimization of a web heterogeneous system belongs to a combinatorial optimization problem, and the time complexity of the combinatorial optimization problem is O (n ^ n). The genetic algorithm is introduced, so that the situation that iterative operation is trapped in a local extremely small trap is avoided.
The method reasonably utilizes the existing source code detection scheme, introduces a subjective judgment mechanism aiming at the undetectable scene, and calculates the code similarity. And combining the calculated similarity value with the prior knowledge of the unit safety part to calculate the similarity. And providing a fitness function required by the genetic algorithm according to the similarity. And finally substituting the system to be optimized into the genetic algorithm under the fitness function for optimization. The web heterogeneous system optimized by the method has better defense capability.
Drawings
FIG. 1 is a Web heterogeneous system architecture according to the present invention.
FIG. 2 is a comparison diagram of the defense of the randomly constructed Web system and the Web system constructed by the genetic algorithm.
Detailed Description
The invention is further illustrated by the following figures and examples.
As shown in fig. 1 and 2, a heterogeneous redundancy system optimization method based on a genetic algorithm includes the following steps:
the method comprises similarity calculation and fitness function construction, wherein the similarity is used for evaluating the heterogeneous degree, and the fitness function is used for heuristically screening out a high-quality Web heterogeneous executive body, and specifically comprises the following steps:
step 1, converting a web heterogeneous redundancy model into a vector;
step 2, providing similarity definition about heterogeneous redundancy and calculating;
step 3, constructing a fitness function;
and 4, screening the genetic algorithm according to the fitness calculated by the fitness function.
Converting the web heterogeneous redundancy model into a vector in the step 1 specifically as follows:
Figure GDA0001578290650000061
wherein, alpha represents a Web heterogeneous executive, m represents the number of Web heterogeneous executors, and n represents the number of layers of a technology stack.
The similarity calculation related to the heterogeneous redundancy proposed in the step 2 is specifically as follows:
the similarity is calculated according to a hierarchy, so that each technology stack of each layer has a value of SR, and the SR of the k layer is defined as SRk,SRkThe expression of (a) is as follows:
Figure GDA0001578290650000062
wherein S iskIs a one-dimensional vector, vector S, of the k-th layerkValue of the ith element above: and taking the ith executive body as a reference template, comparing the ith executive body with the similarity of the rest m-1 executive bodies on the kth layer technology stack, and accumulating the values obtained by Sim operation, wherein i is more than or equal to 1 and less than or equal to m, and k is more than or equal to 1 and less than or equal to n.
Figure GDA0001578290650000063
Wherein Moss is a code duplication checking system of the American Stanford university sourcing, and returns a value pair (X, Y) indicating that X% of the codes in a match Y% of the codes in b. The minimum value is taken as the source code similarity. The parameter "threshold" in the function Sim can be organized by the related parameters in CVSS v2 to obtain the following formula:
threshold=1-ηk
Figure GDA0001578290650000064
BS=round_to_1_decimal(((0.6*IMP)+(0.4*EXP)-1.5)*f(IMP))
EXP=20*(AV)*(AC)*(Au)
IMP=-10.41*(1-(1-C)(1-I)(1-A))
Figure GDA0001578290650000071
where the access vector AV depends on the amount of access needed by the attacker to exploit the vulnerability. Thus, the attacks that require physical access to the system are lower than those that any machine can attack through the internet.
Access Complexity (AC) represents the complexity of exploiting an attack. A buffer overflow attack on an Internet service is much more complex than a vulnerability of an email client, in which a user performs an attachment download and then performs an attachment download, so the AC value is low.
The authentication (Au) level required to perform the attack. For example, if an account does not need to be registered to utilize the system, the value is high. In contrast, if multiple accounts are needed to exploit this vulnerability, the value is low.
The privacy impact (C) score is low if only some (irrelevant) information is leaked. If the vulnerability is successfully exploited, the entire database is most affected.
Integrity impact (I) refers to the ability of an attacker to modify the behavior of a file or system in the event of a successful execution of a vulnerability attack. An attacker can change the code or delete any file in the system, the higher this value.
Availability impact (a) represents the force to successfully utilize system availability. A successful denial of service (DoS) will have a large impact on the application server.
Constructing a fitness function, counting the probability of each technology stack encountering attack by using prior knowledge, and calculating the value of the fitness function by combining the calculated SR value, wherein the fitness function is defined as follows:
Figure GDA0001578290650000072
wherein p isiThe method is characterized in that the number of times of attacks on the technology stack at the ith layer accounts for the total number of attacks on the system.
And 4, screening the genetic algorithm according to the fitness calculated by the fitness function, wherein the screening is as follows:
4-1. chromosome coding:
the m candidate executables are encoded as binary strings. When the ith base is 1, selecting the ith executive body, otherwise, when the ith base is 0, discarding the executive body;
4-2. parameters and operation of genetic algorithm:
the population size of the genetic algorithm is set to 50 and the selection operator of the genetic algorithm is based on the selection competition, with 10% of the optimal number remaining per generation. The crossover operator of the genetic algorithm is based on one point, and the mutation probability is 2%. Each generation must ensure that the total number of "1" s is odd and less than or equal to the maximum redundancy value after the crossover and mutation operations. To ensure this condition, the chromosomal gene is adjusted, the number of evolutions is set to 100, and the fitness function is given by the formula w (k).
4-3. method for regulating chromosomal genes:
the maximum number of "1" in the chromosome is limited to 7, that is, the maximum redundancy of DHR is 7, and the specific operations are as follows:
when the population is initialized, the number of "1" s in the chromosome is limited to 3,5 or 7.
If the chromosome number is not 3,5 or 7 after each chromosome generation after crossover and mutation, the number of "1" is adjusted by randomly mutating the gene in the chromosome;
if the number of the '1' is less than 3, randomly selecting the gene '0' in the chromosome to mutate until the number of the gene '1' reaches 3;
if the number of the '1' is more than 7, randomly selecting the gene '1' in the chromosome to mutate until the number of the gene '1' reaches 7;
IV if the number of "1" s is 4 or 6, the chromosome is first adjusted by random methods to determine "1" s as 3,5 or 7, and then using the I, II and III variant chromosome methods described above.
When we build a defense system, we often need to use a priori knowledge. We need to figure out which attacks are the most common and which attacks are adapted to our scenario. As the a priori knowledge changes, the defense system also carries various patches. For the problem of security protection, the priori knowledge is worth referencing. Although we cannot rely entirely on prior knowledge to defend against unknown vulnerability attacks, it can objectively respond to the widespread distribution of vulnerabilities. The security department of each company will also record historical attacks in the file.
The original execution set is C1,C2...CmNow we need to filter out unreliable executives from the collection to form a new system. The reliability of the different combinations is calculated by a fitness function w (K) using a conventional traversal, according to the value of a given redundancy number K. This is effective when the value of m is small. Once the value of m is large, e.g., m ≧ 20, the temporal complexity of the traversal method becomes very difficult to compute the result. Therefore, we use genetic algorithms to solve the problem of merit. The main idea is to encode the redundant system into a binary string and then evolve the string set by genetic operations such as selection, crossover and mutation to obtain the best or similar optimal heterogeneous redundant system.
The pseudo code is as follows:
Figure GDA0001578290650000091
as can be seen from the above genetic manipulation, the number of times the genetic algorithm needs to be evaluated by the function a is about 5000 times, regardless of the size of n. If we use the traversal method we need to compute redundancies 3,5 and 7 when n is 20, the number of evaluations is about 95,000, and as n increases, the number of times the traversal needs to be evaluated increases exponentially, which is difficult to compute.
Through the steps, a high-quality web heterogeneous redundancy system can be obtained.

Claims (1)

1.一种结合遗传算法来优化Web异构系统的方法,其特征在于包括了相似度计算以及适应度函数的构建,其中相似度用于评估异构程度,适应度函数用于启发式筛选出优质的Web异构执行体,具体的包括如下步骤:1. a method for optimizing Web heterogeneous system in conjunction with genetic algorithm, it is characterized in that comprising the construction of similarity calculation and fitness function, wherein similarity is used for evaluating the degree of heterogeneity, and fitness function is used for heuristic screening out. A high-quality Web heterogeneous execution body specifically includes the following steps: 步骤1、将web异构冗余模型转化成向量;Step 1. Convert the web heterogeneous redundancy model into a vector; 步骤2、提出关于异构冗余的相似度定义并计算;Step 2. Propose and calculate the similarity definition about heterogeneous redundancy; 步骤3、构建适应度函数;Step 3. Build a fitness function; 步骤4、根据适应度函数计算得出的适应度的大小进行遗传算法的筛选;Step 4. Screen the genetic algorithm according to the size of the fitness calculated by the fitness function; 步骤1所述的将web异构冗余模型转化成向量,具体如下:The conversion of the web heterogeneous redundancy model into a vector described in step 1 is as follows:
Figure FDA0002637884690000011
Figure FDA0002637884690000011
 其中,α表示Web异构执行体,m表示Web异构执行体的个数,n表示技术栈的层数;Among them, α represents the heterogeneous execution of the Web, m represents the number of heterogeneous executions of the Web, and n represents the number of layers of the technology stack; 步骤2所述的提出关于异构冗余的相似度计算,具体如下:The proposed similarity calculation for heterogeneous redundancy described in step 2 is as follows: 所述的相似度是按层级计算,因此每一层的技术栈都拥有一个对应层级的相似度SR的值,第k层的SR被定义为SRk,SRk的表达公式如下:The similarity is calculated according to the level, so the technology stack of each layer has a value of the similarity SR of the corresponding level. The SR of the kth layer is defined as SR k , and the expression formula of SR k is as follows:
Figure FDA0002637884690000012
Figure FDA0002637884690000012
 其中,Sk是第k层的一维向量,向量Sk上的第i个元素的值为:以第i个执行体为参考模板,与其余m-1个执行体关于在第k层技术栈上的相似度比较,并累加经过Sim运算后得到的值,1≤i≤m,1≤k≤n;Among them, Sk is a one-dimensional vector of the kth layer, and the value of the i-th element on the vector Sk is: taking the i-th executive body as a reference template, and the remaining m-1 executive bodies are related to the technology in the k-th layer. Compare the similarity on the stack, and accumulate the values obtained after the Sim operation, 1≤i≤m, 1≤k≤n;
Figure FDA0002637884690000013
Figure FDA0002637884690000013
 其中,Moss是美国斯坦福大学开源的一款代码查重系统,返回数值对(X,Y)表示a代码中有X%的代码与b中Y%的代码相匹配;取最小值作为源代码相似度;函数Sim里的参数“threshold”利用CVSS v2里的相关参数组织运算得到下列公式:Among them, Moss is a code checking system open sourced by Stanford University in the United States. The returned value pair (X, Y) means that X% of the code in a code matches Y% of the code in b; taking the minimum value as the source code is similar degree; the parameter "threshold" in the function Sim uses the relevant parameters in CVSS v2 to organize the operation to obtain the following formula: threshold=1-ηk threshold=1- ηk
Figure FDA0002637884690000021
Figure FDA0002637884690000021
 BS=round_to_1_decimal(((0.6*IMP)+(0.4*EXP)-1.5)*f(IMP))BS=round_to_1_decimal(((0.6*IMP)+(0.4*EXP)-1.5)*f(IMP)) EXP=20*(AV)*(AC)*(Au)EXP=20*(AV)*(AC)*(Au) IMP=-10.41*(1-(1-C)(1-I)(1-A))IMP=-10.41*(1-(1-C)(1-I)(1-A))
Figure FDA0002637884690000022
Figure FDA0002637884690000022
 其中,AV为访问向量,取决于攻击者利用漏洞需要的访问量;AC为访问复杂性,代表了利用攻击的复杂性;Au为执行攻击所需的身份验证级别;C为保密性影响;I为完整性影响;A为可用性影响;Among them, AV is the access vector, which depends on the amount of access the attacker needs to exploit the vulnerability; AC is the access complexity, which represents the complexity of the exploit; Au is the authentication level required to execute the attack; C is the confidentiality impact; I is the integrity impact; A is the availability impact; 步骤3所述的构建适应度函数,利用先验知识统计每种技术栈遭遇攻击的概率,结合计算出的SR值,再计算出适应度函数的值,适应度函数定义如下:In the construction of the fitness function described in step 3, prior knowledge is used to count the probability of each technology stack encountering an attack, combined with the calculated SR value, and then the value of the fitness function is calculated. The fitness function is defined as follows:
Figure FDA0002637884690000023
Figure FDA0002637884690000023
 其中,pi是指第k层技术栈中的第i个元素受到攻击的次数占系统受攻击总数的比例;Among them, pi refers to the ratio of the number of attacks on the i -th element in the k-th layer technology stack to the total number of attacks on the system; 步骤4所述的根据适应度函数计算得出的适应度的大小进行遗传算法的筛选,具体如下:In step 4, the genetic algorithm is screened according to the size of the fitness calculated by the fitness function, and the details are as follows: 4-1.染色体编码:4-1. Chromosome coding: m个候选执行体被编码为二进制字符串;当第i个基因为1时,选择第i个执行体,否则,当第i个基因为0时,丢弃该执行体;m candidate executives are encoded as binary strings; when the i-th gene is 1, the i-th executive body is selected, otherwise, when the i-th gene is 0, the executive body is discarded; 4-2.遗传算法的参数和操作:4-2. Parameters and operations of genetic algorithm: 遗传算法的种群大小设置为50,遗传算法的选择算子是基于选择竞赛,每代保留10%的最优数量;基于单点交叉,突变概率为2%;每一代必须确保“1”的总数是奇数,并且小于或等于交叉和变异操作后的最大冗余值;为了保证这个条件,将调整染色体基因,进化次数设为100,适应度函数由公式w(k)给出;The population size of the genetic algorithm is set to 50, the selection operator of the genetic algorithm is based on the selection competition, and each generation retains 10% of the optimal number; based on single-point crossover, the mutation probability is 2%; each generation must ensure the total number of "1" is an odd number, and is less than or equal to the maximum redundancy value after crossover and mutation operations; in order to ensure this condition, the chromosome genes are adjusted, the number of evolution is set to 100, and the fitness function is given by the formula w(k); 4-3.调整染色体基因的方法:4-3. Methods of adjusting chromosome genes: 将染色体中的“1”的个数最大值限制为7,即遗传算法的最大冗余度为7,具体操作如下:The maximum number of "1" in chromosomes is limited to 7, that is, the maximum redundancy of the genetic algorithm is 7. The specific operations are as follows: 当初始化群体时,将染色体中的“1”数量限制在3、5或7个;When initializing the population, limit the number of '1's in chromosomes to 3, 5 or 7; Ⅰ.如果染色体数量在交叉和突变后的每一代染色体之后不是3、5或7,则通过随机突变染色体中的基因来调整“1”的数量;Ⅰ. If the number of chromosomes is not 3, 5 or 7 after each generation of chromosomes after crossover and mutation, adjust the number of "1" by randomly mutating the genes in the chromosome; Ⅱ.如果“1”的个数小于3,则随机选择染色体中的基因“0”进行突变,直到基因“1”的数量达到3;Ⅱ. If the number of "1" is less than 3, randomly select the gene "0" in the chromosome to mutate until the number of gene "1" reaches 3; Ⅲ.如果“1”的个数大于7,则随机选择染色体中的基因“1”进行突变,直到基因“1”的数量达到7;Ⅲ. If the number of "1" is greater than 7, randomly select the gene "1" in the chromosome to mutate until the number of gene "1" reaches 7; Ⅳ如果“1”的数量是4或6,首先通过随机方法将“1”确定为3、5或7,然后使用上述Ⅰ、Ⅱ和Ⅲ变体染色体方法来调整染色体。IV If the number of "1" is 4 or 6, first determine "1" as 3, 5 or 7 by random method, and then use the above I, II and III variant chromosome method to adjust the chromosome.
CN201711293889.7A 2017-12-08 2017-12-08 Heterogeneous redundancy system optimization method based on genetic algorithm Expired - Fee Related CN107943754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711293889.7A CN107943754B (en) 2017-12-08 2017-12-08 Heterogeneous redundancy system optimization method based on genetic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711293889.7A CN107943754B (en) 2017-12-08 2017-12-08 Heterogeneous redundancy system optimization method based on genetic algorithm

Publications (2)

Publication Number Publication Date
CN107943754A CN107943754A (en) 2018-04-20
CN107943754B true CN107943754B (en) 2021-01-05

Family

ID=61945315

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711293889.7A Expired - Fee Related CN107943754B (en) 2017-12-08 2017-12-08 Heterogeneous redundancy system optimization method based on genetic algorithm

Country Status (1)

Country Link
CN (1) CN107943754B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109657478B (en) * 2018-12-20 2023-12-19 中国人民解放军战略支援部队信息工程大学 A heterogeneous quantification method and system
CN110290122B (en) * 2019-06-13 2020-07-17 中国科学院信息工程研究所 Intrusion response strategy generation method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103945388A (en) * 2014-04-16 2014-07-23 西安交通大学 User network accessing method in heterogeneous network based on genetic algorithm

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2864048A1 (en) * 2012-02-07 2013-08-15 Visible World Inc. Dynamic content allocation and optimization
KR20170102726A (en) * 2016-03-02 2017-09-12 한국전자통신연구원 Heterogeneous computing method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103945388A (en) * 2014-04-16 2014-07-23 西安交通大学 User network accessing method in heterogeneous network based on genetic algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于遗传算法的异构硬件电路冗余构造方法;林勇 等;《电路与系统学报》;20090630;第14卷(第3期);全文 *

Also Published As

Publication number Publication date
CN107943754A (en) 2018-04-20

Similar Documents

Publication Publication Date Title
Bhardwaj et al. Hyperband tuned deep neural network with well posed stacked sparse autoencoder for detection of DDoS attacks in cloud
Zhang et al. Flip: A provable defense framework for backdoor mitigation in federated learning
CN106453217B (en) A Prediction Method of Network Attack Path Behavior Based on Path Revenue Calculation
CN112688928A (en) Network attack flow data enhancement method and system combining self-encoder and WGAN
CN115065458B (en) Electronic commerce transaction system with data encryption transmission
Chen et al. Temporal watermarks for deep reinforcement learning models
CN114726634B (en) Knowledge graph-based hacking scene construction method and device
CN112260818B (en) Side channel curve enhancement method, side channel attack method and device
CN111125750B (en) Database watermark embedding and detecting method and system based on double-layer ellipse model
CN113037776A (en) Electric power system information asset safety monitoring method
CN107943754B (en) Heterogeneous redundancy system optimization method based on genetic algorithm
CN116663022B (en) Scene threat modeling method based on multi-library fusion
Gopal et al. Autoencoder based architecture for mitigating phishing URL attack in the internet of things (IOT) using Deep Neural Networks
CN118869322A (en) A fine-grained attack behavior detection method for large-scale networks
Kaushik et al. Multi-class SVM based network intrusion detection with attribute selection using infinite feature selection technique
Zhu et al. Gradient shaping: Enhancing backdoor attack against reverse engineering
Hong et al. Hybrid feature selection for efficient detection of DDoS attacks in IoT
Iftikhar et al. A supervised feature selection method for malicious intrusions detection in IoT based on genetic algorithm
Dong et al. Fingerprinting multi-exit deep neural network models via inference time
Sui et al. Dmgnn: Detecting and mitigating backdoor attacks in graph neural networks
Arun et al. Enhancing Network Intrusion Detection using Artificial Neural Networks: An Analysis of the UNSW-NB15 Dataset
Bhingarkar et al. FLNL: Fuzzy entropy and lion neural learner for EDoS attack mitigation in cloud computing
CN112822004B (en) Belief network-based targeted privacy protection data publishing method
CN116684135B (en) Weapon equipment network attack surface evaluation method based on improved SGA
CN118631562A (en) A DDoS attack differentiation method and system based on CVAE-WGAN-GP

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220308

Address after: 710000 No. B49, Xinda Zhongchuang space, 26th Street, block C, No. 2 Trading Plaza, South China City, international port district, Xi'an, Shaanxi Province

Patentee after: Xi'an Huaqi Zhongxin Technology Development Co.,Ltd.

Address before: 310018 No. 2 street, Xiasha Higher Education Zone, Hangzhou, Zhejiang

Patentee before: HANGZHOU DIANZI University

TR01 Transfer of patent right

Effective date of registration: 20220526

Address after: 071000 room 906, 9 / F, building 1, 289 Xingye Road, Baoding City, Hebei Province

Patentee after: Baoding Longwu Information Technology Service Co.,Ltd.

Address before: 710000 No. B49, Xinda Zhongchuang space, 26th Street, block C, No. 2 Trading Plaza, South China City, international port district, Xi'an, Shaanxi Province

Patentee before: Xi'an Huaqi Zhongxin Technology Development Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220715

Address after: 071000 room 511, floor 5, building 3, Guangyang Park, Baoding National University Science Park, No. 669, Yufeng Road, Baoding City, Hebei Province

Patentee after: Baoding Ziyu Technology Co.,Ltd.

Address before: 071000 room 906, 9 / F, building 1, 289 Xingye Road, Baoding City, Hebei Province

Patentee before: Baoding Longwu Information Technology Service Co.,Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210105

CF01 Termination of patent right due to non-payment of annual fee