Cyberspace Mimic Defense (CMD) is a proactive defense theory proposed in recent years to deal with vulnerability and backdoor threats that are common in information systems. Different from moving target defense (MTD), CMD can obtain foundation by verifying multiple results from isolated, heterogeneous, and parallel running spaces, thus initiating a more targeted defensive action, such as scheduling and structure transformation. However, scheduling sequence control is a severe problem in this process, which needs to select a series of scheduling time and take into account security, efficiency, and robustness for variable attack situations. Inspired by the traffic and congestion control mechanism in computer networks, this paper proposed a sliding window-based scheduling sequence control method. By setting driver events to trigger the window “sliding,” the control parameters update and adapt to the current state accordingly. Then, considering internal resource constraints and external attack situations, a two-factor driver on variable period and exception threshold with their corresponding calculations are specified. Evaluations show that this method can maintain good performance under different scenarios, which proves to be an effective solution for scheduling sequence control in CMD.
Read full abstract