TY - JOUR
T1 - CLOSURE
T2 - A cloud scientific workflow scheduling algorithm based on attack–defense game model
AU - Wang, Yawen
AU - Guo, Yunfei
AU - Guo, Zehua
AU - Baker, Thar
AU - Liu, Wenyan
N1 - Publisher Copyright:
© 2019 Elsevier B.V.
PY - 2020/10
Y1 - 2020/10
N2 - The multi-tenant coexistence service mode makes the cloud-based scientific workflow encounter the risks of being intruded. For this problem, we propose a CLoud scientific wOrkflow SchedUling algoRithm based on attack–defensE game model (CLOSURE). In the algorithm, attacks based on different operating system vulnerabilities are regarded as different “attack” strategies; and different operating system distributions in a virtual machine cluster executing the workflows are regarded as different “defense” strategies. The information of the attacker and defender is not balanced. In other words, the defender cannot obtain the information about the attacker's strategies, while the attacker can acquire information about the defender's strategies through a network scan. Therefore, we propose to dynamically switch the defense strategies during the workflow execution, which can weaken the network scan effects and transform the workflow security problem into an attack–defense game problem. Then, the probability distribution of the optimal mixed defense strategies can be achieved by calculating the Nash Equilibrium in the attack–defense game model. Based on this probability, diverse VMs are provisioned for workflow execution. Furthermore, a task-VM mapping algorithm based on dynamic Heterogeneous Earliest Finish Time (HEFT) is presented to accelerate the defense strategy switching and improve workflow efficiency. The experiments are conducted on both simulation and actual environment, experimental results demonstrate that compared with other algorithms, the proposed algorithm can reduce the attacker's benefits by around 15.23%, and decrease the time costs of the algorithm by around 7.86%.
AB - The multi-tenant coexistence service mode makes the cloud-based scientific workflow encounter the risks of being intruded. For this problem, we propose a CLoud scientific wOrkflow SchedUling algoRithm based on attack–defensE game model (CLOSURE). In the algorithm, attacks based on different operating system vulnerabilities are regarded as different “attack” strategies; and different operating system distributions in a virtual machine cluster executing the workflows are regarded as different “defense” strategies. The information of the attacker and defender is not balanced. In other words, the defender cannot obtain the information about the attacker's strategies, while the attacker can acquire information about the defender's strategies through a network scan. Therefore, we propose to dynamically switch the defense strategies during the workflow execution, which can weaken the network scan effects and transform the workflow security problem into an attack–defense game problem. Then, the probability distribution of the optimal mixed defense strategies can be achieved by calculating the Nash Equilibrium in the attack–defense game model. Based on this probability, diverse VMs are provisioned for workflow execution. Furthermore, a task-VM mapping algorithm based on dynamic Heterogeneous Earliest Finish Time (HEFT) is presented to accelerate the defense strategy switching and improve workflow efficiency. The experiments are conducted on both simulation and actual environment, experimental results demonstrate that compared with other algorithms, the proposed algorithm can reduce the attacker's benefits by around 15.23%, and decrease the time costs of the algorithm by around 7.86%.
KW - Attack–defense game
KW - Diverse operating systems
KW - Moving target defense
KW - Scientific workflow
KW - Workflow scheduling
UR - http://www.scopus.com/inward/record.url?scp=85076234130&partnerID=8YFLogxK
U2 - 10.1016/j.future.2019.11.003
DO - 10.1016/j.future.2019.11.003
M3 - Article
AN - SCOPUS:85076234130
SN - 0167-739X
VL - 111
SP - 460
EP - 474
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -