基于移动目标防御信号博弈的容器迁移策略

容器作为虚拟机的轻量级替代产品，以其灵活、高效的特点促进了云计算的发展，但同时也面临着同驻攻击、逃逸攻击等安全威胁。针对云环境中的容器安全威胁，构建了基于移动目标防御的信号博弈模型，并提出了多阶段最优防御策略求解算法，通过博弈模型和求解算法选取最优策略，同时通过容器调度方法对容器进行调度，可以增强容器安全性。仿真实验结果表明，提出的迁移策略获取的防御收益相较于Kubernetes自带迁移策略提升了3.6倍，同时容器同驻率降低了79.62%,对现实容器云环境下的防御策略选取和安全性增强具有一定的借鉴意义。

Container migration strategy based on moving target defense signaling game

As a lightweight alternative product of virtual machine, container technology promotes the development of cloud computing with its flexible and efficient characteristics. But it also suffers various security threats, such as co-residency attack, escape attack and so on. Aiming at promoting the container security level in the cloud environment, this paper constructed a signaling game model based on moving target defense(MTD), and proposed a multi-stage optimal defense strategy solution algorithm. The container security could be enhanced by scheduling the container through the optimal strategy and container scheduling method. The simulation results show that the defense utility obtained by the migration strategy proposed in this paper is 3.6 times higher than that of Kubernetes'' native migration strategy, and the container co-residency rate is reduced by 79.62%, which have a valuable referenced significance for the selection of defense strategy and security enhancement in the real container cloud environment.