Multi-Dimensional Moving Target Defense Method Based on Adaptive Simulated Annealing Genetic Algorithm

Due to the fine-grained splitting of microservices and frequent communication between microservices, the exposed attack surface of microservices has exploded, facilitating the lateral movement of attackers between microservices. To solve this problem, a multi-dimensional moving target defense method based on an adaptive simulated annealing genetic algorithm (MD2RS) is proposed. Firstly, according to the characteristics of microservices in the cloud, a microservice attack graph is proposed to quantify the attack scenario of microservices in the cloud so as to conveniently and intuitively observe the vulnerability of microservices in the cloud and the dependency relationship between microservices. Secondly, the security gain and resource cost are quantified for the key nodes selected by measuring the degree of dependence of each node according to the degree centrality. Finally, the Adaptive Simulated Annealing Genetic Algorithm (ASAGA) is used to solve the optimal security configuration information of the moving target defense, that is, the combination of the number of copies of the multi-copy deployment and the rotation cycle of the dynamic rotation of microservices, in order to quickly evaluate the security risks of microservices and optimize the security policy. Experiments show that the defense return rate of MD2RS is 85.95% higher than that of the mainstream methods, and the experimental results are conducive to applying this method to the dynamic defense of microservices in the cloud.