Research On Key Technologies Of API Gateway Based On Mimic Defense Theory

The API gateway has security risks exposed by the operating environment,which increases the possibility for attackers to obtain information about the system’s software and hardware devices,which in turn makes the security and reliability face major challenges.Current vulnerability,virus,and backdoor detection technologies are difficult to fully obtain threats such as vulnerabilities and backdoors in hardware and software devices,and conventional defense technologies often rely on prior knowledge and cannot prevent unknown feature viruses,vulnerabilities,or backdoors.And processing.The mimic defense theory changes the passive defense method of traditional defense technology.It builds a diverse operating environment for the system based on a dynamic heterogeneous redundant architecture,and then uses scheduling strategies to dynamically change system information,introduce uncertainty to system operating information,and improve the system The proactiveness of defense,and then arbitrate the output vectors of the heterogeneous executors and trigger the negative feedback mechanism to change the defense environment,forming a closed loop of defense,achieving the effect of obtaining the overall security of the system without relying on the absolute security of the executors.The mimic defense theory provides a new solution to the security problem of API gateways.Therefore,it is of great practical significance to explore the use of mimic defense principles to construct and implement API gateways and study the feasibility of related technologies.Based on the mimic defense principle,this paper first proposes the system architecture design of the mimic defense API gateway based on the dynamic heterogeneous redundancy architecture,and then discusses the dynamic scheduling selection of heterogeneous executive bodies under the mimic defense API gateway system architecture.And for the adjudication of multiple redundant outputs,a corresponding improved algorithm for multi-mode consistency is given.The main work of this paper is:1.Aiming at the combination of mimic defense principle and API gateway application,a system architecture of mimic defense API gateway is proposed.The architecture divides the software and hardware components of the executive body through the gateway hierarchy,and divides the component attributes according to the component functions and characteristics.On this basis,the isomerization method of the executive body is determined,and the dynamic heterogeneous redundant architecture is integrated to form a mimic defense.API gateway architecture.Simulation experiments show that the architecture has better security.2.Comprehensively considering the degree of heterogeneity and safety between the executive bodies,a functional equivalent scheduling algorithm based on the degree of heterogeneity and safety is proposed under the dynamic heterogeneous redundancy architecture.Based on the existing heterogeneous quantification,the algorithm adds comprehensive consideration of bypass information during system operation,defines the heterogeneity index and safety index between the actors,and quantifies the heterogeneity and safety calculation Way to establish the final scheduling plan.The simulation results show that the algorithm not only has a good performance in dynamics,but also leads the benchmarking algorithm by a large margin in reliability and stability,achieving a good balance between dynamics and reliability.3.Aiming at the arbitration problem of redundant output of multiple executive bodies,an improved algorithm for multi-mode consistency based on large number voting is presented.The algorithm first judges the redundant output result of the execution pool for the first time,and the result is used as the first verification result.At the same time,the abnormal scene is judged based on the result.If an abnormal scene occurs,the execution that is not in the execution pool is selected from the execution body.The entity performs redundant output,and conducts a second ruling on its output result.The ruling result is used as an auxiliary verification.After two verifications,the final ruling result is determined.Simulation experiments show that the algorithm has better effectiveness,and compared with the benchmark algorithm,the algorithm has better performance in reliability and usability.