I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud

Omar Abdel Wahab; Jamal Bentahar; Hadi Otrok; Azzam Mourad

doi:10.1109/ICWS.2017.88

I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud

Omar Abdel Wahab, Jamal Bentahar, Hadi Otrok, Azzam Mourad

Concordia University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

Insider attacks in which misbehaving Virtual Machines (VMs) take part of the cloud system and learn about its internal vulnerabilities constitute a major threat against cloud resources and infrastructure. This demands setting up continuous and comprehensive security arrangements to restrict the effects of such attacks. However, limited security resources prohibit full detection coverage on all VMs at all times, which can be exploited by attackers to examine the selective detection strategies and adjust their own attack plans accordingly. Motivated by the absence of any approach that accounts for such a challenge in the domain of cloud computing, we propose in this work an adaptive detection strategy that formulates a Stackelberg security game to enable the cloud system to optimally exploit its available amount of security resources to maximize the detection of distributed attacks, knowing that attackers have the ability to monitor the cloud system's strategies and adjust their own attack plans. Experiments carried out on the CloudSim framework reveal that the proposed solution maximizes the detection of distributed attacks and minimizes false negatives and positives compared to a maximin-based detection strategy, while being scalable to the increase in both the number of co-hosted VMs and percentage of co-resident attackers.

Original language	British English
Title of host publication	Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017
Editors	Shiping Chen, Ilkay Altintas
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	728-735
Number of pages	8
ISBN (Electronic)	9781538607527
DOIs	https://doi.org/10.1109/ICWS.2017.88
State	Published - 7 Sep 2017
Event	24th IEEE International Conference on Web Services, ICWS 2017 - Honolulu, United States Duration: 25 Jun 2017 → 30 Jun 2017

Publication series

Name	Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017

Conference

Conference	24th IEEE International Conference on Web Services, ICWS 2017
Country/Territory	United States
City	Honolulu
Period	25/06/17 → 30/06/17

Keywords

intrusion detection
limited resources
Load distribution
security
Stackelberg game theory
virtualized cloud

Access to Document

10.1109/ICWS.2017.88

Cite this

Wahab, O. A., Bentahar, J., Otrok, H., & Mourad, A. (2017). I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud. In S. Chen, & I. Altintas (Eds.), Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017 (pp. 728-735). Article 8029829 (Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICWS.2017.88

Wahab, Omar Abdel ; Bentahar, Jamal ; Otrok, Hadi et al. / I Know You Are Watching Me : Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud. Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017. editor / Shiping Chen ; Ilkay Altintas. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 728-735 (Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017).

@inproceedings{fca9a2cb6b5f440cad7f158f98ea43ec,

title = "I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud",

abstract = "Insider attacks in which misbehaving Virtual Machines (VMs) take part of the cloud system and learn about its internal vulnerabilities constitute a major threat against cloud resources and infrastructure. This demands setting up continuous and comprehensive security arrangements to restrict the effects of such attacks. However, limited security resources prohibit full detection coverage on all VMs at all times, which can be exploited by attackers to examine the selective detection strategies and adjust their own attack plans accordingly. Motivated by the absence of any approach that accounts for such a challenge in the domain of cloud computing, we propose in this work an adaptive detection strategy that formulates a Stackelberg security game to enable the cloud system to optimally exploit its available amount of security resources to maximize the detection of distributed attacks, knowing that attackers have the ability to monitor the cloud system's strategies and adjust their own attack plans. Experiments carried out on the CloudSim framework reveal that the proposed solution maximizes the detection of distributed attacks and minimizes false negatives and positives compared to a maximin-based detection strategy, while being scalable to the increase in both the number of co-hosted VMs and percentage of co-resident attackers.",

keywords = "intrusion detection, limited resources, Load distribution, security, Stackelberg game theory, virtualized cloud",

author = "Wahab, {Omar Abdel} and Jamal Bentahar and Hadi Otrok and Azzam Mourad",

note = "Funding Information: This work has been supported by the Fonds de Recherche du Qu{\'e}bec - Nature et Technologie (FRQNT), Natural Sciences and Engineering Research Council of Canada (NSERC), Khalifa University, Associated Research Unit of the National Council for Scientific Research (CNRS-Lebanon), and Lebanese American University. Publisher Copyright: {\textcopyright} 2017 IEEE.; 24th IEEE International Conference on Web Services, ICWS 2017 ; Conference date: 25-06-2017 Through 30-06-2017",

year = "2017",

month = sep,

day = "7",

doi = "10.1109/ICWS.2017.88",

language = "British English",

series = "Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "728--735",

editor = "Shiping Chen and Ilkay Altintas",

booktitle = "Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017",

address = "United States",

}

Wahab, OA, Bentahar, J , Otrok, H & Mourad, A 2017, I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud. in S Chen & I Altintas (eds), Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017., 8029829, Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017, Institute of Electrical and Electronics Engineers Inc., pp. 728-735, 24th IEEE International Conference on Web Services, ICWS 2017, Honolulu, United States, 25/06/17. https://doi.org/10.1109/ICWS.2017.88

I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud. / Wahab, Omar Abdel; Bentahar, Jamal ; Otrok, Hadi et al.
Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017. ed. / Shiping Chen; Ilkay Altintas. Institute of Electrical and Electronics Engineers Inc., 2017. p. 728-735 8029829 (Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - I Know You Are Watching Me

T2 - 24th IEEE International Conference on Web Services, ICWS 2017

AU - Wahab, Omar Abdel

AU - Bentahar, Jamal

AU - Otrok, Hadi

AU - Mourad, Azzam

N1 - Funding Information: This work has been supported by the Fonds de Recherche du Québec - Nature et Technologie (FRQNT), Natural Sciences and Engineering Research Council of Canada (NSERC), Khalifa University, Associated Research Unit of the National Council for Scientific Research (CNRS-Lebanon), and Lebanese American University. Publisher Copyright: © 2017 IEEE.

PY - 2017/9/7

Y1 - 2017/9/7

N2 - Insider attacks in which misbehaving Virtual Machines (VMs) take part of the cloud system and learn about its internal vulnerabilities constitute a major threat against cloud resources and infrastructure. This demands setting up continuous and comprehensive security arrangements to restrict the effects of such attacks. However, limited security resources prohibit full detection coverage on all VMs at all times, which can be exploited by attackers to examine the selective detection strategies and adjust their own attack plans accordingly. Motivated by the absence of any approach that accounts for such a challenge in the domain of cloud computing, we propose in this work an adaptive detection strategy that formulates a Stackelberg security game to enable the cloud system to optimally exploit its available amount of security resources to maximize the detection of distributed attacks, knowing that attackers have the ability to monitor the cloud system's strategies and adjust their own attack plans. Experiments carried out on the CloudSim framework reveal that the proposed solution maximizes the detection of distributed attacks and minimizes false negatives and positives compared to a maximin-based detection strategy, while being scalable to the increase in both the number of co-hosted VMs and percentage of co-resident attackers.

AB - Insider attacks in which misbehaving Virtual Machines (VMs) take part of the cloud system and learn about its internal vulnerabilities constitute a major threat against cloud resources and infrastructure. This demands setting up continuous and comprehensive security arrangements to restrict the effects of such attacks. However, limited security resources prohibit full detection coverage on all VMs at all times, which can be exploited by attackers to examine the selective detection strategies and adjust their own attack plans accordingly. Motivated by the absence of any approach that accounts for such a challenge in the domain of cloud computing, we propose in this work an adaptive detection strategy that formulates a Stackelberg security game to enable the cloud system to optimally exploit its available amount of security resources to maximize the detection of distributed attacks, knowing that attackers have the ability to monitor the cloud system's strategies and adjust their own attack plans. Experiments carried out on the CloudSim framework reveal that the proposed solution maximizes the detection of distributed attacks and minimizes false negatives and positives compared to a maximin-based detection strategy, while being scalable to the increase in both the number of co-hosted VMs and percentage of co-resident attackers.

KW - intrusion detection

KW - limited resources

KW - Load distribution

KW - security

KW - Stackelberg game theory

KW - virtualized cloud

UR - http://www.scopus.com/inward/record.url?scp=85032337826&partnerID=8YFLogxK

U2 - 10.1109/ICWS.2017.88

DO - 10.1109/ICWS.2017.88

M3 - Conference contribution

AN - SCOPUS:85032337826

T3 - Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017

SP - 728

EP - 735

BT - Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017

A2 - Chen, Shiping

A2 - Altintas, Ilkay

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 25 June 2017 through 30 June 2017

ER -

Wahab OA, Bentahar J , Otrok H , Mourad A. I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud. In Chen S, Altintas I, editors, Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 728-735. 8029829. (Proceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017). doi: 10.1109/ICWS.2017.88

I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this