Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud: Repeated Bayesian Stackelberg Game

Research output: Contribution to journalArticlepeer-review

57 Scopus citations

Abstract

Cloud-based systems are subject to various attack types launched by Virtual Machines (VMs) manipulated by attackers having different goals and skills. The existing detection and defense mechanisms might be suitable for simple attack environments but become ineffective when the system faces advanced attack scenarios wherein simultaneous attacks of different types are involved. This is because these mechanisms overlook the attackers' strategies in the detection system's design, ignore the system's resource constraints, and lack sufficient knowledge about the attackers' types and abilities. To address these shortcomings, we propose a repeated Bayesian Stackelberg game consisting of the following phases: risk assessment framework that identifies the VMs' risk levels, live-migration-based defense mechanism that protects services from being successful targets for attackers, machine-learning-based technique that collects malicious data from VMs using honeypots and employs one-class Support Vector Machine to learn the attackers' types distributions, and resource-Aware Bayesian Stackelberg game that provides the hypervisor with the detection load's optimal distribution over VMs that maximizes the detection of multi-Type attacks. Experiments conducted using Amazon's datacenter and Amazon Web Services honeypot data reveal that our solution maximizes the detection, minimizes the number of attacked services, and runs efficiently compared to the state-of-The-Art detection and defense strategies, namely Collabra, probabilistic migration, Stackelberg, maxmin, and fair allocation.

Original languageBritish English
Article number8675527
Pages (from-to)605-622
Number of pages18
JournalIEEE Transactions on Dependable and Secure Computing
Volume18
Issue number2
DOIs
StatePublished - 1 Mar 2021

Keywords

  • Adversarial artificial intelligence
  • data-driven optimization
  • game theory
  • honeypots
  • intrusion detection
  • machine learning
  • Moving Target Defense (MTD)
  • security risk assessment

Fingerprint

Dive into the research topics of 'Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud: Repeated Bayesian Stackelberg Game'. Together they form a unique fingerprint.

Cite this