TY - JOUR
T1 - Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud
T2 - Repeated Bayesian Stackelberg Game
AU - Wahab, Omar Abdel
AU - Bentahar, Jamal
AU - Otrok, Hadi
AU - Mourad, Azzam
N1 - Funding Information:
This work has been supported by the Fonds de Recherche du Québec—Nature et Technologie (FRQNT), Natural Sciences and Engineering Research Council of Canada (NSERC), Khalifa University of Science, Technology & Research (KUSTAR), Associated Research Unit of the National Council for Scientific Research (CNRS-Lebanon), and Lebanese American University.
Publisher Copyright:
© 2004-2012 IEEE.
PY - 2021/3/1
Y1 - 2021/3/1
N2 - Cloud-based systems are subject to various attack types launched by Virtual Machines (VMs) manipulated by attackers having different goals and skills. The existing detection and defense mechanisms might be suitable for simple attack environments but become ineffective when the system faces advanced attack scenarios wherein simultaneous attacks of different types are involved. This is because these mechanisms overlook the attackers' strategies in the detection system's design, ignore the system's resource constraints, and lack sufficient knowledge about the attackers' types and abilities. To address these shortcomings, we propose a repeated Bayesian Stackelberg game consisting of the following phases: risk assessment framework that identifies the VMs' risk levels, live-migration-based defense mechanism that protects services from being successful targets for attackers, machine-learning-based technique that collects malicious data from VMs using honeypots and employs one-class Support Vector Machine to learn the attackers' types distributions, and resource-Aware Bayesian Stackelberg game that provides the hypervisor with the detection load's optimal distribution over VMs that maximizes the detection of multi-Type attacks. Experiments conducted using Amazon's datacenter and Amazon Web Services honeypot data reveal that our solution maximizes the detection, minimizes the number of attacked services, and runs efficiently compared to the state-of-The-Art detection and defense strategies, namely Collabra, probabilistic migration, Stackelberg, maxmin, and fair allocation.
AB - Cloud-based systems are subject to various attack types launched by Virtual Machines (VMs) manipulated by attackers having different goals and skills. The existing detection and defense mechanisms might be suitable for simple attack environments but become ineffective when the system faces advanced attack scenarios wherein simultaneous attacks of different types are involved. This is because these mechanisms overlook the attackers' strategies in the detection system's design, ignore the system's resource constraints, and lack sufficient knowledge about the attackers' types and abilities. To address these shortcomings, we propose a repeated Bayesian Stackelberg game consisting of the following phases: risk assessment framework that identifies the VMs' risk levels, live-migration-based defense mechanism that protects services from being successful targets for attackers, machine-learning-based technique that collects malicious data from VMs using honeypots and employs one-class Support Vector Machine to learn the attackers' types distributions, and resource-Aware Bayesian Stackelberg game that provides the hypervisor with the detection load's optimal distribution over VMs that maximizes the detection of multi-Type attacks. Experiments conducted using Amazon's datacenter and Amazon Web Services honeypot data reveal that our solution maximizes the detection, minimizes the number of attacked services, and runs efficiently compared to the state-of-The-Art detection and defense strategies, namely Collabra, probabilistic migration, Stackelberg, maxmin, and fair allocation.
KW - Adversarial artificial intelligence
KW - data-driven optimization
KW - game theory
KW - honeypots
KW - intrusion detection
KW - machine learning
KW - Moving Target Defense (MTD)
KW - security risk assessment
UR - http://www.scopus.com/inward/record.url?scp=85063671623&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2019.2907946
DO - 10.1109/TDSC.2019.2907946
M3 - Article
AN - SCOPUS:85063671623
SN - 1545-5971
VL - 18
SP - 605
EP - 622
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 2
M1 - 8675527
ER -