Advertisement

A Game Theoretic Approach for Cloud Computing Security Assessment Using Moving Target Defense Mechanisms

  • Iman El Mir
  • Abdelkrim Haqiq
  • Dong Seong Kim
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 37)

Abstract

Nowadays, the security of the Internet is always dressing severe challenges. To achieve network system’s security with the complexity and the diversity of attack types is too difficult and costly. However, to make the network systems more resistant to attacks, Moving Target Defense (MTD) has been introduced to maximize the complexity and the uncertainty of various attacks. Indeed, these proactive defense techniques have been deployed as a game changer to prevent or delay attacks and limit their opportunity windows. This paper provides an important branch of MTD mechanisms named IP address hopping mechanism using detection systems for attack mitigation in the cloud environment. We have used a game theory approach to model the attack-defense interaction and analyze the effect of MTD on the payoff of both the attacker and the defender. Consequently, we have used Matlab simulator to validate the proposed model. Our approach demonstrated its feasibility in terms of attack mitigation in the cloud and proved the efficiency of IP address hopping mechanism to reduce the attacker’s opportunity window.

Keywords

Moving target defense techniques Game Theory Nash Equilibrium Bayesian game Cloud computing security 

References

  1. 1.
    Xu, J., Guo, P., Zhao, M., Erbacher, R.F., Zhu, M., Liu, P.: Comparing different moving target defense techniques. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 97–107. ACM (2014)Google Scholar
  2. 2.
    Carter, K.M., Riordan, J.F., Okhravi, H.: A game theoretic approach to strategy determination for dynamic platform defenses. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 21–30. ACM (2014)Google Scholar
  3. 3.
    Okhravi, H., Hobson, T., Bigelow, D., Streilein, W.: Finding focus in the blur of moving-target techniques. IEEE Secur. Priv. 12(2), 16–26 (2014)CrossRefGoogle Scholar
  4. 4.
    Zhuang, R., DeLoach, S.A., Ou, X.: Towards a theory of moving target defense. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 31–40. ACM (2014)Google Scholar
  5. 5.
    Jafarian, J.H., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 127–132. ACM (2012)Google Scholar
  6. 6.
    El Kafhali, S., Salah, K.: Stochastic modelling and analysis of cloud computing data center. In: Proceedings of 20th Conference on Innovations in Clouds, Internet and Networks, pp. 122–126. IEEE (2017)Google Scholar
  7. 7.
    Harsanyi, J.C.: Games with incomplete information played by Bayesian players, III: part I. The basic model. Manage. Sci. 50(12-supp), 1804–1817 (2004)CrossRefGoogle Scholar
  8. 8.
    Debroy, S., Calyam, P., Nguyen, M., Stage, A., Georgiev, V.: Frequency-minimal moving target defense using software-defined networking. In: Proceedings of the International Conference on Computing, Networking and Communications, pp. 1–6. IEEE (2016)Google Scholar
  9. 9.
    Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A.: A moving target DDoS defense mechanism. Comput. Commun. 46, 10–21 (2014)CrossRefGoogle Scholar
  10. 10.
    Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., Powell, W.: Catch me if you can: a cloud-enabled DDoS defense. In: Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 264–275 (2014)Google Scholar
  11. 11.
    Peng, W., Li, F., Huang, C.-T., Zou, X.: A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces. In: Proceedings of the International Conference on Communications (ICC), pp. 804–809. IEEE (2014)Google Scholar
  12. 12.
    El Mir, I., Chowdhary, A., Huang, D., Pisharody, S., Kim, D.S., Haqiq, A.: Software defined stochastic model for moving target defense. In: Proceedings of the Third International Afro-European Conference for Industrial Advancement, pp. 188–197. Springer, Cham (2016)Google Scholar
  13. 13.
    Kampanakis, P., Perros, H., Beyene, T.: SDN-based solutions for moving target defense network protection. In: Proceedings of the 15th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–6. IEEE (2014)Google Scholar
  14. 14.
    Zhuang, R., Zhang, S., Bardas, A., DeLoach, S.A., Ou, X., Singhal, A.: Investigating the application of moving target defenses to network security. In: Proceedings of the 6th International Symposium on Resilient Control Systems, pp. 162–169. IEEE (2013)Google Scholar
  15. 15.
    El Mir, I., Kim, D.S., Haqiq, A.: Cloud computing security modeling and analysis based on a self-cleansing intrusion tolerance technique. J. Inf. Assur. Secur. 11(5), 273–282 (2016)Google Scholar
  16. 16.
    El Mir, I., Kim, D.S., Haqiq, A.: Security modeling and analysis of an intrusion tolerant cloud data center. In: Proceedings of the Third World Conference on Complex Systems (WCCS), pp. 1–6. IEEE (2015)Google Scholar
  17. 17.
    Lei, C., Ma, D.-H., Zhang, H.-Q.: Optimal strategy selection for moving target defense based on Markov game. IEEE Access 5, 156–169 (2017)CrossRefGoogle Scholar
  18. 18.
    Beckery, S., Seibert, J., Zage, D., Nita-Rotaru, C., Statey, R.: Applying game theory to analyze attack and defenses in virtual coordinate systems. In: IEEE/IFIP Proceedings of the 41st International Conference on Dependable Systems & Networks, pp. 133–144 (2011)Google Scholar
  19. 19.
    Cai, G., Wang, B., Wang, X., Yuan, Y., Li, S.: An introduction to network address shuffling. In: Proceedings of the 18th International Conference on Advanced Communication Technology, pp. 185–190. IEEE (2016)Google Scholar
  20. 20.
    Carroll, T.E., Crouse, M., Fulp, E.W., Berenhaut, K.S.: Analysis of network address shuffling as a moving target defense. In: Proceedings of the International Conference on Communications, pp. 701–706. IEEE (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Computer, Networks, Mobility and Modeling Laboratory, Faculty of Sciences and TechnologySettatMorocco
  2. 2.Department of Computer Science and Software EngineeringUniversity of CanterburyChristchurchNew Zealand

Personalised recommendations