How to distribute the detection load among virtual machines to maximize the detection of distributed attacks in the cloud?

Abstract

Security has been identified to be the principal stumbling-block preventing users and enterprises from moving their businesses to the cloud. The reason is that cloud systems, besides inheriting all the vulnerabilities of the traditional computing systems, appeal to new types of threats engendered mainly by the virtualization concept that allows multiple users' virtual machines (VMs) to share a common computing platform. This broadens the attack space of the malicious users and increases their ability to attack both the cloud system and other co-resident VMs. Motivated by the absence of any approach that addresses the problem of optimal detection load distribution in the domain of cloud computing, we develop a resource-aware maxmin game theoretical model that guides the hypervisor on how the detection load should be optimally distributed among its guest VMs in the real-time. The objective is to maximize the hypervisor's probability of detection, knowing that the attacker is dividing the attack over several VMs to minimize this probability. Experimental results on Amazon EC2 pricing dataset reveal that our model increases the probability of detecting distributed attacks, reduces the false positives, and minimizes the resources wasted during the detection process.