Abstract:
Insider attacks in which misbehaving Virtual Machines (VMs) take part of the cloud system and learn about its internal vulnerabilities constitute a major threat against cloud resources and infrastructure. This demands setting up continuous and comprehensive security arrangements to restrict the effects of such attacks. However, limited security resources prohibit full detection coverage on all VMs at all times, which can be exploited by attackers to examine the selective detection strategies and adjust their own attack plans accordingly. Motivated by the absence of any approach that accounts for such a challenge in the domain of cloud computing, we propose in this work an adaptive detection strategy that formulates a Stackelberg security game to enable the cloud system to optimally exploit its available amount of security resources to maximize the detection of distributed attacks, knowing that attackers have the ability to monitor the cloud system's strategies and adjust their own attack plans. Experiments carried out on the CloudSim framework reveal that the proposed solution maximizes the detection of distributed attacks and minimizes false negatives and positives compared to a maximin-based detection strategy, while being scalable to the increase in both the number of co-hosted VMs and percentage of co-resident attackers.
Citation:
Wahab, O. A., Bentahar, J., Otrok, H., & Mourad, A. (2017, June). I know you are watching me: Stackelberg-based adaptive intrusion detection strategy for insider attacks in the cloud. In 2017 IEEE International Conference on Web Services (ICWS) (pp. 728-735). IEEE.
