Abstract
A lot of software systems are deployed in the cloud. Owing to realistic demands for an early product launch, oftentimes there are vulnerabilities that are present in these deployed systems (or eventually found out). The cloud service provider can find and leverage this knowledge about known vulnerabilities and the underlying communication network topology of the system to position network and host-based Intrusion Detection Systems (IDS) that can effectively detect attacks. Unfortunately, deploying IDS on each host and network interface impacts the performance of the overall system. Thus, in this paper, we address the problem of placing a limited number of IDS by using the concept of Moving Target Defense (MTD). In essence, we propose an MTD system that allows a defender to shift the detection surfaces and strategically switch among the different IDS placement configurations in each round. To find a secure switching strategy, we (1) formulate the problem of placing a limited number of IDS systems in a large cloud network as a Stackelberg Game between the cloud administrator and an (external or stealthy) attacker, (2) design scalable methods to find the optimal strategies for switching IDS placements at the start of each round, and (3) formally define the problem of identifying the most critical vulnerability that should be fixed, and propose a solution for it. We compare the strategy generated by our method to other state-of-the-art strategies, showcasing the effectiveness and scalability of our method for real-world scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Jarrah, O., Arafat, A.: Network intrusion detection system using neural network classification of attack behavior. J. Adv. Inf. Technol. 6(1), 1–6 (2015)
Bakshi, A., Dujodwala, Y.B.: Securing cloud from DDOS attacks using intrusion detection system in virtual machine. In: Second International Conference on Communication Software and Networks, ICCSN 2010, pp. 260–264. IEEE (2010)
Brown, D.J., Suckow, B., Wang, T.: A survey of intrusion detection systems. Department of Computer Science, University of California, San Diego (2002)
Budish, E., Che, Y.K., Kojima, F., Milgrom, P.: Designing random allocation mechanisms: theory and applications. Am. Econ. Rev. 103(2), 585–623 (2013)
M. I. Center: APT1: Exposing One of Chinas Cyber Espionage Units. Mandian.com (2013)
Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 1, pp. 647–651. IEEE (2012)
Chowdhary, A., Alshamrani, A., Huang, D., Liang, H.: MTD analysis and evaluation framework in software defined network (MASON). In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, pp. 43–48. ACM (2018)
Chowdhary, A., Pisharody, S., Huang, D.: SDN based scalable MTD solution in cloud network. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 27–36. ACM (2016)
Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)
Conitzer, V., Sandholm, T.: Computing the optimal strategy to commit to. In: Proceedings of the 7th ACM Conference on Electronic Commerce, pp. 82–90. ACM (2006)
Dastjerdi, A.V., Bakar, K.A., Tabatabaei, S.G.H.: Distributed intrusion detection in clouds using mobile agents. In: Third International Conference on Advanced Engineering Computing and Applications in Sciences, ADVCOMP 2009, pp. 175–180. IEEE (2009)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)
Deshpande, P., Sharma, S., Peddoju, S., Junaid, S.: HIDS: a host based intrusion detection system for cloud computing environment. Int. J. Syst. Assur. Eng. Manag. 9, 1–10 (2014)
Durkota, K., Lisỳ, V., Bosanskỳ, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: IJCAI, pp. 526–532 (2015)
Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: NDSS, vol. 3, pp. 191–206 (2003)
Hu, Z., Zhu, M., Liu, P.: Online algorithms for adaptive cyber defense on Bayesian attack graphs (2017)
Ibrahim, L.M.: Anomaly network intrusion detection system based on distributed time-delay neural network (DTDNN). J. Eng. Sci. Technol. 5(4), 457–471 (2010)
Ilgun, K.: USTAT: a real-time intrusion detection system for UNIX. University of California Santa Barbara Master thesis (1992)
Jajodia, S., Park, N., Serra, E., Subrahmanian, V.: Share: a stackelberg honey-based adversarial reasoning engine. ACM Trans. Internet Technol. (TOIT) 18(3), 30 (2018)
Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of 15th IEEE Computer Security Foundations Workshop, pp. 49–63. IEEE (2002)
Jo, S., Sung, H., Ahn, B.: A comparative study on the performance of intrusion detection using decision tree and artificial neural network models. J. Korea Soc. Digit. Ind. Inf. Manag. 11(4), 33–45 (2015)
Jones, S., et al.: Evaluating moving target defense with PLADD. Technical report, Sandia National Labs-NM, Albuquerque (2015)
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_38
Kiekintveld, C., Jain, M., Tsai, J., Pita, J., Ordóñez, F., Tambe, M.: Computing optimal randomized resource allocations for massive security games. In: Proceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 689–696. International Foundation for Autonomous Agents and Multiagent Systems (2009)
Korzhyk, D., Conitzer, V., Parr, R.: Complexity of computing optimal stackelberg strategies in security resource allocation games. In: AAAI (2010)
Letchford, J., Vorobeychik, Y.: Optimal interdiction of attack plans. In: Proceedings of the 2013 International Conference on Autonomous Agents and Multi-agent Systems, pp. 199–206. International Foundation for Autonomous Agents and Multiagent Systems (2013)
Maleki, H., Valizadeh, S., Koch, W., Bestavros, A., van Dijk, M.: Markov modeling of moving target defense games. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 81–92. ACM (2016)
Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85–89 (2006)
Panda, S., Vorobeychik, Y.: Near-optimal interdiction of factored MDPs. In: Conference on Uncertainty in Artificial Intelligence (2017)
Paruchuri, P., Pearce, J.P., Marecki, J., Tambe, M., Ordonez, F., Kraus, S.: Playing games for security: an efficient exact algorithm for solving Bayesian stackelberg games. In: Proceedings of the 7th International Joint Conference on Autonomous agents and Multiagent Systems, vol. 2, pp. 895–902. International Foundation for Autonomous Agents and Multiagent Systems (2008)
Pita, J., et al.: Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport. In: Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems: Industrial Track, pp. 125–132. AAMAS (2008)
Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: LISA 1999, pp. 229–238 (1999)
Roschke, S., Cheng, F., Meinel, C.: An extensible and virtualization-compatible ids management architecture. In: Fifth International Conference on Information Assurance and Security, IAS 2009, vol. 2, pp. 130–134. IEEE (2009)
Rowland, C.H.: Intrusion detection system. US Patent 6,405,318, 11 June 2002
Sengupta, S., Chakraborti, T., Kambhampati, S.: MTDeep: boosting the security of deep neural nets against adversarial attacks with moving target defense. arXiv preprint arXiv:1705.07213 (2017)
Sengupta, S., et al.: A game theoretic approach to strategy generation for moving target defense in web applications. In: Proceedings of the 16th Conference on Autonomous Agents and MultiAgent Systems, pp. 178–186. International Foundation for Autonomous Agents and Multiagent Systems (2017)
Sinha, A., Nguyen, T.H., Kar, D., Brown, M., Tambe, M., Jiang, A.X.: From physical security to cybersecurity. J. Cybersecur. 1(1), 19–35 (2015)
Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)
Vadlamudi, S.G., et al.: Moving target defense for web applications using Bayesian stackelberg games. In: Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems, pp. 1377–1378. International Foundation for Autonomous Agents and Multiagent Systems (2016)
Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: Flipit: The game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2013)
Venkatesan, S., Albanese, M., Amin, K., Jajodia, S., Wright, M.: A moving target defense approach to mitigate DDOS attacks against proxy-based architectures. In: 2016 IEEE Conference on Communications and Network Security (CNS), pp. 198–206. IEEE (2016)
Venkatesan, S., Albanese, M., Cybenko, G., Jajodia, S.: A moving target defense approach to disrupting stealthy botnets. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 37–46. ACM (2016)
Vieira, K., Schulter, A., Westphall, C., Westphall, C.: Intrusion detection for grid and cloud computing. IT Prof. 12(4), 38–43 (2010)
Zhu, Q., Başar, T.: Game-theoretic approach to feedback-driven multi-stage moving target defense. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds.) GameSec 2013. LNCS, vol. 8252, pp. 246–263. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02786-9_15
Zhuang, R., DeLoach, S.A., Ou, X.: Towards a theory of moving target defense. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 31–40. ACM (2014)
Acknowledgements
This research is supported in part by the AFOSR grant FA9550-18-1-0067, ONR grants N00014-16-1-2892, N00014-18-1-2442, N00014-18-12840, the NASA grant NNX17AD06G, the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375. The first author is also supported in part by the IBM Ph.D. Fellowship 2018-19.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Sengupta, S., Chowdhary, A., Huang, D., Kambhampati, S. (2018). Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud. In: Bushnell, L., Poovendran, R., Başar, T. (eds) Decision and Game Theory for Security. GameSec 2018. Lecture Notes in Computer Science(), vol 11199. Springer, Cham. https://doi.org/10.1007/978-3-030-01554-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-01554-1_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01553-4
Online ISBN: 978-3-030-01554-1
eBook Packages: Computer ScienceComputer Science (R0)