A Game Theoretic Method to Model and Evaluate Attack-Defense Strategy in Cloud Computing

Cloud computing has attracted much interest recently from both industry and academic. However, it is difficult to construct perfectly secure mechanisms, in face of complex and various attack behaviors in cloud computing. In this paper, a stochastic game model (SGM) is proposed to describe the attack-defense behavior in cloud computing, the physical machine, attack-defense behavior and their attributes are modeled by using SGM, thus forming the attack-defense game model of cloud computing. On this basis, the Nash equilibrium of attack-defense process of physical machine is computed in order to get the best defense strategy. The related theories of Petri net are used to verify the correctness of proposed method. The computation formula and the actual meaning of performance index are given. The enforcement algorithm is also proposed. Both case study and simulation results show that the proposed method can adapt quickly to the changes in cloud application, thus improving the security of cloud computing.

[1]  Kishor S. Trivedi,et al.  A scalable availability model for Infrastructure-as-a-Service cloud , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[2]  Chuang Lin,et al.  Stochastic game net and applications in security analysis for enterprise network , 2011, International Journal of Information Security.

[3]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[4]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[5]  Mehran S. Fallah A Puzzle-Based Defense Strategy Against Flooding Attacks Using Game Theory , 2010, IEEE Transactions on Dependable and Secure Computing.

[6]  Mario Piattini,et al.  A BPMN Extension for the Modeling of Security Requirements in Business Processes , 2007, IEICE Trans. Inf. Syst..

[7]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[8]  E. M. Mohamed,et al.  Enhanced data security model for cloud computing , 2012, 2012 8th International Conference on Informatics and Systems (INFOS).

[9]  Christoph Meinel,et al.  A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures , 2010, 2010 IEEE International Conference on Web Services.

[10]  Gary Anthes,et al.  Security in the cloud , 2010, Commun. ACM.

[11]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[12]  Jose B. Cruz,et al.  Game Theoretic Approach to Threat Prediction and Situation Awareness , 2006, 2006 9th International Conference on Information Fusion.

[13]  Sh. Ajoudanian,et al.  A Novel Data Security Model for Cloud Computing , 2012 .

[14]  Rajkumar Buyya,et al.  Future Generation Computer Systems Deadline-driven Provisioning of Resources for Scientific Applications in Hybrid Clouds with Aneka , 2022 .

[15]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[16]  Ioanna Kantzavelou,et al.  A game-based intrusion detection mechanism to confront internal attackers , 2010, Comput. Secur..

[17]  Bruce Bueno de Mesquita,et al.  An Introduction to Game Theory , 2014 .