On Dynamic Recovery of Cloud Storage System Under Advanced Persistent Threats

Advanced persistent threat (APT) for data theft poses a severe threat to cloud storage systems (CSSs). An APT actor may steal valuable data from the target CSS even in a strategic fashion. To protect a CSS from APT, the cloud defender has to dynamically allocate the limited security resources to recover the compromised storage servers, aiming at mitigating his total loss. This paper addresses this dynamic cloud storage recovery (DCSR) problem by employing differential game theory. First, by introducing an expected state evolution model capturing the CSS’s expected state evolution process under a combination of attack strategy and recovery strategy, we measure the APT attacker’s net benefit and the cloud defender’s total loss. On this basis and in the worst-case situation where the cloud defender assumes that the APT attacker has full knowledge of his expected loss, we reduce the DCSR problem to a differential game-theoretic problem (the DCSR* problem) to characterize the strategic interactions between the two parties. Second, we derive a necessary condition for Nash equilibrium of the DCSR* problem and thereby introduce the concept of competitive strategy profile. Next, we study the structural properties of the competitive strategy profile, followed by some numerical examples. Then, we conduct extensive comparative experiments to exhibit that the competitive strategy profile is superior to a large number of randomly generated strategy profiles in the sense of Nash equilibrium solution concept. Finally, we briefly analyze the practicability (scalability and feasibility) of this paper. Our findings will be helpful to enhance the APT defense capabilities of the cloud defender.

[1]  Jeremy M. Kaplan,et al.  Cloud-Trust—a Security Assessment Model for Infrastructure as a Service (IaaS) Clouds , 2017, IEEE Transactions on Cloud Computing.

[2]  Liang Xiao,et al.  Evolutionary Game Theoretic Analysis of Advanced Persistent Threats Against Cloud Storage , 2017, IEEE Access.

[3]  Kun Wang,et al.  Intelligent Resource Management in Blockchain-Based Cloud Datacenters , 2018, IEEE Cloud Computing.

[4]  Dusit Niyato,et al.  Dynamic Resource Management to Defend Against Advanced Persistent Threats in Fog Computing: A Game Theoretic Approach , 2019, IEEE Transactions on Cloud Computing.

[5]  Yongwei Wu,et al.  µLibCloud: Providing High Available and Uniform Accessing to Multiple Cloud Storages , 2012, 2012 ACM/IEEE 13th International Conference on Grid Computing.

[6]  Eric Cole,et al.  Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization , 2012 .

[7]  Minyi Guo,et al.  Making Big Data Open in Edges: A Resource-Efficient Blockchain-Based Approach , 2019, IEEE Transactions on Parallel and Distributed Systems.

[8]  Manmeet Mahinderjit Singh,et al.  APTGuard : Advanced Persistent Threat (APT) Detections and Predictions using Android Smartphone , 2019 .

[9]  Jie Ling,et al.  Secure and fine-grained access control on e-healthcare records in mobile cloud computing , 2018, Future Gener. Comput. Syst..

[10]  Ehab Al-Shaer,et al.  Adversary-aware IP address randomization for proactive agility against sophisticated attackers , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[11]  Quanyan Zhu,et al.  Adaptive Strategic Cyber Defense for Advanced Persistent Threats in Critical Infrastructure Networks , 2018, PERV.

[12]  Liang Xiao,et al.  Defense Against Advanced Persistent Threats in Dynamic Cloud Storage: A Colonel Blotto Game Approach , 2018, IEEE Internet of Things Journal.

[13]  Karl Aberer,et al.  Optimizing Information Leakage in Multicloud Storage Services , 2020, IEEE Transactions on Cloud Computing.

[14]  Daniel Liberzon,et al.  Calculus of Variations and Optimal Control Theory: A Concise Introduction , 2012 .

[15]  H. Vincent Poor,et al.  Cumulative prospect theoretic study of a cloud storage defense game against advanced persistent threats , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[16]  Bruce Bueno de Mesquita,et al.  An Introduction to Game Theory , 2014 .

[17]  Quanyan Zhu,et al.  Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception , 2018, Autonomous Cyber Deception.

[18]  Liang Xiao,et al.  Defense against advanced persistent threats: A Colonel Blotto game approach , 2017, 2017 IEEE International Conference on Communications (ICC).

[19]  Wanlei Zhou,et al.  Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach , 2019, IEEE Transactions on Information Forensics and Security.

[20]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[21]  Narasimham Challa,et al.  Advanced Persistent Threat defense system using self-destructive mechanism for Cloud Security , 2016, 2016 IEEE International Conference on Engineering and Technology (ICETECH).

[22]  Carmela Troncoso,et al.  Privacy Games Along Location Traces , 2016, ACM Trans. Priv. Secur..

[23]  Huashan Chen,et al.  Statistical Estimation of Malware Detection Metrics in the Absence of Ground Truth , 2018, IEEE Transactions on Information Forensics and Security.

[24]  Joan Manuel Marquès,et al.  Towards the Decentralised Cloud , 2019, ACM Comput. Surv..

[25]  Yuval Elovici,et al.  Insight Into Insiders and IT , 2018, ACM Comput. Surv..

[26]  Quanyan Zhu,et al.  GUIDEX: A Game-Theoretic Incentive-Based Mechanism for Intrusion Detection Networks , 2012, IEEE Journal on Selected Areas in Communications.

[27]  Nicholas R. Jennings,et al.  Optimal Escape Interdiction on Transportation Networks , 2017, IJCAI.

[28]  Jun Zhang,et al.  Detecting and Preventing Cyber Insider Threats: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[29]  Quanyan Zhu,et al.  Strategic Trust in Cloud-Enabled Cyber-Physical Systems With an Application to Glucose Control , 2017, IEEE Transactions on Information Forensics and Security.

[30]  Shouhuai Xu,et al.  Modeling and Predicting Cyber Hacking Breaches , 2018, IEEE Transactions on Information Forensics and Security.

[31]  H. Vincent Poor,et al.  Cloud Storage Defense Against Advanced Persistent Threats: A Prospect Theoretic Study , 2017, IEEE Journal on Selected Areas in Communications.

[32]  Luca Lambertini,et al.  Weak and Strong Time Consistency in a Differential Oligopoly Game with Capital Accumulation , 2008 .

[33]  F. Richard Yu,et al.  A Mean Field Game Theoretic Approach for Security Enhancements in Mobile Ad hoc Networks , 2014, IEEE Transactions on Wireless Communications.

[34]  H. Vincent Poor,et al.  Attacker-Centric View of a Detection Game against Advanced Persistent Threats , 2018, IEEE Transactions on Mobile Computing.

[35]  Song Guo,et al.  Green Resource Allocation Based on Deep Reinforcement Learning in Content-Centric IoT , 2018, IEEE Transactions on Emerging Topics in Computing.

[36]  Mahmoud Salmasizadeh,et al.  A Key-Policy Attribute-Based Temporary Keyword Search scheme for Secure Cloud Storage , 2020, IEEE Transactions on Cloud Computing.

[37]  Georges Zaccour,et al.  The Leitmann-Schmitendorf advertising differential game , 2009, Appl. Math. Comput..

[38]  Dijiang Huang,et al.  A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities , 2019, IEEE Communications Surveys & Tutorials.

[39]  Yuan Yan Tang,et al.  Security Evaluation of the Cyber Networks Under Advanced Persistent Threats , 2017, IEEE Access.

[40]  Xiao Liang,et al.  Prospect Theoretic Study of Cloud Storage Defense against Advanced Persistent Threats , 2016 .

[41]  Scott A. DeLoach,et al.  A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems , 2015, MTD@CCS.

[42]  Yuan Yan Tang,et al.  A Risk Management Approach to Defending Against the Advanced Persistent Threat , 2020, IEEE Transactions on Dependable and Secure Computing.

[43]  Weimin Han,et al.  Numerical Solution of Ordinary Differential Equations: Atkinson/Numerical , 2009 .

[44]  Jari-Matti Mäkelä,et al.  Diversification and obfuscation techniques for software security: A systematic literature review , 2018, Inf. Softw. Technol..

[45]  Shouhuai Xu,et al.  Preventive and Reactive Cyber Defense Dynamics Is Globally Stable , 2016, IEEE Transactions on Network Science and Engineering.

[46]  Shouhuai Xu,et al.  Unified Preventive and Reactive Cyber Defense Dynamics Is Still Globally Convergent , 2019, IEEE/ACM Transactions on Networking.

[47]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[48]  Florian Skopik,et al.  Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[49]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.

[50]  Walid Saad,et al.  Prospect theory for enhanced cyber-physical security of drone delivery systems: A network interdiction game , 2017, 2017 IEEE International Conference on Communications (ICC).

[51]  Yuan Yan Tang,et al.  Defending against the Advanced Persistent Threat: An Optimal Control Approach , 2018, Secur. Commun. Networks.

[52]  Dan C. Marinescu,et al.  Cloud Computing: Theory and Practice , 2013 .

[53]  Song Guo,et al.  Cluster Frameworks for Efficient Scheduling and Resource Allocation in Data Center Networks: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[54]  Khaled M. Rabie,et al.  Detection of advanced persistent threat using machine-learning correlation analysis , 2018, Future Gener. Comput. Syst..