General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks

The processing and storage of critical data in large-scale cloud networks necessitate the need for scalable security solutions. It has been shown that deploying all possible detection measures incur a cost on performance by using up valuable computing and networking resources, thereby resulting in Service Level Agreement (SLA) violations promised to the cloud-service users. Thus, there has been a recent interest in developing Moving Target Defense (MTD) mechanisms that helps to optimize the joint objective of maximizing security while ensuring that the impact on performance is minimized. Often, these techniques model the challenge of multi-stage attacks by stealthy adversaries as a single-step attack detection game and use graph connectivity measures as a heuristic to measure performance, thereby (1) losing out on valuable information that is inherently present in multi-stage models designed for large cloud networks, and (2) come up with strategies that have asymmetric impacts on performance, thereby heavily affecting the Quality of Service (QoS) for some cloud users. In this work, we use the attack graph of a cloud network to formulate a general-sum Markov Game and use the Common Vulnerability Scoring System (CVSS) to come up with meaningful utility values in each state of the game. We then show that, for the threat model in which an adversary has knowledge of a defender’s strategy, the use of Stackelberg equilibrium can provide an optimal strategy for placement of security resources. In cases where this assumption turns out to be too strong, we show that the Stackelberg equilibrium turns out to be a Nash equilibrium of the general-sum Markov Game. We compare the gains obtained using our method(s) to other baseline techniques used in cloud network security. Finally, we highlight how the method was used in a real-world small-scale cloud system.

[1]  Siv Hilde Houmb,et al.  Quantifying security risk level from CVSS estimates of frequency and impact , 2010, J. Syst. Softw..

[2]  Satinder Singh,et al.  Computing Stackelberg Equilibria in Discounted Stochastic Games ( Corrected Version ) , 2012 .

[3]  Michael P. Wellman,et al.  Multistage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis , 2018, Secur. Commun. Networks.

[4]  Julio B. Clempner,et al.  An iterative method for solving stackelberg security games: A Markov games approach , 2017, 2017 14th International Conference on Electrical Engineering, Computing Science and Automatic Control (CCE).

[5]  Dijiang Huang,et al.  SDN based Scalable MTD solution in Cloud Network , 2016, MTD@CCS.

[6]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[7]  Yevgeniy Vorobeychik,et al.  Computing Stackelberg Equilibria in Discounted Stochastic Games , 2012, AAAI.

[8]  Sailik Sengupta,et al.  Markov Game Modeling of Moving Target Defense for Strategic Detection of Threats in Cloud Networks , 2018, ArXiv.

[9]  Milind Tambe,et al.  From physical security to cybersecurity , 2015, J. Cybersecur..

[10]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[11]  Sailik Sengupta,et al.  MTDeep: Boosting the Security of Deep Neural Nets Against Adversarial Attacks with Moving Target Defense , 2018, AAAI Workshops.

[12]  Michael L. Littman,et al.  Markov Games as a Framework for Multi-Agent Reinforcement Learning , 1994, ICML.

[13]  Sailik Sengupta,et al.  A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications , 2017, AAMAS.

[14]  Vincent Conitzer,et al.  Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games , 2010, AAAI.

[15]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[16]  Sailik Sengupta,et al.  Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud , 2018, GameSec.

[17]  L. Shapley Stochastic Games* , 1953, Proceedings of the National Academy of Sciences.

[18]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[19]  Demosthenis Teneketzis,et al.  Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs , 2015, MTD@CCS.

[20]  Sushil Jajodia,et al.  SHARE: A Stackelberg Honey-Based Adversarial Reasoning Engine , 2018, ACM Trans. Internet Techn..

[21]  Jeannette M. Wing,et al.  Game strategies in network security , 2004, International Journal of Information Security.

[22]  Gail-Joon Ahn,et al.  Science DMZ: SDN based secured cloud testbed , 2017, 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[23]  Sushil Jajodia,et al.  A Moving Target Defense Approach to Disrupting Stealthy Botnets , 2016, MTD@CCS.

[24]  Branislav Bosanský,et al.  An Initial Study of Targeted Personality Models in the FlipIt Game , 2018, GameSec.

[25]  Haifeng Xu,et al.  Deceiving Cyber Adversaries: A Game Theoretic Approach , 2018, AAMAS.

[26]  Scott A. DeLoach,et al.  Investigating the application of moving target defenses to network security , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[27]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[28]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[29]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[30]  Chin-Tser Huang,et al.  A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces , 2014, 2014 IEEE International Conference on Communications (ICC).