Optimal Defense Strategy against Evasion Attacks

Abstract

Recent detection method based on machine learning demonstrates significant advantages against varieties of network attacks, and has been widely deployed in cloud applications. However, novel attacks such as Advanced Persistent Threats (APTs) could evade detection of the intrusion detection system, which may lead to serious data leakage in cloud. Existing methods studied the countermeasures to defend against evasion attacks. However, a cloud service provider (CSP) also have to balance between its expect revenue and the security risk of system with limited resources. In this paper, we present the CSP’s optimal strategy for effective and safety operation, in which the CSP decides the size of users that the cloud service will provide and whether enhanced countermeasures will be conducted for discovering the possible evasion attacks. While the CSP tries to optimize its profit by carefully making a two-step decision of the defense plan and service scale, the attacker considers its expected revenue to launch evasion attacks or not. To obtain insights of such a highly coupled system, we consider a system with one CSP and one attacker with two attack choices of whether to launch an evasion attack. We propose a two-stage Stackelberg game, in which the CSP acts as the leader who decides the defense plan and service scale in Stage I, and the attacker acts as the follower that determines whether to make evasion attacks in Stage II. We derive the Nash Equilibrium by analyzing the attacker’s choices under different scenarios that the CSP selects. Then, we provide the CSP’s optimal strategies to maximize its revenue. The simulation results help to better understand the CSP’s optimal solutions under different situations.