Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud: Repeated Bayesian Stackelberg Game

Abstract

Cloud-based systems are subject to various attack types launched by Virtual Machines (VMs) manipulated by attackers having different goals and skills. The existing detection and defense mechanisms might be suitable for simple attack environments but become ineffective when the system faces advanced attack scenarios wherein simultaneous attacks of different types are involved. This is because these mechanisms overlook the attackers’ strategies in the detection system’s design, ignore the system’s resource constraints, and lack sufficient knowledge about the attackers’ types and abilities. To address these shortcomings, we propose a repeated Bayesian Stackelberg game consisting of the following phases: risk assessment framework that identifies the VMs’ risk levels, live-migration-based defense mechanism that protects services from being successful targets for attackers, machine-learning-based technique that collects malicious data from VMs using honeypots and employs one-class Support Vector Machine to learn the attackers’ types distributions, and resource-aware Bayesian Stackelberg game that provides the hypervisor with the detection load’s optimal distribution over VMs that maximizes the detection of multi-type attacks. Experiments conducted using Amazon’s datacenter and Amazon Web Services honeypot data reveal that our solution maximizes the detection, minimizes the number of attacked services, and runs efficiently compared to the state-of-the-art detection and defense strategies, namely Collabra , probabilistic migration, Stackelberg, maxmin, and fair allocation.