Skip to main content
SpringerLink
Log in

Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud

  • Conference paper
  • First Online:
Decision and Game Theory for Security (GameSec 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11199))

Included in the following conference series:

Abstract

A lot of software systems are deployed in the cloud. Owing to realistic demands for an early product launch, oftentimes there are vulnerabilities that are present in these deployed systems (or eventually found out). The cloud service provider can find and leverage this knowledge about known vulnerabilities and the underlying communication network topology of the system to position network and host-based Intrusion Detection Systems (IDS) that can effectively detect attacks. Unfortunately, deploying IDS on each host and network interface impacts the performance of the overall system. Thus, in this paper, we address the problem of placing a limited number of IDS by using the concept of Moving Target Defense (MTD). In essence, we propose an MTD system that allows a defender to shift the detection surfaces and strategically switch among the different IDS placement configurations in each round. To find a secure switching strategy, we (1) formulate the problem of placing a limited number of IDS systems in a large cloud network as a Stackelberg Game between the cloud administrator and an (external or stealthy) attacker, (2) design scalable methods to find the optimal strategies for switching IDS placements at the start of each round, and (3) formally define the problem of identifying the most critical vulnerability that should be fixed, and propose a solution for it. We compare the strategy generated by our method to other state-of-the-art strategies, showcasing the effectiveness and scalability of our method for real-world scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al-Jarrah, O., Arafat, A.: Network intrusion detection system using neural network classification of attack behavior. J. Adv. Inf. Technol. 6(1), 1–6 (2015)

    Google Scholar 

  2. Bakshi, A., Dujodwala, Y.B.: Securing cloud from DDOS attacks using intrusion detection system in virtual machine. In: Second International Conference on Communication Software and Networks, ICCSN 2010, pp. 260–264. IEEE (2010)

    Google Scholar 

  3. Brown, D.J., Suckow, B., Wang, T.: A survey of intrusion detection systems. Department of Computer Science, University of California, San Diego (2002)

    Google Scholar 

  4. Budish, E., Che, Y.K., Kojima, F., Milgrom, P.: Designing random allocation mechanisms: theory and applications. Am. Econ. Rev. 103(2), 585–623 (2013)

    Article  Google Scholar 

  5. M. I. Center: APT1: Exposing One of Chinas Cyber Espionage Units. Mandian.com (2013)

    Google Scholar 

  6. Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 1, pp. 647–651. IEEE (2012)

    Google Scholar 

  7. Chowdhary, A., Alshamrani, A., Huang, D., Liang, H.: MTD analysis and evaluation framework in software defined network (MASON). In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, pp. 43–48. ACM (2018)

    Google Scholar 

  8. Chowdhary, A., Pisharody, S., Huang, D.: SDN based scalable MTD solution in cloud network. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 27–36. ACM (2016)

    Google Scholar 

  9. Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)

    Article  Google Scholar 

  10. Conitzer, V., Sandholm, T.: Computing the optimal strategy to commit to. In: Proceedings of the 7th ACM Conference on Electronic Commerce, pp. 82–90. ACM (2006)

    Google Scholar 

  11. Dastjerdi, A.V., Bakar, K.A., Tabatabaei, S.G.H.: Distributed intrusion detection in clouds using mobile agents. In: Third International Conference on Advanced Engineering Computing and Applications in Sciences, ADVCOMP 2009, pp. 175–180. IEEE (2009)

    Google Scholar 

  12. Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)

    Article  Google Scholar 

  13. Deshpande, P., Sharma, S., Peddoju, S., Junaid, S.: HIDS: a host based intrusion detection system for cloud computing environment. Int. J. Syst. Assur. Eng. Manag. 9, 1–10 (2014)

    Google Scholar 

  14. Durkota, K., Lisỳ, V., Bosanskỳ, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: IJCAI, pp. 526–532 (2015)

    Google Scholar 

  15. Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: NDSS, vol. 3, pp. 191–206 (2003)

    Google Scholar 

  16. Hu, Z., Zhu, M., Liu, P.: Online algorithms for adaptive cyber defense on Bayesian attack graphs (2017)

    Google Scholar 

  17. Ibrahim, L.M.: Anomaly network intrusion detection system based on distributed time-delay neural network (DTDNN). J. Eng. Sci. Technol. 5(4), 457–471 (2010)

    Google Scholar 

  18. Ilgun, K.: USTAT: a real-time intrusion detection system for UNIX. University of California Santa Barbara Master thesis (1992)

    Google Scholar 

  19. Jajodia, S., Park, N., Serra, E., Subrahmanian, V.: Share: a stackelberg honey-based adversarial reasoning engine. ACM Trans. Internet Technol. (TOIT) 18(3), 30 (2018)

    Article  Google Scholar 

  20. Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of 15th IEEE Computer Security Foundations Workshop, pp. 49–63. IEEE (2002)

    Google Scholar 

  21. Jo, S., Sung, H., Ahn, B.: A comparative study on the performance of intrusion detection using decision tree and artificial neural network models. J. Korea Soc. Digit. Ind. Inf. Manag. 11(4), 33–45 (2015)

    Google Scholar 

  22. Jones, S., et al.: Evaluating moving target defense with PLADD. Technical report, Sandia National Labs-NM, Albuquerque (2015)

    Google Scholar 

  23. Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_38

    Chapter  Google Scholar 

  24. Kiekintveld, C., Jain, M., Tsai, J., Pita, J., Ordóñez, F., Tambe, M.: Computing optimal randomized resource allocations for massive security games. In: Proceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 689–696. International Foundation for Autonomous Agents and Multiagent Systems (2009)

    Google Scholar 

  25. Korzhyk, D., Conitzer, V., Parr, R.: Complexity of computing optimal stackelberg strategies in security resource allocation games. In: AAAI (2010)

    Google Scholar 

  26. Letchford, J., Vorobeychik, Y.: Optimal interdiction of attack plans. In: Proceedings of the 2013 International Conference on Autonomous Agents and Multi-agent Systems, pp. 199–206. International Foundation for Autonomous Agents and Multiagent Systems (2013)

    Google Scholar 

  27. Maleki, H., Valizadeh, S., Koch, W., Bestavros, A., van Dijk, M.: Markov modeling of moving target defense games. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 81–92. ACM (2016)

    Google Scholar 

  28. Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85–89 (2006)

    Article  Google Scholar 

  29. Panda, S., Vorobeychik, Y.: Near-optimal interdiction of factored MDPs. In: Conference on Uncertainty in Artificial Intelligence (2017)

    Google Scholar 

  30. Paruchuri, P., Pearce, J.P., Marecki, J., Tambe, M., Ordonez, F., Kraus, S.: Playing games for security: an efficient exact algorithm for solving Bayesian stackelberg games. In: Proceedings of the 7th International Joint Conference on Autonomous agents and Multiagent Systems, vol. 2, pp. 895–902. International Foundation for Autonomous Agents and Multiagent Systems (2008)

    Google Scholar 

  31. Pita, J., et al.: Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport. In: Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems: Industrial Track, pp. 125–132. AAMAS (2008)

    Google Scholar 

  32. Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: LISA 1999, pp. 229–238 (1999)

    Google Scholar 

  33. Roschke, S., Cheng, F., Meinel, C.: An extensible and virtualization-compatible ids management architecture. In: Fifth International Conference on Information Assurance and Security, IAS 2009, vol. 2, pp. 130–134. IEEE (2009)

    Google Scholar 

  34. Rowland, C.H.: Intrusion detection system. US Patent 6,405,318, 11 June 2002

    Google Scholar 

  35. Sengupta, S., Chakraborti, T., Kambhampati, S.: MTDeep: boosting the security of deep neural nets against adversarial attacks with moving target defense. arXiv preprint arXiv:1705.07213 (2017)

  36. Sengupta, S., et al.: A game theoretic approach to strategy generation for moving target defense in web applications. In: Proceedings of the 16th Conference on Autonomous Agents and MultiAgent Systems, pp. 178–186. International Foundation for Autonomous Agents and Multiagent Systems (2017)

    Google Scholar 

  37. Sinha, A., Nguyen, T.H., Kar, D., Brown, M., Tambe, M., Jiang, A.X.: From physical security to cybersecurity. J. Cybersecur. 1(1), 19–35 (2015)

    Google Scholar 

  38. Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)

    Article  Google Scholar 

  39. Vadlamudi, S.G., et al.: Moving target defense for web applications using Bayesian stackelberg games. In: Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems, pp. 1377–1378. International Foundation for Autonomous Agents and Multiagent Systems (2016)

    Google Scholar 

  40. Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: Flipit: The game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2013)

    Article  MathSciNet  Google Scholar 

  41. Venkatesan, S., Albanese, M., Amin, K., Jajodia, S., Wright, M.: A moving target defense approach to mitigate DDOS attacks against proxy-based architectures. In: 2016 IEEE Conference on Communications and Network Security (CNS), pp. 198–206. IEEE (2016)

    Google Scholar 

  42. Venkatesan, S., Albanese, M., Cybenko, G., Jajodia, S.: A moving target defense approach to disrupting stealthy botnets. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 37–46. ACM (2016)

    Google Scholar 

  43. Vieira, K., Schulter, A., Westphall, C., Westphall, C.: Intrusion detection for grid and cloud computing. IT Prof. 12(4), 38–43 (2010)

    Article  Google Scholar 

  44. Zhu, Q., Başar, T.: Game-theoretic approach to feedback-driven multi-stage moving target defense. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds.) GameSec 2013. LNCS, vol. 8252, pp. 246–263. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02786-9_15

    Chapter  MATH  Google Scholar 

  45. Zhuang, R., DeLoach, S.A., Ou, X.: Towards a theory of moving target defense. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 31–40. ACM (2014)

    Google Scholar 

Download references

Acknowledgements

This research is supported in part by the AFOSR grant FA9550-18-1-0067, ONR grants N00014-16-1-2892, N00014-18-1-2442, N00014-18-12840, the NASA grant NNX17AD06G, the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375. The first author is also supported in part by the IBM Ph.D. Fellowship 2018-19.

Author information

Authors and Affiliations

  1. Yochan Lab, Arizona State Univeristy, Tempe, USA

    Sailik Sengupta & Subbarao Kambhampati

  2. Secure Network and Computing Lab, Arizona State University, Tempe, USA

    Ankur Chowdhary & Dijiang Huang

Authors
  1. Sailik Sengupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ankur Chowdhary
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dijiang Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Subbarao Kambhampati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sailik Sengupta .

Editor information

Editors and Affiliations

  1. University of Washington, Seattle, WA, USA

    Linda Bushnell

  2. University of Washington, Seattle, WA, USA

    Radha Poovendran

  3. University of Illinois at Urbana–Champaign, Urbana, IL, USA

    Tamer Başar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sengupta, S., Chowdhary, A., Huang, D., Kambhampati, S. (2018). Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud. In: Bushnell, L., Poovendran, R., Başar, T. (eds) Decision and Game Theory for Security. GameSec 2018. Lecture Notes in Computer Science(), vol 11199. Springer, Cham. https://doi.org/10.1007/978-3-030-01554-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01554-1_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01553-4

  • Online ISBN: 978-3-030-01554-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation