Cloud security in the age of adaptive adversaries: A game theoretic approach to hypervisor-based intrusion detection

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Journal of Systems Architecture Pub Date : 2024-09-23 DOI:10.1016/j.sysarc.2024.103281

Sadia , Ahsan Saadat , Yasir Faheem , Zainab Abaid , Muhammad Moazam Fraz

{"title":"Cloud security in the age of adaptive adversaries: A game theoretic approach to hypervisor-based intrusion detection","authors":"Sadia , Ahsan Saadat , Yasir Faheem , Zainab Abaid , Muhammad Moazam Fraz","doi":"10.1016/j.sysarc.2024.103281","DOIUrl":null,"url":null,"abstract":"<div><div>Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103281"},"PeriodicalIF":3.7000,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762124002182","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

自适应对手时代的云安全：基于管理程序的入侵检测博弈论方法

云计算领域的最新进展凸显了对强大安全机制的迫切需要，以应对不断演变的网络威胁。入侵检测系统（IDS）等传统安全解决方案往往因无法预测适应性网络对手的策略而无法发挥作用。博弈论被认为是理解防御者和对手之间战略互动的常用分析工具，可提供更明智的决策过程。然而，现有的博弈论 IDS 通常采用参数有限的非全面效用函数，无法捕捉现实世界动态的复杂性。本文介绍了一种新颖的基于管理程序的博弈论 IDS（GHyIDS），它采用了全面的效用函数和创新的信念更新模型，以提高动态云环境中的检测准确性和适应性。为了克服现有模型的局限性，我们设计了综合效用函数，纳入了更广泛的真实世界参数，如信任分值、风险、脆弱性、破坏严重性、虚拟机价值、攻击者可用的手段、机会和访问，以及攻击检测和执行的成功率。我们提出了资源感知静态入侵检测贝叶斯博弈（S-IDBG），并将其扩展为动态多阶段 IDBG（D-IDBG），使系统能够动态适应攻击模式和系统漏洞的变化。信念更新模型在根据观察到的行为和结果不断完善系统策略方面起着关键作用，可针对不断演变的威胁进行精确调整。我们的实验结果表明，与现有模型相比，我们的方法有了显著的改进，在与基于信任的最大值博弈和重复贝叶斯斯塔克尔伯格博弈等最先进模型的比较分析中，我们的方法提高了约 10%的检测率，降低了 20%的误报率，并减少了 10%的误报率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.