自适应对手时代的云安全:基于管理程序的入侵检测博弈论方法

IF 3.7 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Journal of Systems Architecture Pub Date : 2024-09-23 DOI:10.1016/j.sysarc.2024.103281
Sadia , Ahsan Saadat , Yasir Faheem , Zainab Abaid , Muhammad Moazam Fraz
{"title":"自适应对手时代的云安全:基于管理程序的入侵检测博弈论方法","authors":"Sadia ,&nbsp;Ahsan Saadat ,&nbsp;Yasir Faheem ,&nbsp;Zainab Abaid ,&nbsp;Muhammad Moazam Fraz","doi":"10.1016/j.sysarc.2024.103281","DOIUrl":null,"url":null,"abstract":"<div><div>Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103281"},"PeriodicalIF":3.7000,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cloud security in the age of adaptive adversaries: A game theoretic approach to hypervisor-based intrusion detection\",\"authors\":\"Sadia ,&nbsp;Ahsan Saadat ,&nbsp;Yasir Faheem ,&nbsp;Zainab Abaid ,&nbsp;Muhammad Moazam Fraz\",\"doi\":\"10.1016/j.sysarc.2024.103281\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.</div></div>\",\"PeriodicalId\":50027,\"journal\":{\"name\":\"Journal of Systems Architecture\",\"volume\":\"156 \",\"pages\":\"Article 103281\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2024-09-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems Architecture\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1383762124002182\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762124002182","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

云计算领域的最新进展凸显了对强大安全机制的迫切需要,以应对不断演变的网络威胁。入侵检测系统(IDS)等传统安全解决方案往往因无法预测适应性网络对手的策略而无法发挥作用。博弈论被认为是理解防御者和对手之间战略互动的常用分析工具,可提供更明智的决策过程。然而,现有的博弈论 IDS 通常采用参数有限的非全面效用函数,无法捕捉现实世界动态的复杂性。本文介绍了一种新颖的基于管理程序的博弈论 IDS(GHyIDS),它采用了全面的效用函数和创新的信念更新模型,以提高动态云环境中的检测准确性和适应性。为了克服现有模型的局限性,我们设计了综合效用函数,纳入了更广泛的真实世界参数,如信任分值、风险、脆弱性、破坏严重性、虚拟机价值、攻击者可用的手段、机会和访问,以及攻击检测和执行的成功率。我们提出了资源感知静态入侵检测贝叶斯博弈(S-IDBG),并将其扩展为动态多阶段 IDBG(D-IDBG),使系统能够动态适应攻击模式和系统漏洞的变化。信念更新模型在根据观察到的行为和结果不断完善系统策略方面起着关键作用,可针对不断演变的威胁进行精确调整。我们的实验结果表明,与现有模型相比,我们的方法有了显著的改进,在与基于信任的最大值博弈和重复贝叶斯斯塔克尔伯格博弈等最先进模型的比较分析中,我们的方法提高了约 10%的检测率,降低了 20%的误报率,并减少了 10%的误报率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Cloud security in the age of adaptive adversaries: A game theoretic approach to hypervisor-based intrusion detection
Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Systems Architecture
Journal of Systems Architecture 工程技术-计算机:硬件
CiteScore
8.70
自引率
15.60%
发文量
226
审稿时长
46 days
期刊介绍: The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.
期刊最新文献
Non-interactive set intersection for privacy-preserving contact tracing NLTSP: A cost model for tensor program tuning using nested loop trees SAMFL: Secure Aggregation Mechanism for Federated Learning with Byzantine-robustness by functional encryption ZNS-Cleaner: Enhancing lifespan by reducing empty erase in ZNS SSDs Using MAST for modeling and response-time analysis of real-time applications with GPUs
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1