research-article

An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning

Authors:

Shumin HuoAuthors Info & Claims

IET Information Security, Volume 16, Issue 3

Pages 178 - 192

https://doi.org/10.1049/ise2.12050

Published: 27 November 2021 Publication History

Abstract

Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. To implement it in the increasing dynamic and complex cloud, major concerns remain about the establishment of precise adversarial model and the adaptive decoy placement strategy. However, existing studies do not fulfil both issues because of (1) the insufficiency on extracting potential threats in virtualisation technique, (2) the inadequate learning on the agility of target environment, and (3) the lack of measurement for placement strategy. In this study, an optimal defensive deception framework is proposed for the container based‐cloud. The System Risk Graph (SRG) is formalised to depict an updatable adversarial model with the automatic orchestration platform. Afterwards, a Deep Reinforcement Learning (DRL) model is trained based on SRG. The well‐trained DRL agent generates optimal placement strategies for the orchestration platform to distribute decoys and deceptive routings. Lastly, the coefficient of deception, C, is defined to evaluate the effectiveness of placement strategy. Simulation results show that the proposed method increases C by 30.22%, and increase the detection ratio on the random walker attacker and persistent attacker by 30.69% and 51.10%, respectively.

References

[1]

Jamshidi, P., et al.: Microservices: the journey so far and challenges ahead. IEEE Softw. 35(3), 24–35 (2018)

[2]

Sultan, S., Ahmad, I., Dimitriou, T.: Container security: issues, challenges, and the road ahead. IEEE Access. 7, 52976–52996 (2019)

[3]

Nehme, A., et al.: Securing microservices. IT Prof. 21, 42–49 (2019)

[4]

Yarygina, T., Bagge, A.H.: Overcoming security challenges in microservice architectures. In: 2018 IEEE Symposium on Service‐Oriented System Engineering (SOSE), pp. 11–20. IEEE (2018)

[5]

Indrasiri, K., Siriwardena, P.: Microservices for the Enterprise. Apress, Berkeley (2018)

[6]

Osman, A., et al.: Sandnet: towards high quality of deception in container‐based microservice architectures. In: ICC 2019 – 2019 IEEE International Conference on Communications (ICC), vol. 2019‐May, pp. 1–7. IEEE (2019)

[7]

Duan, Q., et al.: CONCEAL: a strategy composition for resilient cyber deception‐framework, metrics and deployment. In: 2018 IEEE Conference on Communications and Network Security (CNS), pp. 1–9. IEEE (2018)

[8]

Lu, Z., Wang, C., Zhao, S.: Cyber Deception for Computer and Network Security: Survey and Challenges, pp. 1–7. arXiv preprint arXiv:2007.14497 (2020)

[9]

Almohri, H.M.J., Watson, L.T., Evans, D.: Misery digraphs: delaying intrusion attacks in obscure clouds. IEEE Trans. Inf. Forensics Secur. 13, 1361–1375 (2018)

[10]

Wang, C., Lu, Z.: Cyber deception: overview and the road ahead. IEEE Secur. Priv. 16, 80–85 (2018)

[11]

Jin, H., et al.: DSEOM: a framework for dynamic security evaluation and optimization of MTD in container‐based cloud. IEEE Trans. Dependable Secure Comput. PP(c), 1 (2019)

[12]

Han, X., Kheir, N., Balzarotti, D.: Deception techniques in computer security. ACM Comput. Surv. 51, 1–36 (2018)

[13]

Durkota, K., et al.: Optimal network security hardening using attack graph games. In: IJCAI International Joint Conference on Artificial Intelligence, vol. 2015‐Janua, pp. 526–532. (2015)

[14]

Hong, J., Kim, D.S.: HARMs: Hierarchical attack representation models for network security analysis. In: Proceedings of the 10th Australian Information Security Management Conference, Novotel Langley Hotel, Perth, pp. 74–81. 3–5 December 2012. https://ro.ecu.edu.au/ism/146

[15]

Horák, K., et al.: Optimizing honeypot strategies against dynamic lateral movement using partially observable stochastic games. Comput. Secur. 87, 101579 (2019)

[16]

Pawlick, J., Colbert, E., Zhu, Q.: Modeling and analysis of leaky deception using signaling games with evidence. IEEE Trans. Inf. Forensics Secur. 14, 1871–1886 (2019)

[17]

Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: International Conference on Autonomous Agents and Multiagent Systems (2018)

[18]

Gavrilis, D., Chatzis, I., Dermatas, E.: Flash crowd detection using decoy hyperlinks. In: 2007 IEEE International Conference on Networking, Sensing and Control, May, pp. 466–470. IEEE (2007)

[19]

Bojinov, H., et al.: Kamouflage: Loss‐Resistant Password Management. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds). Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol. 6345. Springer, Berlin (2010). https://doi.org/10.1007/978-3-642-15497-3_18

[20]

Kontaxis, G., Polychronakis, M., Keromytis, A.D.: Computational decoys for cloud security. In: Secure Cloud Computing, pp. 261–270. Springer New York, New York (2014)

[21]

Whitham, B.: Automating the generation of enticing text content for high‐interaction honeyfiles. In: Proceedings of the 50th Hawaii International Conference on System Sciences, pp. 6069–6078. (2017)

[22]

Soltesz, S., et al.: Container‐based operating system virtualization. ACM SIGOPS Oper. Syst. Rev. 41, 275–287 (2007)

[23]

Heorhiadi, V., et al.: Gremlin: systematic resilience testing of microservices. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 57–66. IEEE (2016)

[24]

Modi, C., et al.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36, 42–57 (2013)

[25]

Cohen, F.: A note on the role of deception in information protection. Comput. Secur. 17, 483–506 (1998)

[26]

Spitzner, L.: The Honeynet project: trapping the hackers. IEEE Secur. Priv. 1, 15–23 (2003)

[27]

Keromytis, A.D., et al.: The MEERKATS cloud security architecture. In: 2012 32nd International Conference on Distributed Computing Systems Workshops, pp. 446–450. IEEE (2012)

[28]

Brzeczko, A., et al.: Active deception model for securing cloud infrastructure. In: 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 535–540. IEEE (2014)

[29]

Pham, L.H., et al.: A quantitative framework to model reconnaissance by stealthy attackers and support deception‐based defenses. In: 2020 IEEE Conference on Communications and Network Security (CNS), no. i, pp. 1–9. IEEE (2020)

[30]

Kahlhofer, M., Hölzl, M., Berger, A.: Towards reconstructing multi‐step cyber attacks in modern cloud environments with tripwires. In: Proceedings of the European Interdisciplinary Cybersecurity Conference, pp. 1–2. ACM (2020)

[31]

Pawlick, J., Colbert, E., Zhu, Q.: A game‐theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. ACM Comput. Surv. 52, 1–28 (2019)

[32]

Ferguson‐Walter, K., et al.: Game theory for adaptive defensive cyber deception. In: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security – HotSoS 19, no. April, New York, pp. 1–8. ACM Press (2019)

[33]

Ayoade, G., et al.: Automating cyberdeception evaluation with deep learning. In: HICSS, Vol. 3, pp. 1–10. (2020)

[34]

Sethi, K., et al.: Deep reinforcement learning based intrusion detection system for cloud infrastructure. In: 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS), pp. 1–6. (2020). https://doi.org/10.1109/COMSNETS48256.2020.9027452

[35]

Coppolino, L., et al.: Cloud security: emerging threats and current solutions. Comput. Electr. Eng. 59, 126–140 (2017)

[36]

Alshamrani, A., et al.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutorials. 21(2), 1851–1877 (2019)

[37]

FIRST . Common Vulnerability Scoring System Version 3.1 User Guide Revision 1, pp. 1–24. https://www.first.org/cvss/v3–1/ (2019)

[38]

Mnih, V., et al.: Human‐level control through deep reinforcement learning. Nature 518(7540), 529–533 (2015)

[39]

Schulman, J., et al.: Proximal policy optimization algorithms. arXiv, 1–12 (2017)

[40]

Mnih, V., et al.: Asynchronous methods for deep reinforcement learning. In: Balcan, M.F., Weinberger, K.Q. (eds.) Proceedings of the 33rd International Conference on Machine Learning, vol. 48, New York, 20–22 Jun 2016, pp. 1928–1937. PMLR (2016)

[41]

Schulman, J., et al.: Trust region policy optimization. In: Bach, F., Blei, D. (eds.) Proceedings of the 32nd International Conference on Machine Learning, vol. 37, Lille, France, 07–09 Jul 2015, pp. 1889–1897. PMLR (2015)

[42]

Duan, Y., et al.: Benchmarking deep reinforcement learning for continuous control. In: Balcan, M.F., Weinberger, K.Q. (eds.) Proceedings of the 33rd International Conference on Machine Learning, vol. 48, New York, 20–22 Jun 2016, pp. 1329–1338. PMLR (2016)

[43]

Gutierrez, M., Kiekintveld, C.: Online learning methods for controlling dynamic cyber deception strategies. In: Jajodia, S., Cybenko, G., Subrahmanian, V., Swarup, V., Wang, C., Wellman, M. (eds.) Adaptive Autonomous Secure Cyber Systems. pp. 231–251. Springer International Publishing, Cham (2020)

[44]

Chakraborty, T., et al.: A fake online repository generation engine for cyber deception. IEEE Trans. Dependable Secure Comput. 18, 518–533 (2021)

[45]

Malialis, K., Kudenko, D.: Distributed response to network intrusions using multiagent reinforcement learning. Eng. Appl. Artif. Intell. 41, 270–284 (2015)

[46]

Zhang, J., et al.: CFR‐RL: traffic engineering with reinforcement learning in SDN. IEEE J. Sel. Areas Commun. 38, 2249–2259 (2020)

[47]

Ye, M., et al.: DATE: disturbance‐aware traffic engineering with reinforcement learning in software‐defined networks. In: 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS), pp. 1–10. (2021). https://10.1109/IWQOS52092.2021.9521343

[48]

Zhang, J., et al.: SmartEntry: mitigating routing update overhead with reinforcement learning for traffic engineering, pp. 1–7. Association for Computing Machinery (2020). https://10.1145/3405671.3405809

[49]

Sun, P., et al.: SmartFCT: improving power‐efficiency for data center networks with deep reinforcement learning. Comput. Netw. 179, 107255 (2020). https://doi.org/10.1016/j.comnet.2020.107255

Cited By

Denisenko NZhang YPulice CBhattasali SJajodia SResnik PSubrahmanian V(2024)A Psycholinguistics-inspired Method to Counter IP Theft Using Fake DocumentsACM Transactions on Management Information Systems10.1145/365131315:2(1-25)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3651313
He WTan JGuo YShang KKong G(2023)Flipit Game Deception Strategy Selection Method Based on Deep Reinforcement LearningInternational Journal of Intelligent Systems10.1155/2023/55604162023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/5560416

Recommendations

A flexible SDN-based framework for slow-rate DDoS attack mitigation by using deep reinforcement learning
Abstract
Distributed Denial-of-Service (DDoS) attacks are difficult to mitigate with existing defense tools. Fortunately, it has been demonstrated that Software-Defined Networking (SDN) with machine learning (ML) and deep learning (DL) ...
Snooping Attacks on Deep Reinforcement Learning
AAMAS '20: Proceedings of the 19th International Conference on Autonomous Agents and MultiAgent Systems

Adversarial attacks have exposed a significant security vulnerability in state-of-the-art machine learning models. Among these models include deep reinforcement learning agents. The existing methods for attacking reinforcement learning agents assume the ...
Malicious Attacks against Deep Reinforcement Learning Interpretations
KDD '20: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining

The past years have witnessed the rapid development of deep reinforcement learning (DRL), which is a combination of deep learning and reinforcement learning (RL). However, the adoption of deep neural networks makes the decision-making process of DRL ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IET Information Security

IET Information Security Volume 16, Issue 3

May 2022

90 pages

EISSN:1751-8717

DOI:10.1049/ise2.v16.3

Issue’s Table of Contents

© 2021 The Authors. IET Information Security published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology.

This is an open access article under the terms of the Creative Commons Attribution‐NonCommercial‐NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non‐commercial and no modifications or adaptations are made.

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 27 November 2021

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Denisenko NZhang YPulice CBhattasali SJajodia SResnik PSubrahmanian V(2024)A Psycholinguistics-inspired Method to Counter IP Theft Using Fake DocumentsACM Transactions on Management Information Systems10.1145/365131315:2(1-25)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3651313
He WTan JGuo YShang KKong G(2023)Flipit Game Deception Strategy Selection Method Based on Deep Reinforcement LearningInternational Journal of Intelligent Systems10.1155/2023/55604162023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/5560416

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents