A game Theoretic Approach Based Virtual Machine Migration for Cloud Environment Security. | [International Journal of Communication Networks and Information Security • 2017]

Author(s):

1. ImanEl Mir: Computer, Networks, Mobility and Modeling laboratory, Hassan 1st Univ, Settat, Morocco

2. ElMehdi Kandoussi: Computer, Networks, Mobility and Modeling laboratory, Hassan 1st Univ, Settat, Morocco

3. Mohamed Hanini: Computer, Networks, Mobility and Modeling laboratory, Hassan 1st Univ, Settat, Morocco

4. Abdelkrim Haqiq: Computer, Networks, Mobility and Modeling laboratory, Hassan 1st Univ, Settat, Morocco

5. Dong Seong Kim: Department of Computer Science and Software Engineering, University of Canterbury, New Zealand

Abstract:

In cloud computing environment, static configurations can provide for the attackers an environment too easy for exploitation and discovering the network vulnerabilities in order to compromise the network and launching intrusions; while dynamic reconfiguration seeks to develop a virtual machine (VM) migration over the cloud by applying unpredictability of network configuration's change, and thus improving the system security. In this work a novel approach that performs proactive and reactive measures to ensure a high availability and to minimize the attack surface using VM migration is proposed. This interaction between attack and defense systems was formulated as game model. As result, we have calculated the Nash equilibrium and the utilities for the both attacker and defender, evaluate the parameters which can maximize the defender's utility when the VM migration was planned and identify the potential attack paths. Therefore, the effectiveness of the game model was validated by some numerical results that determine optimal migration strategies in order to ensure the security of the system.

Page(s): 345-357

DOI: DOI not available

Published: Journal: International Journal of Communication Networks and Information Security, Volume: 9, Issue: 3, Year: 2017

Keywords:

Keywords are not available for this article.

References:

[1] J.C.Acosta,E.Padilla,MD, 2016.Augmenting attack graphs to represent data link and network layer vulnerabilities”,Military Communications Conference, MILCOM IEEE. Baltimore 1010 -1015

[2] A.O.Adetunmbi,S.O.Falaki,O.S.Adewale,B.K.Alese, 2008.Network intrusion detection based on rough set and knearest neighbor”,International Journal of Computing and ICT Research 2 60 -66

[3] A.O.Adetunmbi,B.K.Alese,O.Ogundele,S.O.Falaki, 2007.A data mining approach to network intrusion detection”,Journal of Computer Science & Its Application 1 24 -37

[4] T.Alpcan, 2010.Network security: A decision and gametheoretic approach”, -

[5] M.Aslam,C.Gehrmann, 2012.Security and trust preserving vm migrations in public clouds”,IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications 869 -876

[6] S.Beckery,J.Seibert,D.Zage,C.Nita-Rotaru,R.Statey, 2011.Applying game theory to analyze attacks and defenses in virtual coordinate systems”,Hong Kong, China 133 -144

[7] Y.L.Chen,Y.C.Yang,W.T.Lee, 2014.The study of using game theory for live migration prediction over cloud computing”, Springer, Intelligent Data analysis,its Applications 2 417 -425

[8] C.Clark,K.Fraser,S.Hand,J.G.Hansen,E.Jul,C.Limpach,I. Pratt,A, 2005.Live migration of virtual machines”,The 2nd Conference on Symposium on Networked Systems Design & Implementation 2 273 -286

[9] F.Cuppens,A, 2002.Alert correlation in a cooperative intrusion detection framework”, IEE symposium Security and privacy, 202 -215

[10] S.Debroy,P.Calyam,M.Nguyen,A.Stage,V.Georgiev, 2016.Frequency-minimal moving target defense using softwaredefined networking”,International Conference IEEE Computing, Networking and Communications (ICNC) 1 -6

[11] R.Divyambika,A, 2015.Protection of virtual machines during live migration in cloud environment”,Indian Journal of Science and Technology 8 333 -339

[12] S.El Kafhali, 2017.Stochastic modelling and analysis of cloud computing data center”,20th ICIN Conference Innovations in Clouds, Internet and Networks 122 -126

[13] I. ElMir,A.Chowdhary,D.Huang,S.Pisharody,D.S.Kim,A, 2016.Software defined stochastic model for moving target defense”,Third International Afro-European Conference for Industrial Advancement (AECIA16 188 -197

[14] I. ElMir,A.Haqiq,D.S.Kim, 2016.Performance analysis and security based on intrusion detection and prevention systems in cloud data centers,Springer International Conference on Hybrid Intelligent Systems 456 -465

[15] I. ElMir,D.S.Kim,A, 2015.Security modeling and analysis of a self-cleansing intrusion tolerance technique”,11th International Conference Information Assurance and Security (IAS) 111 -117

[16] I. ElMir,D.S.Kim,A, 2015.Security modeling and analysis of an intrusion tolerant cloud data center”,Third World Conference Complex Systems (WCCS) 1 -6

[17] I. ElMir,D.S.Kim,A, 2016.Cloud computing security modeling and analysis based on a self-cleansing intrusion tolerance technique”,Journal of Information Assurance & Security 5 -

[18] H.Holm,MD, 2016.,Military Communications Conference MILCOM, Baltimore 976 -981

[19] S.Jajodia,A.K.Ghosh,V.Swarup,C.Wang,X.S.Wang, 2011.Moving target defense: creating asymmetric uncertainty for cyber threats,Springer Science & Business Media 54 -

[20] S.Jajodia,S.Noel, 2005.Topological analysis of network attack vulnerability, 247 -266

[21] P.Johnson,M.Ekstedt, 2016.Reliability and Security (ARES), Salzburg, 278 -283

[22] C.A.Kamhoua,L.Kwiat,K.A.Kwiat,J.S.Park,M.Zhao,M.Rodriguez,AK, 2014.Game theoretic modeling of security and interdependency in a public cloud”,7th International Conference Cloud Computing (CLOUD) 514 -521

[23] R.Kavitha, 2017.Advanced Random Time Queue Blocking with Traffic Prediction for Defense of Low-rate DoS Attacks against Application Servers”,International Journal of Communication Networks and Information Security (IJCNIS) 9 95 -104

[24] L.Kwiat,C.A.Kamhoua,K.A.Kwiat,J.Tang, 2015.Security-aware virtual machine allocation in the cloud: A game theoretic approach”,8th International Conference Cloud Computing (CLOUD) 556 -563

[25] H.H.Nguyen,K.Palani,D.M.Nicol,MD, 2017.An approach to incorporating uncertainty in network security analysis”,The Hot Topics in Science of Security: Symposium and Bootcamp 74 -84

[26] X.Ou,S.Govindavajhala,A.W.Appel,MD, 2005.Mulval: A logicbased network security analyzer”, USENIX security symposium, 8 -

[27] S.B.Rathod,V.K.Reddy, 2014.Secure live vm migration in cloud computing: A survey”,International Journal of Computer Applications 2 -

[28] K.Sallhammar,S.J.Knapskog,B.E.Helvik, 2005.Using stochastic game theory to compute the expected behavior of attackers”, The 2005 Symposium on Applications and the Internet Workshops, 102 -105

[29] N.H.M.Saudi, 2017.Revealing the Feature Influence in HTTP Botnet Detection”,International Journal of Communication Networks and Information Security (IJCNIS) 9 274 -281

[30] A.Sen, 2016.Risk assessment in a sensor cloud framework using attack graphs”,No. 99 1 -1

[31] T.Sommestad,M.Ekstedt, 2013.The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures”,IEEE Systems Journal 7 363 -373

[32] D.Sun,J.Zhang,T.Wang,C.Liu,W, 2016.Splm: security protection of live virtual machine migration in cloud computing”,The 4th ACM International Workshop on Security in Cloud Computing, Xi'an, China 2 -9

[33] S.C.Sundaramurthy,L.Zomlot,X.Ou, 2011.Practical ids alert correlation in the face of dynamic threats”, International Conference on Security and Management (SAM11), LasVegas, -

[34] R.Trost, 2009.Practical intrusion analysis: prevention and detection for the twenty-first century”,Pearson Education -

[35] O.A.Wahab,J.Bentahar,H.Otrok,A, 2016.How to distribute the detection load among virtual machines to maximize the detection of distributed attacks in the cloud? “,IEEE International Conference Services Computing (SCC) 316 -323

[36] Q.Wu,S.Shiva,S.Roy, 2010.On modeling and simulation of game theory based defense mechanisms against dos and ddos attacks”, The spring simulation multiconference, 159 -

[37] R.Yadav,R.N.Verma,A.K.Solanki, 2016.An improved model for analysis of host network vulnerability”,International Journal of Computer Applications 13 12 -16

[38] F.Zhang,Y.Huang,H.Wang,H.Chen,B.Zang, 2008.Palm: security preserving vm live migration for systems with vmmenforced protection”, The Third Asia-Pacific Trusted Infrastructure Technologies Conference, 9 -18

[39] R.Zhuang,S.Zhang,A.Bardas,S.A.DeLoach,X.Ou,A,December2017, December 2017.Investigating the application of moving target defenses to network security”,6th International Symposium Resilient Control Systems (ISRCS) 9 162 -169

Citations

Downloads

Views