Stackelberg games for modeling defense scenarios against cloud security threats

Abstract Stackelberg games may reveal to be extremely useful in supporting decisions in attack-defense scenarios. We call such games Security Stackelberg games. They are characterized by two kinds of players: the defender, who defines his strategy in advance, and the attacker, who follows the defender's decisions. Security Stackelberg games may be used to model a typical cloud security scenario, where the provider has to expose its defense strategy and the attackers act by following the provider's actions. In this work we define a model based on Stackelberg games that enables the automatic selection of provider-level security decisions in Cloud Computing environments. Potential Cloud attack scenarios are modeled as nonzero-sum Security Stackelberg games between the attacker and the Cloud provider. This allows the estimation of the strategy that minimizes the reward for the attacker and maximizes the gain of the defender. The model has been experimentally verified to be effective in automatically determining defense strategies from the cloud provider perspective.

[1]  Joanna Kolodziej,et al.  Stackelberg security games: models, applications and computational aspects , 2016 .

[2]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[3]  Steven Tadelis Game theory : an introduction , 2013 .

[4]  Erella Eisenstadt,et al.  Novel Solution Approach for Multi-Objective Attack-Defense Cyber Games With Unknown Utilities of the Opponent , 2017, IEEE Transactions on Emerging Topics in Computational Intelligence.

[5]  Agnieszka Jakóbik,et al.  Using polymatrix extensive Stackelberg games in security – aware resource allocation and task scheduling in computational clouds , 2017 .

[6]  Padam Kumar,et al.  TAXONOMY OF CLOUD SECURITY , 2013 .

[7]  Jing Liu,et al.  A Survey of Game Theoretic Methods for Cyber Security , 2016, 2016 IEEE First International Conference on Data Science in Cyberspace (DSC).

[8]  Ling Shi,et al.  A Game-Theoretic Approach to Fake-Acknowledgment Attack on Cyber-Physical Systems , 2017, IEEE Transactions on Signal and Information Processing over Networks.

[9]  Nicola Basilico,et al.  A Security Game Model for Remote Software Protection , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[10]  Francesco Palmieri,et al.  Non-deterministic security driven meta scheduler for distributed cloud organizations , 2017, Simul. Model. Pract. Theory.

[11]  Jin Li,et al.  Secure attribute-based data sharing for resource-limited users in cloud computing , 2018, Comput. Secur..

[12]  Xinyu Yang,et al.  A Game-Theoretic Model on Coalitional Attacks in Smart Grid , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[13]  Mina Guirguis,et al.  Game theoretic defense approach to wireless networks against stealthy decoy attacks , 2016, 2016 54th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[14]  Walter Ukovich,et al.  Modeling cyber attacks by stochastic games and Timed Petri Nets , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[15]  Jin Li,et al.  A Hybrid Cloud Approach for Secure Authorized Deduplication , 2015, IEEE Transactions on Parallel and Distributed Systems.

[16]  Jin Li,et al.  Privacy-preserving outsourced classification in cloud computing , 2018, Cluster Computing.

[17]  Henri Casanova,et al.  Versatile, scalable, and accurate simulation of distributed applications and platforms , 2014, J. Parallel Distributed Comput..

[18]  Horacio González-Vélez,et al.  Towards Secure Non-Deterministic Meta-Scheduling For Clouds , 2016, ECMS.

[19]  Jing Zhu,et al.  Leveraging Game Theory to Achieve Efficient Attack-Aware Service Provisioning in EONs , 2017, Journal of Lightwave Technology.

[20]  Christos H. Papadimitriou,et al.  Worst-case equilibria , 1999 .