Moving target defense for the placement of intrusion detection systems in the cloud

Sailik Sengupta; Ankur Chowdhary; Dijiang Huang; Subbarao Kambhampati

doi:10.1007/978-3-030-01554-1_19

Moving target defense for the placement of intrusion detection systems in the cloud

Sailik Sengupta, Ankur Chowdhary, Dijiang Huang, Subbarao Kambhampati

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

19 Scopus citations

Abstract

A lot of software systems are deployed in the cloud. Owing to realistic demands for an early product launch, oftentimes there are vulnerabilities that are present in these deployed systems (or eventually found out). The cloud service provider can find and leverage this knowledge about known vulnerabilities and the underlying communication network topology of the system to position network and host-based Intrusion Detection Systems (IDS) that can effectively detect attacks. Unfortunately, deploying IDS on each host and network interface impacts the performance of the overall system. Thus, in this paper, we address the problem of placing a limited number of IDS by using the concept of Moving Target Defense (MTD). In essence, we propose an MTD system that allows a defender to shift the detection surfaces and strategically switch among the different IDS placement configurations in each round. To find a secure switching strategy, we (1) formulate the problem of placing a limited number of IDS systems in a large cloud network as a Stackelberg Game between the cloud administrator and an (external or stealthy) attacker, (2) design scalable methods to find the optimal strategies for switching IDS placements at the start of each round, and (3) formally define the problem of identifying the most critical vulnerability that should be fixed, and propose a solution for it. We compare the strategy generated by our method to other state-of-the-art strategies, showcasing the effectiveness and scalability of our method for real-world scenarios.

Original language	English (US)
Title of host publication	Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings
Editors	Linda Bushnell, Radha Poovendran, Tamer Basar
Publisher	Springer Verlag
Pages	326-345
Number of pages	20
ISBN (Print)	9783030015534
DOIs	https://doi.org/10.1007/978-3-030-01554-1_19
State	Published - 2018
Event	9th International Conference on Decision and Game Theory for Security, GameSec 2018 - Seattle, United States Duration: Oct 29 2018 → Oct 31 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11199 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	9th International Conference on Decision and Game Theory for Security, GameSec 2018
Country/Territory	United States
City	Seattle
Period	10/29/18 → 10/31/18

Keywords

Intrusion Detection Systems
Moving Target Defense
Stackelberg games

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-01554-1_19

Cite this

Sengupta, S., Chowdhary, A., Huang, D., & Kambhampati, S. (2018). Moving target defense for the placement of intrusion detection systems in the cloud. In L. Bushnell, R. Poovendran, & T. Basar (Eds.), Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings (pp. 326-345). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11199 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-01554-1_19

Moving target defense for the placement of intrusion detection systems in the cloud. / Sengupta, Sailik; Chowdhary, Ankur; Huang, Dijiang et al.

Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. ed. / Linda Bushnell; Radha Poovendran; Tamer Basar. Springer Verlag, 2018. p. 326-345 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11199 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sengupta, S, Chowdhary, A, Huang, D & Kambhampati, S 2018, Moving target defense for the placement of intrusion detection systems in the cloud. in L Bushnell, R Poovendran & T Basar (eds), Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11199 LNCS, Springer Verlag, pp. 326-345, 9th International Conference on Decision and Game Theory for Security, GameSec 2018, Seattle, United States, 10/29/18. https://doi.org/10.1007/978-3-030-01554-1_19

Sengupta S, Chowdhary A, Huang D, Kambhampati S. Moving target defense for the placement of intrusion detection systems in the cloud. In Bushnell L, Poovendran R, Basar T, editors, Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. Springer Verlag. 2018. p. 326-345. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-01554-1_19

Sengupta, Sailik ; Chowdhary, Ankur ; Huang, Dijiang et al. / Moving target defense for the placement of intrusion detection systems in the cloud. Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. editor / Linda Bushnell ; Radha Poovendran ; Tamer Basar. Springer Verlag, 2018. pp. 326-345 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d5e271bd331943c09cf056c2ff11b4a0,

title = "Moving target defense for the placement of intrusion detection systems in the cloud",

abstract = "A lot of software systems are deployed in the cloud. Owing to realistic demands for an early product launch, oftentimes there are vulnerabilities that are present in these deployed systems (or eventually found out). The cloud service provider can find and leverage this knowledge about known vulnerabilities and the underlying communication network topology of the system to position network and host-based Intrusion Detection Systems (IDS) that can effectively detect attacks. Unfortunately, deploying IDS on each host and network interface impacts the performance of the overall system. Thus, in this paper, we address the problem of placing a limited number of IDS by using the concept of Moving Target Defense (MTD). In essence, we propose an MTD system that allows a defender to shift the detection surfaces and strategically switch among the different IDS placement configurations in each round. To find a secure switching strategy, we (1) formulate the problem of placing a limited number of IDS systems in a large cloud network as a Stackelberg Game between the cloud administrator and an (external or stealthy) attacker, (2) design scalable methods to find the optimal strategies for switching IDS placements at the start of each round, and (3) formally define the problem of identifying the most critical vulnerability that should be fixed, and propose a solution for it. We compare the strategy generated by our method to other state-of-the-art strategies, showcasing the effectiveness and scalability of our method for real-world scenarios.",

keywords = "Intrusion Detection Systems, Moving Target Defense, Stackelberg games",

author = "Sailik Sengupta and Ankur Chowdhary and Dijiang Huang and Subbarao Kambhampati",

note = "Funding Information: Acknowledgements. This research is supported in part by the AFOSR grant FA9550-18-1-0067, ONR grants N00014-16-1-2892, N00014-18-1-2442, N00014-18-12840, the NASA grant NNX17AD06G, the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375. The first author is also supported in part by the IBM Ph.D. Fellowship 2018-19. Publisher Copyright: {\textcopyright} 2018, Springer Nature Switzerland AG.; 9th International Conference on Decision and Game Theory for Security, GameSec 2018 ; Conference date: 29-10-2018 Through 31-10-2018",

year = "2018",

doi = "10.1007/978-3-030-01554-1_19",

language = "English (US)",

isbn = "9783030015534",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "326--345",

editor = "Linda Bushnell and Radha Poovendran and Tamer Basar",

booktitle = "Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings",

}

TY - GEN

T1 - Moving target defense for the placement of intrusion detection systems in the cloud

AU - Sengupta, Sailik

AU - Chowdhary, Ankur

AU - Huang, Dijiang

AU - Kambhampati, Subbarao

N1 - Funding Information: Acknowledgements. This research is supported in part by the AFOSR grant FA9550-18-1-0067, ONR grants N00014-16-1-2892, N00014-18-1-2442, N00014-18-12840, the NASA grant NNX17AD06G, the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375. The first author is also supported in part by the IBM Ph.D. Fellowship 2018-19. Publisher Copyright: © 2018, Springer Nature Switzerland AG.

PY - 2018

Y1 - 2018

N2 - A lot of software systems are deployed in the cloud. Owing to realistic demands for an early product launch, oftentimes there are vulnerabilities that are present in these deployed systems (or eventually found out). The cloud service provider can find and leverage this knowledge about known vulnerabilities and the underlying communication network topology of the system to position network and host-based Intrusion Detection Systems (IDS) that can effectively detect attacks. Unfortunately, deploying IDS on each host and network interface impacts the performance of the overall system. Thus, in this paper, we address the problem of placing a limited number of IDS by using the concept of Moving Target Defense (MTD). In essence, we propose an MTD system that allows a defender to shift the detection surfaces and strategically switch among the different IDS placement configurations in each round. To find a secure switching strategy, we (1) formulate the problem of placing a limited number of IDS systems in a large cloud network as a Stackelberg Game between the cloud administrator and an (external or stealthy) attacker, (2) design scalable methods to find the optimal strategies for switching IDS placements at the start of each round, and (3) formally define the problem of identifying the most critical vulnerability that should be fixed, and propose a solution for it. We compare the strategy generated by our method to other state-of-the-art strategies, showcasing the effectiveness and scalability of our method for real-world scenarios.

AB - A lot of software systems are deployed in the cloud. Owing to realistic demands for an early product launch, oftentimes there are vulnerabilities that are present in these deployed systems (or eventually found out). The cloud service provider can find and leverage this knowledge about known vulnerabilities and the underlying communication network topology of the system to position network and host-based Intrusion Detection Systems (IDS) that can effectively detect attacks. Unfortunately, deploying IDS on each host and network interface impacts the performance of the overall system. Thus, in this paper, we address the problem of placing a limited number of IDS by using the concept of Moving Target Defense (MTD). In essence, we propose an MTD system that allows a defender to shift the detection surfaces and strategically switch among the different IDS placement configurations in each round. To find a secure switching strategy, we (1) formulate the problem of placing a limited number of IDS systems in a large cloud network as a Stackelberg Game between the cloud administrator and an (external or stealthy) attacker, (2) design scalable methods to find the optimal strategies for switching IDS placements at the start of each round, and (3) formally define the problem of identifying the most critical vulnerability that should be fixed, and propose a solution for it. We compare the strategy generated by our method to other state-of-the-art strategies, showcasing the effectiveness and scalability of our method for real-world scenarios.

KW - Intrusion Detection Systems

KW - Moving Target Defense

KW - Stackelberg games

UR - http://www.scopus.com/inward/record.url?scp=85055871552&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055871552&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-01554-1_19

DO - 10.1007/978-3-030-01554-1_19

M3 - Conference contribution

AN - SCOPUS:85055871552

SN - 9783030015534

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 326

EP - 345

BT - Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings

A2 - Bushnell, Linda

A2 - Poovendran, Radha

A2 - Basar, Tamer

PB - Springer Verlag

T2 - 9th International Conference on Decision and Game Theory for Security, GameSec 2018

Y2 - 29 October 2018 through 31 October 2018

ER -

Moving target defense for the placement of intrusion detection systems in the cloud

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this