A lot of software systems are deployed in the cloud. Owing to realistic demands for an early product launch, oftentimes there are vulnerabilities that are present in these deployed systems (or eventually found out). The cloud service provider can find and leverage this knowledge about known vulnerabilities and the underlying communication network topology of the system to position network and host-based Intrusion Detection Systems (IDS) that can effectively detect attacks. Unfortunately, deploying IDS on each host and network interface impacts the performance of the overall system. Thus, in this paper, we address the problem of placing a limited number of IDS by using the concept of Moving Target Defense (MTD). In essence, we propose an MTD system that allows a defender to shift the detection surfaces and strategically switch among the different IDS placement configurations in each round. To find a secure switching strategy, we (1) formulate the problem of placing a limited number of IDS systems in a large cloud network as a Stackelberg Game between the cloud administrator and an (external or stealthy) attacker, (2) design scalable methods to find the optimal strategies for switching IDS placements at the start of each round, and (3) formally define the problem of identifying the most critical vulnerability that should be fixed, and propose a solution for it. We compare the strategy generated by our method to other state-of-the-art strategies, showcasing the effectiveness and scalability of our method for real-world scenarios.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings
EditorsLinda Bushnell, Radha Poovendran, Tamer Basar
PublisherSpringer Verlag
Number of pages20
ISBN (Print)9783030015534
StatePublished - 2018
Event9th International Conference on Decision and Game Theory for Security, GameSec 2018 - Seattle, United States
Duration: Oct 29 2018Oct 31 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11199 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other9th International Conference on Decision and Game Theory for Security, GameSec 2018
Country/TerritoryUnited States


  • Intrusion Detection Systems
  • Moving Target Defense
  • Stackelberg games

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Moving target defense for the placement of intrusion detection systems in the cloud'. Together they form a unique fingerprint.

Cite this