Markov Game Modeling of Moving Target Defense for Strategic Detection of Threats in Cloud Networks

TL;DR

This paper introduces a Markov game approach for optimizing moving target defense strategies in cloud networks, balancing security and performance by leveraging attack graph knowledge and CVSS scores.

Contribution

It formulates a zero-sum Markov game for cloud security, providing a novel method to compute optimal detection strategies considering attack graph information.

Findings

The Markov game approach outperforms existing techniques in security effectiveness.

Optimal strategies derived from the game balance security and performance impacts.

Method demonstrated on a real-world cloud system.

Abstract

The processing and storage of critical data in large-scale cloud networks necessitate the need for scalable security solutions. It has been shown that deploying all possible security measures incurs a cost on performance by using up valuable computing and networking resources which are the primary selling points for cloud service providers. Thus, there has been a recent interest in developing Moving Target Defense (MTD) mechanisms that helps one optimize the joint objective of maximizing security while ensuring that the impact on performance is minimized. Often, these techniques model the problem of multi-stage attacks by stealthy adversaries as a single-step attack detection game using graph connectivity measures as a heuristic to measure performance, thereby (1) losing out on valuable information that is inherently present in graph-theoretic models designed for large cloud networks, and (2) coming up with certain strategies that have asymmetric impacts on performance. In this work, we leverage knowledge in attack graphs of a cloud network in formulating a zero-sum Markov Game and use the Common Vulnerability Scoring System (CVSS) to come up with meaningful utility values for this game. Then, we show that the optimal strategy of placing detecting mechanisms against an adversary is equivalent to computing the mixed Min-max Equilibrium of the Markov Game. We compare the gains obtained by using our method to other techniques presently used in cloud network security, thereby showing its effectiveness. Finally, we highlight how the method was used for a small real-world cloud system.