An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning
Abstract Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. To implement it in the increasing dynamic and complex cloud, major concerns remain about the establishment of precise adversarial model and the adaptive decoy placement strategy....
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2022-05-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12050 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832559550421532672 |
|---|---|
| author | Huanruo Li Yunfei Guo Penghao Sun Yawen Wang Shumin Huo |
| author_facet | Huanruo Li Yunfei Guo Penghao Sun Yawen Wang Shumin Huo |
| author_sort | Huanruo Li |
| collection | DOAJ |
| description | Abstract Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. To implement it in the increasing dynamic and complex cloud, major concerns remain about the establishment of precise adversarial model and the adaptive decoy placement strategy. However, existing studies do not fulfil both issues because of (1) the insufficiency on extracting potential threats in virtualisation technique, (2) the inadequate learning on the agility of target environment, and (3) the lack of measurement for placement strategy. In this study, an optimal defensive deception framework is proposed for the container based‐cloud. The System Risk Graph (SRG) is formalised to depict an updatable adversarial model with the automatic orchestration platform. Afterwards, a Deep Reinforcement Learning (DRL) model is trained based on SRG. The well‐trained DRL agent generates optimal placement strategies for the orchestration platform to distribute decoys and deceptive routings. Lastly, the coefficient of deception, C, is defined to evaluate the effectiveness of placement strategy. Simulation results show that the proposed method increases C by 30.22%, and increase the detection ratio on the random walker attacker and persistent attacker by 30.69% and 51.10%, respectively. |
| format | Article |
| id | doaj-art-4454363261e3401b9043ab609f8e2948 |
| institution | Kabale University |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2022-05-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-4454363261e3401b9043ab609f8e29482025-02-03T01:29:43ZengWileyIET Information Security1751-87091751-87172022-05-0116317819210.1049/ise2.12050An optimal defensive deception framework for the container‐based cloud with deep reinforcement learningHuanruo Li0Yunfei Guo1Penghao Sun2Yawen Wang3Shumin Huo4Department of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaAbstract Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. To implement it in the increasing dynamic and complex cloud, major concerns remain about the establishment of precise adversarial model and the adaptive decoy placement strategy. However, existing studies do not fulfil both issues because of (1) the insufficiency on extracting potential threats in virtualisation technique, (2) the inadequate learning on the agility of target environment, and (3) the lack of measurement for placement strategy. In this study, an optimal defensive deception framework is proposed for the container based‐cloud. The System Risk Graph (SRG) is formalised to depict an updatable adversarial model with the automatic orchestration platform. Afterwards, a Deep Reinforcement Learning (DRL) model is trained based on SRG. The well‐trained DRL agent generates optimal placement strategies for the orchestration platform to distribute decoys and deceptive routings. Lastly, the coefficient of deception, C, is defined to evaluate the effectiveness of placement strategy. Simulation results show that the proposed method increases C by 30.22%, and increase the detection ratio on the random walker attacker and persistent attacker by 30.69% and 51.10%, respectively.https://doi.org/10.1049/ise2.12050artificial intelligencecloud securitycomputer network securitycyber deception defencedecoy placement strategydeep reinforcement learning |
| spellingShingle | Huanruo Li Yunfei Guo Penghao Sun Yawen Wang Shumin Huo An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning IET Information Security artificial intelligence cloud security computer network security cyber deception defence decoy placement strategy deep reinforcement learning |
| title | An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning |
| title_full | An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning |
| title_fullStr | An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning |
| title_full_unstemmed | An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning |
| title_short | An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning |
| title_sort | optimal defensive deception framework for the container based cloud with deep reinforcement learning |
| topic | artificial intelligence cloud security computer network security cyber deception defence decoy placement strategy deep reinforcement learning |
| url | https://doi.org/10.1049/ise2.12050 |
| work_keys_str_mv | AT huanruoli anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT yunfeiguo anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT penghaosun anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT yawenwang anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT shuminhuo anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT huanruoli optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT yunfeiguo optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT penghaosun optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT yawenwang optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning AT shuminhuo optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning |