An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning

Abstract Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. To implement it in the increasing dynamic and complex cloud, major concerns remain about the establishment of precise adversarial model and the adaptive decoy placement strategy....

Full description

Saved in:
Bibliographic Details
Main Authors: Huanruo Li, Yunfei Guo, Penghao Sun, Yawen Wang, Shumin Huo
Format: Article
Language:English
Published: Wiley 2022-05-01
Series:IET Information Security
Subjects:
Online Access:https://doi.org/10.1049/ise2.12050
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1832559550421532672
author Huanruo Li
Yunfei Guo
Penghao Sun
Yawen Wang
Shumin Huo
author_facet Huanruo Li
Yunfei Guo
Penghao Sun
Yawen Wang
Shumin Huo
author_sort Huanruo Li
collection DOAJ
description Abstract Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. To implement it in the increasing dynamic and complex cloud, major concerns remain about the establishment of precise adversarial model and the adaptive decoy placement strategy. However, existing studies do not fulfil both issues because of (1) the insufficiency on extracting potential threats in virtualisation technique, (2) the inadequate learning on the agility of target environment, and (3) the lack of measurement for placement strategy. In this study, an optimal defensive deception framework is proposed for the container based‐cloud. The System Risk Graph (SRG) is formalised to depict an updatable adversarial model with the automatic orchestration platform. Afterwards, a Deep Reinforcement Learning (DRL) model is trained based on SRG. The well‐trained DRL agent generates optimal placement strategies for the orchestration platform to distribute decoys and deceptive routings. Lastly, the coefficient of deception, C, is defined to evaluate the effectiveness of placement strategy. Simulation results show that the proposed method increases C by 30.22%, and increase the detection ratio on the random walker attacker and persistent attacker by 30.69% and 51.10%, respectively.
format Article
id doaj-art-4454363261e3401b9043ab609f8e2948
institution Kabale University
issn 1751-8709
1751-8717
language English
publishDate 2022-05-01
publisher Wiley
record_format Article
series IET Information Security
spelling doaj-art-4454363261e3401b9043ab609f8e29482025-02-03T01:29:43ZengWileyIET Information Security1751-87091751-87172022-05-0116317819210.1049/ise2.12050An optimal defensive deception framework for the container‐based cloud with deep reinforcement learningHuanruo Li0Yunfei Guo1Penghao Sun2Yawen Wang3Shumin Huo4Department of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaDepartment of Computer Science National Digital Switching System Engineering and Technological Research Center Zhengzhou Henan ChinaAbstract Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. To implement it in the increasing dynamic and complex cloud, major concerns remain about the establishment of precise adversarial model and the adaptive decoy placement strategy. However, existing studies do not fulfil both issues because of (1) the insufficiency on extracting potential threats in virtualisation technique, (2) the inadequate learning on the agility of target environment, and (3) the lack of measurement for placement strategy. In this study, an optimal defensive deception framework is proposed for the container based‐cloud. The System Risk Graph (SRG) is formalised to depict an updatable adversarial model with the automatic orchestration platform. Afterwards, a Deep Reinforcement Learning (DRL) model is trained based on SRG. The well‐trained DRL agent generates optimal placement strategies for the orchestration platform to distribute decoys and deceptive routings. Lastly, the coefficient of deception, C, is defined to evaluate the effectiveness of placement strategy. Simulation results show that the proposed method increases C by 30.22%, and increase the detection ratio on the random walker attacker and persistent attacker by 30.69% and 51.10%, respectively.https://doi.org/10.1049/ise2.12050artificial intelligencecloud securitycomputer network securitycyber deception defencedecoy placement strategydeep reinforcement learning
spellingShingle Huanruo Li
Yunfei Guo
Penghao Sun
Yawen Wang
Shumin Huo
An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning
IET Information Security
artificial intelligence
cloud security
computer network security
cyber deception defence
decoy placement strategy
deep reinforcement learning
title An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning
title_full An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning
title_fullStr An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning
title_full_unstemmed An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning
title_short An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning
title_sort optimal defensive deception framework for the container based cloud with deep reinforcement learning
topic artificial intelligence
cloud security
computer network security
cyber deception defence
decoy placement strategy
deep reinforcement learning
url https://doi.org/10.1049/ise2.12050
work_keys_str_mv AT huanruoli anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT yunfeiguo anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT penghaosun anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT yawenwang anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT shuminhuo anoptimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT huanruoli optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT yunfeiguo optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT penghaosun optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT yawenwang optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning
AT shuminhuo optimaldefensivedeceptionframeworkforthecontainerbasedcloudwithdeepreinforcementlearning