Enhancing cloud security: harnessing bayesian game theory for a dynamic defense mechanism

Enhancing cloud security: harnessing bayesian game theory for a dynamic defense mechanism

Security challenges in complex information technologies continue to grow and diversify. To improve network security, many researchers have explored the game theoretic approach as a hopeful modeling tool. Knowing that the attacker can take advantage of vulnerabilities and explore existing weaknesses...

Full description

Saved in:
Bibliographic Details
Published in:Cluster computing Vol. 27; no. 9; pp. 12509 - 12526
Main Authors: Kandoussi, El Mehdi, Houmairi, Adam, El Mir, Iman, Bellafkih, Mostafa
Format: Journal Article
Language:English
Published: New York Springer US 01-12-2024
Springer Nature B.V
Subjects:
Cloud computing
Computer centers
Computer Communication Networks
Computer Science
Cybersecurity
Data integrity
Deception
Game theory
Modelling
Moving targets
Network security
Operating Systems
Parameter identification
Processor Architectures
Quality of service architectures
Security
Software
Virtual environments
Cloud computing
Bayesian Nash equilibrium
Game theory
Migration
Attack path
Honeypot
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Security challenges in complex information technologies continue to grow and diversify. To improve network security, many researchers have explored the game theoretic approach as a hopeful modeling tool. Knowing that the attacker can take advantage of vulnerabilities and explore existing weaknesses in the network configuration to gain access to the system for a successful attack, our objective is to benefit from virtual machines’ migration as a moving target defense technique and honeypot as a deceiving technique to increase the attack surface’s dynamicity. This paper presents a game-theoretic framework for modeling attack-defense interaction. A model based on incomplete information game and attack graph is developed. Our main findings reveal in which case migration of virtual machines should be established in a architecture where a honeypot is deployed and identify the potential attack paths based on system security parameters. This provides network administrators with the ability to find unsecure nodes, avoid negative externality and more precisely inefficient migrations which impact the quality of service.
ISSN:1386-7857
1573-7543
DOI:10.1007/s10586-024-04604-2