Research On Co-Resident Attack Detection And Defense Strategy Based On Signaling Game

Based on the idea of pooling,cloud computing abstracts hardware resources such as CPU,disk,and network into resource pools that can be managed centrally and dynamically,and realizes resource integration through virtualization technology,thereby providing services to users on demand.However,the shared nature of cloud computing causes it to face many security threats different from traditional computer systems,among which co-resident attackers greatly endanger the confidentiality and availability of cloud systems by building cross-VM side channels.At present,detection technologies based on virtual machine introspection and event correlation have been used to detect co-resident attacks.Such methods need to consume a lot of computing resources and most of the existing solutions ignore the limitation of security resources and the important role of information structure design in active defense.Furthermore,the signaling game has been used to guide cloud systems to defend against co-resident attacks,existing models usually do not consider the possibility of deception by intelligent attackers with unknown types and intentions.Because of the above deficiencies,this paper gives corresponding solutions from the two dimensions of detection and defense.The main work is as follows:(1)A co-resident attack detection strategy based on a two-stage signaling game is proposed.This strategy introduces signals as a supplementary security measure under the condition of limited security resources and improves the detection effect by designing an optimal information structure.Specifically,the cloud system distributes the limited detection load in the first stage of the game,and in the second stage of the game,manipulates the attacker’s behavior by designing a signal scheme to improve the defense effect.Furthermore,this paper analyzes the game equilibrium of the model in detail and proposes an algorithm for accurately solving the optimal detection strategy.Finally,experiments are conducted based on Cloud Sim,an open-source cloud environment simulator.The results show that compared with the fair allocation model and the one-stage Stackelberg game model,the two-stage signaling game model proposed in this paper has significant advantages in reducing the attack probability of the attacker and improving the success rate of detection.(2)A defense strategy for co-resident attacks based on a repeated signaling game is proposed,which prevents malicious VMs from co-resident with their targets by migrating VMs in real-time.First,considering that intelligent attackers may intentionally hide or disguise their actions to deceive the cloud system,a one-shot signaling game model is proposed to model an interaction between the attacker and the cloud system.Then,the perfect Bayesian equilibrium of this model is systematically analyzed using methods such as the indifference principle and iterative elimination of dominated strategies.Then,considering the existence of long-term interactions between attackers and defenders,the one-shot signaling game model is extended to a repeated signaling game model,the equilibrium analysis is given and the convergence of beliefs is proved based on the fixed-point iteration.Finally,simulation experiments are conducted under various conditions.The results show that the defense strategy solved by the model can reduce the probability of a successful spoofing attack to about 4%,and make the cloud system a long-term upper hand in the face of attackers whose types and intentions are unknown.