An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning

Li, Huanruo; Guo, Yunfei; Sun, Peng; Wang, Yawen; Huo, Shumin

doi:10.1049/ise2.12050

Cited by 12 publications

(5 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of [19] and [20] design a deep reinforcement learning agents that place fake microservices replicas in order to maximize their capability to lure attacks directed toward legitimate microservices and to conceals assets, respectively. Similarly, [21] proposes a two-phase honeypot allocation algorithm combining game theory and reinforcement learning techniques in order to model and dynamically adapt the honeypot allocation according to the attacker activity.…”

Section: Related Workmentioning

confidence: 99%

Resource-aware Cyber Deception in Cloud-Native Environments

Zambianco¹,

Facchinetti²,

Doriguzzi-Corin³

et al. 2023

Preprint

View full text Add to dashboard Cite

Cyber deception can be a valuable addition to traditional cyber defense mechanisms, especially for modern cloudnative environments with a fading security perimeter. However, pre-built decoys used in classical computer networks are not effective in detecting and mitigating malicious actors due to their inability to blend with the variety of applications in such environments. On the other hand, decoys cloning the deployed microservices of an application can offer a high-fidelity deception mechanism to intercept ongoing attacks within production environments. However, to fully benefit from this approach, it is essential to use a limited amount of decoy resources and devise a suitable cloning strategy to minimize the impact on legitimate services performance. Following this observation, we formulate a non-linear integer optimization problem that maximizes the number of attack paths intercepted by the allocated decoys within a fixed resource budget. Attack paths represent the attacker's movements within the infrastructure as a sequence of violated microservices. We also design a heuristic decoy placement algorithm to approximate the optimal solution and overcome the computational complexity of the proposed formulation. We evaluate the performance of the optimal and heuristic solutions against other schemes that use local vulnerability metrics to select which microservices to clone as decoys. Our results show that the proposed allocation strategy achieves a higher number of intercepted attack paths compared to these schemes while requiring approximately the same number of decoys.

show abstract

Section: Related Workmentioning

confidence: 99%

Resource-aware Cyber Deception in Cloud-Native Environments

Zambianco¹,

Facchinetti²,

Doriguzzi-Corin³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The authors in [47] utilise online learning to update defence models with newly collected attack information, although this is of a 'non-continual' variety, meaning continual learning techniques have not been implemented to address concerns regarding catastrophic interference, thereby failing to meet requirement A.3.1. Leveraging the approximations of DRL, Li et al [71] proposes an optimal defensive deception framework by creating System Risk Graphs (SRG) which model adversary actions. The attack models are then used to train a DRL agent to generate optimal deployment strategies within micro-service architectures.…”

Section: Automated Blue Team Solutionsmentioning

confidence: 99%

Automated Cyber Defence: A Review

Vyas¹,

Hannay²,

Bolton³

et al. 2023

Preprint

View full text Add to dashboard Cite

Within recent times, cybercriminals have curated a variety of organised and resolute cyber attacks within a range of cyber systems, leading to consequential ramifications to private and governmental institutions. Current security-based automation and orchestrations focus on automating fixed purpose and hard-coded solutions, which are easily surpassed by modern-day cyber attacks. Research within Automated Cyber Defence will allow the development and enabling intelligence response by autonomously defending networked systems through sequential decision-making agents. This article comprehensively elaborates the developments within Automated Cyber Defence through a requirement analysis divided into two sub-areas, namely, automated defence and attack agents and Autonomous Cyber Operation (ACO) Gyms. The requirement analysis allows the comparison of automated agents and highlights the importance of ACO Gyms for their continual development. The requirement analysis is also used to critique ACO Gyms with an overall aim to develop them for deploying automated agents within real-world networked systems. Relevant future challenges were addressed from the overall analysis to accelerate development within the area of Automated Cyber Defence.

show abstract

“…Li et al [56] proposed a defensive deception framework for container-based clouds. Their approach generates an adversarial model, decoy placement strategy, and decoy routing tables using a DRL algorithm.…”

Section: Kubanomaly Agent's Privilege Permission and Openmentioning

confidence: 99%

AI-driven container security approaches for 5G and beyond: A survey

Taha¹,

Kuru²,

Sever³

et al. 2023

ITU J-FET

View full text Add to dashboard Cite

The rising use of microservice-based software deployment on the cloud leverages containerized software extensively. The security of applications running inside containers, as well as the container environment itself, are critical for infrastructure in cloud settings and 5G. To address security concerns, research efforts have been focused on container security with subfields such as intrusion detection, malware detection and container placement strategies. These security efforts are roughly divided into two categories: rule-based approaches and machine learning that can respond to novel threats. In this study, we survey the container security literature focusing on approaches that leverage machine learning to address security challenges.

show abstract

An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning

Cited by 12 publications

References 43 publications

Resource-aware Cyber Deception in Cloud-Native Environments

Resource-aware Cyber Deception in Cloud-Native Environments

Automated Cyber Defence: A Review

AI-driven container security approaches for 5G and beyond: A survey

Contact Info

Product

Resources

About