-
A Game-Theoretic Approach for AI-based Botnet Attack Defence
Authors:
Hooman Alavizadeh,
Julian Jang-Jaccard,
Tansu Alpcan,
Seyit A. Camtepe
Abstract:
The new generation of botnets leverages Artificial Intelligent (AI) techniques to conceal the identity of botmasters and the attack intention to avoid detection. Unfortunately, there has not been an existing assessment tool capable of evaluating the effectiveness of existing defense strategies against this kind of AI-based botnet attack. In this paper, we propose a sequential game theory model tha…
▽ More
The new generation of botnets leverages Artificial Intelligent (AI) techniques to conceal the identity of botmasters and the attack intention to avoid detection. Unfortunately, there has not been an existing assessment tool capable of evaluating the effectiveness of existing defense strategies against this kind of AI-based botnet attack. In this paper, we propose a sequential game theory model that is capable to analyse the details of the potential strategies botnet attackers and defenders could use to reach Nash Equilibrium (NE). The utility function is computed under the assumption when the attacker launches the maximum number of DDoS attacks with the minimum attack cost while the defender utilises the maximum number of defense strategies with the minimum defense cost. We conduct a numerical analysis based on a various number of defense strategies involved on different (simulated) cloud-band sizes in relation to different attack success rate values. Our experimental results confirm that the success of defense highly depends on the number of defense strategies used according to careful evaluation of attack rates.
△ Less
Submitted 3 December, 2021;
originally announced December 2021.
-
Deep Q-Learning based Reinforcement Learning Approach for Network Intrusion Detection
Authors:
Hooman Alavizadeh,
Julian Jang-Jaccard,
Hootan Alavizadeh
Abstract:
The rise of the new generation of cyber threats demands more sophisticated and intelligent cyber defense solutions equipped with autonomous agents capable of learning to make decisions without the knowledge of human experts. Several reinforcement learning methods (e.g., Markov) for automated network intrusion tasks have been proposed in recent years. In this paper, we introduce a new generation of…
▽ More
The rise of the new generation of cyber threats demands more sophisticated and intelligent cyber defense solutions equipped with autonomous agents capable of learning to make decisions without the knowledge of human experts. Several reinforcement learning methods (e.g., Markov) for automated network intrusion tasks have been proposed in recent years. In this paper, we introduce a new generation of network intrusion detection methods that combines a Q-learning-based reinforcement learning with a deep-feed forward neural network method for network intrusion detection. Our proposed Deep Q-Learning (DQL) model provides an ongoing auto-learning capability for a network environment that can detect different types of network intrusions using an automated trial-error approach and continuously enhance its detection capabilities. We provide the details of fine-tuning different hyperparameters involved in the DQL model for more effective self-learning. According to our extensive experimental results based on the NSL-KDD dataset, we confirm that the lower discount factor which is set as 0.001 under 250 episodes of training yields the best performance results. Our experimental results also show that our proposed DQL is highly effective in detecting different intrusion classes and outperforms other similar machine learning approaches.
△ Less
Submitted 27 November, 2021;
originally announced November 2021.
-
A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights
Authors:
Hooman Alavizadeh,
Julian Jang-Jaccard,
Simon Yusuf Enoch,
Harith Al-Sahaf,
Ian Welch,
Seyit A. Camtepe,
Dong Seong Kim
Abstract:
Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats,…
▽ More
Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats, analyzing and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights and limitations of this study and suggest some future work directions to address the limitations.
△ Less
Submitted 29 October, 2021;
originally announced October 2021.
-
A Markov Game Model for AI-based Cyber Security Attack Mitigation
Authors:
Hooman Alavizadeh,
Julian Jang-Jaccard,
Tansu Alpcan,
Seyit A. Camtepe
Abstract:
The new generation of cyber threats leverages advanced AI-aided methods, which make them capable to launch multi-stage, dynamic, and effective attacks. Current cyber-defense systems encounter various challenges to defend against such new and emerging threats. Modeling AI-aided threats through game theory models can help the defender to select optimal strategies against the attacks and make wise de…
▽ More
The new generation of cyber threats leverages advanced AI-aided methods, which make them capable to launch multi-stage, dynamic, and effective attacks. Current cyber-defense systems encounter various challenges to defend against such new and emerging threats. Modeling AI-aided threats through game theory models can help the defender to select optimal strategies against the attacks and make wise decisions to mitigate the attack's impact. This paper first explores the current state-of-the-art in the new generation of threats in which AI techniques such as deep neural network is used for the attacker and discusses further challenges. We propose a Markovian dynamic game that can evaluate the efficiency of defensive methods against the AI-aided attacker under a cloud-based system in which the attacker utilizes an AI technique to launch an advanced attack by finding the shortest attack path. We use the CVSS metrics to quantify the values of this zero-sum game model for decision-making.
△ Less
Submitted 20 July, 2021;
originally announced July 2021.
-
Evaluating the Security and Economic Effects of Moving Target Defense Techniques on the Cloud
Authors:
Hooman Alavizadeh,
Samin Aref,
Dong Seong Kim,
Julian Jang-Jaccard
Abstract:
Moving Target Defense (MTD) is a proactive security mechanism which changes the attack surface aiming to confuse attackers. Cloud computing leverages MTD techniques to enhance cloud security posture against cyber threats. While many MTD techniques have been applied to cloud computing, there has not been a joint evaluation of the effectiveness of MTD techniques with respect to security and economic…
▽ More
Moving Target Defense (MTD) is a proactive security mechanism which changes the attack surface aiming to confuse attackers. Cloud computing leverages MTD techniques to enhance cloud security posture against cyber threats. While many MTD techniques have been applied to cloud computing, there has not been a joint evaluation of the effectiveness of MTD techniques with respect to security and economic metrics. In this paper, we first introduce mathematical definitions for the combination of three MTD techniques: \emph{Shuffle}, \emph{Diversity}, and \emph{Redundancy}. Then, we utilize four security metrics including system risk, attack cost, return on attack, and reliability to assess the effectiveness of the combined MTD techniques applied to large-scale cloud models. Secondly, we focus on a specific context based on a cloud model for E-health applications to evaluate the effectiveness of the MTD techniques using security and economic metrics. We introduce (1) a strategy to effectively deploy Shuffle MTD technique using a virtual machine placement technique and (2) two strategies to deploy Diversity MTD technique through operating system diversification. As deploying Diversity incurs cost, we formulate the \emph{Optimal Diversity Assignment Problem (O-DAP)} and solve it as a binary linear programming model to obtain the assignment which maximizes the expected net benefit.
△ Less
Submitted 19 June, 2021; v1 submitted 4 September, 2020;
originally announced September 2020.
-
Cyber Situation Awareness Monitoring and Proactive Response for Enterprises on the Cloud
Authors:
Hootan Alavizadeh,
Hooman Alavizadeh,
Julian Jang-Jaccard
Abstract:
The cloud model allows many enterprises able to outsource computing resources at an affordable price without having to commit the expense upfront. Although the cloud providers are responsible for the security of the cloud, there are still many security concerns due to inherently complex model the cloud providers operate on (e.g.,multi-tenancy). In addition, the enterprises whose services have migr…
▽ More
The cloud model allows many enterprises able to outsource computing resources at an affordable price without having to commit the expense upfront. Although the cloud providers are responsible for the security of the cloud, there are still many security concerns due to inherently complex model the cloud providers operate on (e.g.,multi-tenancy). In addition, the enterprises whose services have migrated into the cloud have a preference for their own cybersecurity situation awareness capability on top of the security mechanisms provided by the cloud providers. In this way, the enterprises can monitor the performance of the security offerings of the cloud and have a choice to decide and select potential response strategies more appropriate to the enterprise in the presence of the attack where the defense provided by the cloud doesn't work for them. However, some response strategies, such as Moving Target Defense (MTD) techniques shown to be effective to secure cloud, cannot be deployed by the enterprise themselves. In this paper, we propose a framework that enables better collaboration between enterprises and cloud providers. Our proposed framework, which offers more in-depth security analysis based on the set of most advanced security metrics, allows the security experts of the enterprise to obtain better situational awareness in the cloud. With better and more effective situation awareness of cloud security, our framework can support better decision making and further allows to deploy more appropriate threat responses to protect the outsourced resources. We also propose a secure protocol which can facilitate more secure communication between the enterprises and cloud provider. Using our proposed secure protocol, which is based on authentication and key exchange mechanism, the enterprises can send a secure request to the cloud provider to perform a selected defensive strategy.
△ Less
Submitted 3 September, 2020;
originally announced September 2020.
-
Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense
Authors:
**-Hee Cho,
Dilli P. Sharma,
Hooman Alavizadeh,
Seunghyun Yoon,
Noam Ben-Asher,
Terrence J. Moore,
Dong Seong Kim,
Hyuk Lim,
Frederica F. Nelson
Abstract:
Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are ofte…
▽ More
Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for develo** proactive, adaptive MTD mechanisms.
△ Less
Submitted 12 September, 2019;
originally announced September 2019.
-
An Automated Security Analysis Framework and Implementation for Cloud
Authors:
Hootan Alavizadeh,
Hooman Alavizadeh,
Dong Seong Kim,
Julian Jang-Jaccard,
Masood Niazi Torshiz
Abstract:
Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, and network infrastructures. Enterprises migrate their services to the cloud to utilize the benefit of cloud computing such as eliminating the capital expense of their computing need. There are security vulnerabilities and threats in the cloud. Many researches have been proposed to analyze…
▽ More
Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, and network infrastructures. Enterprises migrate their services to the cloud to utilize the benefit of cloud computing such as eliminating the capital expense of their computing need. There are security vulnerabilities and threats in the cloud. Many researches have been proposed to analyze the cloud security using Graphical Security Models (GSMs) and security metrics. In addition, it has been widely researched in finding appropriate defensive strategies for the security of the cloud. Moving Target Defense (MTD) techniques can utilize the cloud elasticity features to change the attack surface and confuse attackers. Most of the previous work incorporating MTDs into the GSMs are theoretical and the performance was evaluated based on the simulation. In this paper, we realized the previous framework and designed, implemented and tested a cloud security assessment tool in a real cloud platform named UniteCloud. Our security solution can (1) monitor cloud computing in real-time, (2) automate the security modeling and analysis and visualize the GSMs using a Graphical User Interface via a web application, and (3) deploy three MTD techniques including Diversity, Redundancy, and Shuffle on the real cloud infrastructure. We analyzed the automation process using the APIs and showed the practicality and feasibility of automation of deploying all the three MTD techniques on the UniteCloud.
△ Less
Submitted 3 April, 2019;
originally announced April 2019.