Stackelberg Security Game for Optimizing Cybersecurity Decisions in Cloud Computing

Ait Temghart, Abdelkarim; Marwan, Mbarek; Baslam, Mohamed

doi:https://doi.org/10.1155/2023/2811038

Security and Communication Networks

On this page

Abstract Introduction Related Works Experimental Results Conclusions Data Availability Ethical Approval Conflicts of Interest References Copyright Related Articles

Research Article | Open Access

Volume 2023 | Article ID 2811038 | https://doi.org/10.1155/2023/2811038

Stackelberg Security Game for Optimizing Cybersecurity Decisions in Cloud Computing

Abdelkarim Ait Temghart,¹Mbarek Marwan,²and Mohamed Baslam¹

Academic Editor: Hyun-A Park

Received07 Nov 2022

Revised12 Jun 2023

Accepted31 Oct 2023

Published11 Dec 2023

Abstract

As it is difficult to cover all cybersecurity threats, an optimal defense strategy is one of the focal issues in cloud computing due to its dynamic abstraction and scalability. On this basis, Stackelberg security games (SSG) have received significant attention for their better deployment of limited security. To deal with uncertainty and incomplete information, we introduce a modified quantal response (Mod-QR) approach that incorporates bounded rationality and preference into the decision-making process. Formally, this can be done by using the quantal response equilibrium (QRE) framework to find a trade-off between the effectiveness and operating costs of cloud computing. In this case, the most effective countermeasures to defend the cloud can be viewed as a mixed strategy in which all the actions of the defender are played with a nonzero probability. This framework has been evaluated using an experimental study on MATLAB optimization toolbox to understand the behavioral aspects of cybersecurity actors and then to proactively protect cloud computing.

1. Introduction

To adapt quickly to changing business needs, cloud computing is an emerging trend that is revolutionizing the future of the IT industry by offering the ability to grow or shrink infrastructure resources and services as needed. Such an approach provides a solid ground for designing a better usage-based pricing model that allows the on-demand provisioning of scalable services such as MBaaS (mobile backend as a service) [1], database as a service (DBaS) [2], and NaaS (network as a service) [3].

Although shared infrastructure and multitenancy are improving the redundancy and reliability of the cloud, users have limited visibility and control over online business data and applications. As a direct result of these virtualized services, data security is still a critical challenge in the cloud computing paradigm, and it becomes particularly serious because the data are located in different virtual machines (VMs) [4, 5]. One major problem with cloud security is that attackers can inject malicious queries using various cyberattacks such as credential stuffing, Denial of service (DoS), Spectre and Meltdown, SQL injection, Cross-Site Scripting (XSS), CrossSite Request Forgery (CSRF), etc [6]. Because of this, it is of utmost importance to build plans to react and recover from attacks as quickly as possible. With constantly changing cybersecurity threats, there has to be a strong strategy in place to make automated decisions in mitigating the risk of privacy attacks [7, 8]. Such an approach will hopefully lead to better design and implementation of the well-developed information security policy and then choose the appropriate countermeasures. To this aim, moving target defense (MTD) has become a focus point of recent cyber security advances. Concretely, there are two ways to best match security measures with available resources in large-scale virtualized data centers. One of the best ways to improve data security is to learn how to effectively cover all the most critical and emerging risks [9, 10]. Unfortunately, limited security resources prevent full security coverage for all possible vulnerabilities in modular data centers and large-scale clouds. Alternatively, we rely on game theory to analyze and model the competition between attackers and defenders as well. Taking into consideration the current situation of cloud infrastructure resources, we determine the optimal response to the cooperative and competitive behavior of two players (defenders and attackers) with conflicting interests. Notice that in the noncooperative game, a malicious hacker seeks to dramatically reduce the overall profit margins. Based on this assumption, Stackelberg security games (SSG) are well-suited to adversarial reasoning for making effective, rational strategies when it comes to securing highly scalable cloud infrastructure. In practice, this is generally done by defining defense strategy by cloud providers (leaders) in advance while multiple adversaries (followers) would launch cyberattacks on a system based on the leader’s policy.

Obviously, cloud providers try to continuously update the adopted security policy in such a way that it would maximize their payoff. In this case, security measures aim to determine the optimal selection of countermeasures in IT security planning to mitigate cyber threats and meet the level of QoS as well. Put simply, a cloud provider guarantees providing highly available and efficient services and simultaneously improves business agility and revenue efficiency by reducing the costs associated with security countermeasure. Note that the interests of the players conflict totally in a zero-sum game environment. More interestingly, we proceed to define quantal the response equilibrium (QRE) so that each player’s strategy is chosen according to the probability distribution. In such challenging circumstances, every defense strategy is played with nonzero probability. The main contributions of this paper include the following:(1)We identify and quantify potential security threats in cloud computing environments to build a cybersecurity model(2)We use Stackelberg games to model the attacker-defender strategic interaction in cloud computing, especially when using a limited number of resources(3)We develop a model of imperfect competition based on a noncooperative game to find an optimal defender strategy(4)We propose a model of bounded rationality based on the QRE so that all players always make their decisions with a limited amount of information about security threats and countermeasures(5)We conduct a comprehensive evaluation of the accuracy of the modeling defense strategy and its effect on the operating profit margin

The rest of this paper is structured as follows. In Section 2, we formalized the system model and security requirements for cloud-shared resources. Section 3 surveys the most notable research works by highlighting their advantages and shortcomings. Section 4 presents the Stackelberg game-based model for automating security decisions in the cloud environment. Section 5 examines existing Stackelberg security games and provides evidence about their ability to generate the tradeoffs between the privacy risks and their corresponding countermeasures in cloud computing. In Section 6, we presented the construction and security analysis of the proposed method by detailing the game’s mathematical model. Section 7 is dedicated to simulation results and performance analysis. Section 8 finally concludes this work and presents some future works.

2. Problem Statement

Generally, cloud computing is seen as more vulnerable to cyber-attacks compared to traditional data centers. In fact, the dynamic nature and the building blocks of the cloud are the root cause of cyber-attacks. Figure 1 represents the four fundamental building blocks of cloud infrastructure. Concretely, it uses virtualization to run multiple independent instances of one physical device.

To meet QoS requirements, a distributed and parallel computing strategy is used to significantly improve performance by taking advantage of dynamic load balancing and task scheduling. Similarly, the use of web technologies would undoubtedly be of great value to facilitate quick and easy access to cloud services. Outsourcing business processes reduce costs and improve productivity and profitability. On one side, these features can often provide cost reduction while maintaining high-quality service, even though they may pose serious challenges to cloud security. On the other side, especially in a large-scale environment, the problem is where we should place a limited number of security measures to quickly detect cyber-attacks. In light of this fact, the following issue needs to be considered for our scenario.

2.1. The Uncertainty of Cyber-Attacks

In most cases, cyber-attacks on cloud servers are uncertain. The attacker exploits a vulnerability to infect VMs residing on the same host either the virtual machine or the hypervisor. Moreover, a successful attack on a VM may adversely affect the security in the virtualized environment by the interaction of virtual machines running on the same cloud computing. We assume that an attacker exploits a vulnerability to gain access to VM1, which has a negative impact on nearest neighbor VM2 and VM3. As all VMs interact directly with the console, it is uncertain which vulnerability on VM2 and VM3 will be exploited by the attacker to take control of a cloud resource, as shown in Figure 2.

2.2. The Limit of Defense Mechanisms

The security of a large-scale data center is based on the security of all VMs [11]. At the same time, security policy becomes ineffective as it gets more and more complex to operate and maintain. It may not be realistic to monitor all activity and discover all VMs since it may potentially require system downtime. Often the biggest challenge in designing and deploying efficient countermeasures in large-scale distributed systems is cost. It might then require compromises to be made, increasing security and maintaining high-quality performance.

Over the last three decades, a number of frameworks have been developed to promote the use of game theory to practically model the decision-making process between attackers and defenders in distributed data centers. The authors in [12, 13] use the Stackelberg game for a coalition between a mobile cloud computing (MCC) and unmanned aerial vehicle (UAV). The main objective here is to optimize computation offloading in terms of transmission time and energy consumption. In the same line, the Stackelberg game is used to formulate a discrete multileader multifollower in a coalition-based UAV network so as to achieve the lowest network energy consumption [14, 15]. The authors in [16, 17] use the Stackelberg game to formulate a discrete multileader multifollower in a coalition-based UAV network so as to achieve the lowest network energy consumption. In this case, the proposal is designed to choose the most optimal strategies that yield the maximum utility for the provider and meanwhile ensure the best service and a suitable price for end users. Yang et al. rely on the Markov chain model with a state transition matrix to build a game model for protecting smart grids. It is commonly performed by multiple adversaries cooperatively [18, 19]. By using a two-player stochastic game, the authors in [20, 21] define Nash equilibrium (NE) to select the best attack-defense strategy in satellite base stations. More specifically, the authors in [22, 23] use a mixed strategy-based zero-sum game with two players between providers and attackers.

Li and Zheng [24] use the Stackelberg game model to secure data centers against advanced persistent threats (APTs). Basically, the authors applied semi-Markov models to generate a timing-aware model that captures potential variations sequence in a multistage defense mechanism. In wireless networks, game theory analyzes the behaviors of nodes to secure the routing process in VANET while also improving traffic safety and performance [25]. Jakóbik et al. [26] examined the complex interactions between cloud providers and end users by using the Stackelberg game. In order to reach the security goals, the proposed solution is designed to reduce the information losses and secure sensitive communication systems as well. In [27], Eltayesh et al. formulated a Bayesian game to study the inaccurate, inconsistent, missing data in a database caused by the most common and dangerous cyber threats. In the same vein, the authors in [28] take into account the computational costs and misbehavior activities of malicious nodes and construct a dynamic Bayesian game to maximize the individual utility of each node in underwater acoustic sensor networks (UASNs).

Furthermore, game theory is the most efficient approach to modeling the conflict or cooperative game relationship between the attacker and the defender so as to develop a deeper understanding of the scope of both the threat and potential damages. This was achieved with the help of reinforcement learning (RL) and repeated Stackelberg game [29]. To deal with adaptive adversaries, Zhang and Zhuang [30] introduced a sequential game that accurately estimates the required resources to face several attack types. This will provide guidance on how to achieve efficient distribution of a limited amount of resources to multiple targets to reduce data loss caused by attackers. Ji et al. proposed an automatic smart security policy through the game theory model to make appropriate security strategies by studying potential security risks in microgrid systems [31]. Chen et al. proposed a mechanism for an IoT environment to make efficient security decisions to minimize cyber-attacks [32]. To this aim, Monte Carlo with the classical Stackelberg models is used to optimally place a set of intrusion detection systems (IDSs) in several locations across the network.

Overall, all previous works detailed in this section focus on the Stackelberg game framework to model interactions between service providers and attackers. Usually, a typical approach is based on the assumption that attackers are perfectly rational when defenders deploy limited security resources to maximize their effectiveness. Nevertheless, the environment may be nondeterministic in which case it is modeled by quantal response equilibrium (QRE). For decision-making under uncertainty, we opt for the game theory concept to model scenarios in which the players cannot know the strategy of their opponents. Even though it is hard to define the utility (payoff) function for defender and attacker, it is designed to identify utility functions based on the inverse game problem. Subsequently, the proposed model is an effective strategy for predicting future attack patterns and helps cloud providers to defend against a given threat.

4. Game Theoretical Model for Cloud Threats

Basically, we define a mitigation approach and tools that minimize threats and vulnerabilities in cloud computing. In this context, game theory is one of the most prominent and efficient problem-solving approaches in choosing an optimal investment in information security. More precisely, game theory has long fulfilled the promise of enhancing intelligent decision-making for complicated security challenges. Figure 3 illustrates the principle of the proposed optimal security measures.

This pledge has been achieved in part with the implementation of Stackelberg security games. This is a noncooperative game that models competition between a specific group of players and a leader who has a favored status and makes the move first. Accordingly, the remaining players (followers) are obligated to make their decisions based on the actions of the leader.

4.1. Stackelberg Game

Stackelberg games were first introduced to model the relationship between leadership and commitment to study the two competitors in the duopoly market. It requires players to decide the best strategic move: the first player is the leader who commits to a strategy first, and then the second player, called the follower, observes the strategy of the leader and then reacts to it so as to reduce the loss due to the leader strategy.

The term Stackelberg security games (SSG) was first introduced by [33] Kiekintveld to optimize resources used to defend against a potential attacker. Accordingly, this noncooperative game consists of defender (D) and attacker (A). The attacker tries to attack any target from the available set of targets to gain access to critical and confidential information stored in the cloud whereas the defender tries to prevent attacks by covering targets by using a limited number of resources from the set . In light of the fact, we formulate the game theoretical model for the defender and attacker scenario as two players noncooperative and nonzero-sum game G.where is a set of players; is the set of strategies; is the set of payoff for each player.

In this way, this game comprises a set of players, actions/strategies, and the final payoff that is represented by a matrix, as shown in Table 1.

In a general sense, in a resource allocation game, there are two strategies to deal with cybersecurity in cloud computing environments, i.e., pure and mixed strategies. On the one hand, cloud provider in a pure strategy determines the specific actions for any possible common cyber threats and attacks by deploying a set of resources to defend targets. In parallel with this, for an attacker, it represents an attack at a target. On the other hand, a mixed strategy for cloud providers is a probability distribution over the set of possible countermeasures. In the context of the cloud, an active attacker would have taken control of one or several targets in a pure strategy while the targets in a mixed strategy are denoted by , where represents the probability of attacking a target .

In the cybersecurity context, the defender's mixed strategy is represented by a probability distribution that determines the probabilities associated with the cloud provider covering each target t [26]. Thus, is the probability of uncovered target. Additionally, the utility for both the defender and the attacker is associated with each target, and whether it is covered by the cloud provider or not [30, 33]. More importantly, when the target t is attacked, and covered by the defender then, the defender’s utility is or if is not covered . The attacker’s utility is if t is covered or if it is not covered. As a general rule, the security games in cloud are a function that satisfies and .

4.2. The Expected Utility in Security Games

When a strategy profile and is played, the utility values of both players are given by the following: the payoff of each cloud provider depends on the probability that a target is covered. Let denote the income obtained after investing in security measures to cover cloud services. To greatly reduce the potential damage from an attack, each cloud provider would expect to incur a cost e for the security expenses. The marginal payoff for a cloud provider can be expressed as follows:

From the equation above it is clear that if the target is uncovered (the attack is successful), the cloud provider has no gain. In addition, if the target is covered, the cloud provider generates an income that is reduced by the operational expenses. We then focused on the damages committed by the attackers, and the payoff depends on the major benefits that can be obtained from an attack on target t and the estimated costs of each attack . Then, the payoff of each attacker that gets access to a cloud environment can be defined as follows:

That equation above reflects the situation when the target is covered and then attackers are not able to generate profit. Obviously, unprotected target is the easiest way to earn passive income . To deal with cybersecurity in a cloud computing environment, we assume that cloud providers select the appropriate level of security while the attackers observe the defender’s strategy. Unfortunately, cloud providers allocate scarce defense resources to cover potential targets as full security coverage at all times is not possible. A strategic goal is to continuously ensure a balanced allocation of the defender, and the attacker depends on the budget constraints and the expected revenue. Note that given a coverage probability, it is always better for the cloud provider to secure all VMs, whereas the attacker prefers to gain access to specifically unprotected VMs with a better payoff. Moreover, we make the assumption that the cloud provider’s payoff depends on his own actions and an aggregate of the actions of all-possible attackers. In this paper, we only consider the case of defender-attacker Stackelberg games in which the defender’s utility is the exact opposite of the attacker’s utility.

4.3. Equilibrium Analysis of Cloud Security

The main challenge faced by each cloud provider is to choose an optimal policy when making strategic security decisions. The most important in security game is to find equilibrium in stochastic games. In a Cournot duopoly, the cloud provider and attackers make their moves at the same time while, in a Stackelberg duopoly, the cloud provider becomes the leader and so makes the first moves. The payoffs in equations above (1) and (2) only represent potential targets that are getting attacked regardless of whether they have been protected or not. In this case, we use Stackelberg game models as a standard solution concept to capture the interaction between the two players in a security game consisting of a defender (D) and multiple attackers (A). Therefore, we investigate Nash equilibrium (NE) in cyber security problems, which often are considered as competitive scenarios.

Definition 1. A pair of mixed strategies D and A forms an NE if the following conditions are satisfied:(1)Defender plays a best response, that is, (2)Attacker plays a best response, that is, The Stackelberg equilibrium (SSE) is equal to the Nash equilibrium under the given zero-sum assumption, which is usually regarded as the maximum strategy.
Accordingly, the defender maximizes the minimum expected utility or minimizes the maximum attackers’ utility. Suppose that the attacker’s response function is . We assume that is unique to every . The solution is provided via the formalization of strong Stackelberg equilibrium (SSE) [14].

Definition 2. A pair of strategies is defined as a strong Stackelberg equilibrium if the following conditions are satisfied:(1)The cloud provider uses the best security strategy: (2)The attacker plays a best response: (3)The attacker breaks ties in favor of the defender policy: where is the set of the attacker’s best responses.

5. Secure Stackelberg Game-Based Models

In this section, we introduce common models to implement the Stackelberg security game. Specifically, there are increasing efforts to reduce cybersecurity attacks and the cost of countermeasures as well.

5.1. COBRA Models

Pita et al. proposed the COBRA model based on three game models [16]. The first one is bounded rationality represented by . The second one is observational uncertainties , and the third one is the combination of the first and second model . Authors consider the strategy of both leader and follower to be a linear problem: , where represents the player behavior.

5.2. ORIGAMI Model

In this model, Kiekintveld et al. [31, 33] defined C as the coverage vector of the optimal security strategy to protect a target . Besides, the probabilities that target is protected are . The author assumed that the equilibrium state of this game is achieved when , and then,

For each target , such that .

5.3. SU-BRQR Model

Tambe et al. in [16, 18] introduce a model that takes into consideration the adversary’s preference. The latter highlights the importance of rewards and penalties in every security policy. In this case, the optimal strategy is calculated by adding the utility function to the standard Stackelberg security model. Accordingly, the optimal strategy is expressed as follows:where

In addition to the above models, the interactions of the typical attack and defense strategies are analyzed using several defense-allocation methods such as MAXMIN models [16], Eraser-C model [20], ASPEN model [22], and GUARDS model [34].

6. Proposed Model

Indeed, the weak performance in terms of predicting the behavior of the human adversary is the main obstacle to the development of realistic models, particularly in the context of SSGs. The inherent difficulty lies in accurately capturing the complex decision-making processes of adversaries. However, in order to devise more efficient defense strategies, it is imperative to overcome this challenge.

In this section, we propose a novel approach to modeling adversary decision-making in SSGs. Our approach combines the concepts of quantal response equilibrium and quantal response with preference, thereby offering a comprehensive framework for understanding and predicting adversary behavior.

Quantal response equilibrium takes into account the bounded rationality of adversaries, acknowledging that their decision-making is not purely rational but influenced by a certain level of randomness. By incorporating this notion into our model, we can better capture the realistic behavior of adversaries in SSGs.

Furthermore, we extend the model by incorporating quantal response with preference. This addition allows us to account for the fact that adversaries may exhibit a preference for certain targets or strategies. By considering the preferences of adversaries alongside their quantal response behavior, we gain deeper insights into their decision-making processes and can devise more effective defense strategies accordingly. It provides a powerful tool for analyzing and predicting adversary behavior, enabling the development of more efficient defense strategies. This advancement is crucial for ensuring the security and resilience of SSGs in the face of evolving threats.

6.1. Quantal Response

Quantal response equilibrium (QRE) is an important solution concept in game theory. It was introduced by McKelvey and Palfrey [35]. Note that a set of boundary conditions is usually associated with discrete strategies to find equilibrium. In particular, the response of a player in the Stackelberg security game is modeled as a quantal response. Such a model leads to a secure cloud environment using systems with a probability of selecting an action i, which can be expressed in the following way [36]:where is the parameter that reflects the rationality level of each player and the degree of accuracy and precision of each action. In this case, the parameter means that the choice of an action becomes purely random. But more importantly, in contrast to the lack of complete information, the action with the higher expected payoff is chosen for sure rational behavior when . When the expected utility for the attacker is replaced, we obtain the probability of selecting an action.

Basically, the defender in SSGs seeks to maximize its expected utility; we assume that the adversary follows a quantal response (QR-adversary). Given the adversary’s quantal response, which is described in equation (7), the defender’s best response is

From equations (3) and (9), the problem of finding the optimal mixed strategy for the defender can be formulated as follows:

6.2. Modify Quantal Response (Mod-QR)

The quantal response model is enhanced by incorporating multiple parameters that influence the attacker’s decision-making process. This modification accounts for the various factors that can affect how attackers make their strategic choices. For simplicity purposes, the parameter refers to the effects of the successful attack rate. In other words, it describes also an attractor for the best response. In general, the attackers are attracted by targets that have been attacked successfully in the past with the highest payoff since a successful attack with a large penalty would reduce the defender’s reward. Here, we modify the QR model by adding to the probability in equation (6). We modeled the effect of a successful attack rate as follows:

In this case, refers to the target that has been attacked, and indicates the preference of the attacker for this target. This parameter reflects the willingness of attacker to again access to a specific target. Furthermore, is the ratio of the attacker’ penalty and reward. Then, the probability of an attacker to attack the target is calculated as follows:

The optimal defender strategy against a Mod-QR-adversary is computed by solving the following optimization problem:

Then,where the integer variables are introduced to represent the function .

The optimization problem described above presents a challenge due to its nonlinear and nonconvex nature, combined with the presence of mixed integer-programming constraints. Consequently, solving this problem directly becomes a difficult task. To tackle this challenge, we employ a computational approach to determine the optimal strategy against the quantal response adversary. Specifically, we focus on methods that enable the computation of local optima, as outlined in Algorithm 1. By utilizing Algorithm 1, we can explore and identify near-optimal solutions within the problem’s complex solution space. Although global optimality may not be guaranteed, this approach allows us to obtain satisfactory solutions that maximize the objectives and satisfy the constraints.

	Input:
	Output:
(1)
(2)
(3)
(4)
(5)
(6)	//Update the global minimum
(7)
(8)
(9)
(10)

In the first place, we transform the maximization problem into a minimization problem. Here, we consider the problem of finding the minimum cost according to stable constraints. Notably, the MATLAB optimization toolbox contains various different kinds of functions for searching optimal solutions with the inbuilt function given by fmincon.

7. Experimental Results

This section focused principally on evaluating the performance of the used defender’s strategies against the different adversary models. The first model is designed to take into account quantal response while the second one relies on the modified quantal response. The first adversary model incorporates quantal response, which considers the bounded rationality of the adversaries. This model takes into account the probabilistic nature of their decision-making process. The defender’s strategies are tested against this model to determine their effectiveness in countering adversaries with varying levels of rationality. The second adversary model utilizes a modified quantal response, which enhances the efficiency of the decision-making process compared to standard quantal response. This model considers not only the rationality but also the preferences of the adversaries. The defender’s strategies are evaluated against this model to assess their performance in a scenario where the adversaries exhibit preferences for specific targets or strategies. In principle, the optimization of such systems is described exactly by equations described in the previous section.

In our case, and for the sake of simplicity, let us denote G as an instance of a game, which represents a combination of payoff structure . In the same vein, we suppose that the defender uses four resources to protect seven possible targets by exploiting security vulnerabilities, i.e., . Furthermore, we use the estimated parameters for quantal response and , , and for the modified quantal response as mentioned in [37]. For our purposes, we are restricting the topic to models for a range of potential parameters related to defender-attacker strategies, as shown in Tables 2 and 3. More importantly, we have developed the quantal properties of the mixed strategies as illustrated in Figures 4 and 5.

To further illustrate the proposed solution, we analyze the influence of economic rational choice of the players’ behavior and the influence of each parameter. In particular, we focused on studying the effect of these parameters on defender’s strategies.

The convergence of the defender’s mixed strategy can be observed in both Figures 6 and 7 as the attacker’s rationality increases. These figures illustrate the progressive alignment of the defender’s strategy with the evolving tactics of the attacker.

In Figure 6, as the attacker becomes more rational, the defender’s mixed strategy adjusts accordingly, converging towards a more optimal defense approach. This convergence indicates that the defender is adapting to the increasing rationality of the attacker, aiming to minimize vulnerabilities and mitigate potential threats.

Similarly, Figure 7 depicts the convergence of the defender’s mixed strategy in response to the heightened rationality of the attacker. As the attacker’s decision-making becomes more refined, the defender’s strategy evolves to counteract these advancements. The converging trends in this figure demonstrate the dynamic nature of the defender’s response to the attacker’s increasing rationality.

From Figures 8 and 9, we can distinguish that the defender increases the security for targets, which have attacker’s strict preference for these favored targets. This means that if an attacker has more preference for a specific target, the defender is forced to protect this target.

As can be seen in Figure 10, the attacker at first attacks all VMs with the same probability, which reflects some irrational behavior. However, as time progresses, the attacker becomes more rational and strategic in their decision-making process.

Through a careful analysis of the defender’s strategies, the attacker gains valuable insights into the vulnerabilities and defenses of the VMs. This increased understanding allows the attacker to refine their approach and target-specific VMs more effectively.

The transition towards rationality is evident in Figure 10, as the attacker’s probability of attacking each VM evolves over time. The initial uniform distribution of attack probabilities gradually gives way to a more focused and calculated strategy, reflecting the attacker’s growing rationality.

In Figure 10, the probability of attacking the target 3, target 6, and target 7 increases. In contrast, the risk of cyber-attacks decreases for other targets. As the attackers become more rational, attacks have clearly become the most dangerous for both target 6 and target 7, while the probability of attacking target 3 decreases. This will undoubtedly contribute to minimize the overall penalty of executing all the tasks. Furthermore, this situation would cause minimum penalty to attacker with high revenue, as illustrated in Figure 9.

Figures 11 and 12 show a proportional relationship between objective value and rationality . In this case, when the attackers become more rational, they observe the defender’s strategies and try to prevent the exploitation of coresident VMs with large penalties. This is due to the fact that these VMs often generate high revenue, and then, cloud providers can make a huge profit. Likewise, Figures 11 and 12 illustrate the effect of attackers with the goal of increasing the magnitude of their expected damage and their attacks on the defender’s objective. In a general sense, this can be explained by the fact that each defender is interested in protecting vulnerable targets.

In contrast, the probability of attacking other regular targets (VM) increases with the rationality . As the defender’s utility is defined as the expected payoff on all VMs, the rewards of protecting cloud resources are directly related to the value of the attacked target and the level of protection. More precisely, the defender obtains a security gain by expending resources dedicated to protecting VMs. This can be clearly seen in Figure 13 which have higher the cloud provider’s profit when purchasing and deploying more security countermeasures to protect against cyber-attacks. Furthermore, when the cloud provider demonstrates a preference for specific targets, it is observed that the modified quantal response (Mod-QR) exhibits greater efficiency compared to the standard quantal response (QR) method. Indeed, this will lead to increased demands for cloud services and rapid growth in revenue as well.

8. Conclusions

This article attempts to model strategic interactions between both defenders and attackers to deal with the security of a multitenant cloud environment. To this aim, we use a Stackelberg security game (SSG) where a defender can simultaneously protect a set of targets using a limited number of resources. More specifically, we study an equilibrium model in which players with conflicts of interest maximize their expected utility. In this case, we assume that players have rational expectations and that attackers select targets following logit quantal response equilibrium models. In such a situation, we use a nonzero-sum game for modeling and studying cloud security problems, as the gain of the attackers is not necessarily the same as the defender’s losses. By formulating the defender’s problem as an SSG decision process, the proposed model helps defenders to find and implement the most appropriate strategies that increase cloud defensibility and to predict and manage the behaviors of attackers. In the present study, a numerical simulation to further illustrate the effectiveness of the proposed model dealing is proposed and validated. In this research, experimental and numerical modeling is examined to define the ideal security investment when evaluating and implementing cybersecurity measures. To achieve their strategic goals and objectives, cloud providers are bounded to rationality and dynamically change their strategies according to the attacker’s preferences and its behavior.

In future work, we intend to explore the possible application of the Stackelberg security game to allocate defense resources to several targets subject to cyber-attacks, especially distributed denial-of-service (DDoS) attacks. We plan to further extend the proposed model by using a Markov-based approach to deal with cloud security using moving target defense (MTD) analysis.

Data Availability

The data used to support the findings of this study are included within the article.

Ethical Approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

I. Costa, J. Araujo, J. Dantas, E. Campos, F. A. Silva, and P. Maciel, “Availability evaluation and sensitivity analysis of a mobile backend-as-a-service platform: availability evaluation and sensitivity analysis of a mobile backend-as-a-service platform,” Quality and Reliability Engineering International, vol. 32, no. 7, pp. 2191–2205, 2016.
View at: Publisher Site | Google Scholar
C. Curino, E. P. C. Jones, R. A. Popa, and N. Malviya, Relational Cloud: A Database-As-A-Service for the Cloud, MIT web domain, Cambridge, MA, USA, 2011.
P. Costa, M. Migliavacca, P. Pietzuch, and A. L. Wolf, “Naas: Network-as-a-Service in the Cloud,” in Proceedings of the 2nd USENIX Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services, San Jose, CA, USA, April 2012.
View at: Google Scholar
D. A. B. Fernandes, L. F. B. Soares, J. V. Gomes, M. M. Freire, and P. R. M. Inácio, “Security issues in cloud environments: a survey,” International Journal of Information Security, vol. 13, no. 2, pp. 113–170, 2014.
View at: Publisher Site | Google Scholar
A. Ait Temghart, M. Outanoute, and M. Marwan, “Game theoretic approaches to mitigate cloud security risks: an initial insight,” in Proceedings of the International Conference on Business Intelligence, Ukraine, Europe, September 2021.
View at: Google Scholar
M. Jangjou and M. K. Sohrabi, “A comprehensive survey on security challenges in different network layers in cloud computing,” Archives of Computational Methods in Engineering, vol. 29, 2022.
View at: Google Scholar
S. Singh, Y. S. Jeong, and J. H. Park, “A survey on cloud computing security: issues, threats, and solutions,” Journal of Network and Computer Applications, vol. 75, pp. 200–222, 2016.
View at: Publisher Site | Google Scholar
K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications, vol. 4, no. 1, p. 5, 2013.
View at: Publisher Site | Google Scholar
X. Yi, J. Wu, G. Li, A. K. Bashir, J. Li, and A. A. AlZubi, “Recurrent semantic learning-driven fast binary vulnerability detection in healthcare cyber physical systems,” IEEE Transactions on Network Science and Engineering, vol. 10, no. 5, pp. 2537–2550, 2023.
View at: Publisher Site | Google Scholar
H. Li, J. Wu, H. Xu, G. Li, and M. Guizani, “Explainable intelligence-driven defense mechanism against advanced persistent threats: a joint edge game and ai approach,” IEEE Transactions on Dependable and Secure Computing, vol. 1, p. 1, 2021.
View at: Publisher Site | Google Scholar
A. Amini, N. Jamil, A. R. Ahmad, and M. Z`aba, “Threat modeling approaches for securing cloud computin,” Journal of Applied Sciences, vol. 15, no. 7, pp. 953–967, juin 2015.
View at: Publisher Site | Google Scholar
D. Korzhyk, V. Conitzer, and R. Parr, “Complexity of computing optimal stackelberg strategies in security resource allocation games,” Proceedings of the AAAI Conference on Artificial Intelligence, vol. 24, pp. 805–810, 2010.
View at: Google Scholar
Q. Wu, J. Chen, Y. Xu et al., “Joint computation offloading, role, and location selection in hierarchical multicoalition UAV mec networks: a stackelberg game learning approach,” IEEE Internet of Things Journal, vol. 9, no. 19, pp. 18293–18304, 2022.
View at: Publisher Site | Google Scholar
G. Leitmann, “On generalized Stackelberg strategies,” Journal of Optimization Theory and Applications, vol. 26, no. 4, pp. 637–643, 1978.
View at: Publisher Site | Google Scholar
J. Chen, Q. Wu, Y. Xu et al., “A multi-leader multi-follower stackelberg game for coalition-based UAV MEC networks,” IEEE Wireless Communications Letters, vol. 10, no. 11, pp. 2350–2354, 2021.
View at: Publisher Site | Google Scholar
J. Pita, M. Jain, M. Tambe, F. Ordóñez, and S. Kraus, “Robust solutions to Stackelberg games: addressing bounded rationality and limited observations in human cognition,” Artificial Intelligence, vol. 174, no. 15, pp. 1142–1171, 2010.
View at: Publisher Site | Google Scholar
A. M. Hadjkouider, C. A. Kerrache, A. Korichi, Y. Sahraoui, and C. T. Calafate, “Stackelberg game approach for service selection in UAV networks,” Sensors, vol. 23, no. 9, p. 4220, 2023.
View at: Publisher Site | Google Scholar
A. Tambe and T. Nguyen, “Robust resource allocation in security games and ensemble modeling of adversary behavior,” in Proceedings of the 30th Annual ACM Symposium on Applied Computing, pp. 277–282, New York, NY, USA, April 2015.
View at: Google Scholar
X. Yang, X. He, J. Lin, W. Yu, and Q. Yang, A Game-Theoretic Model on Coalitional Attacks in Smart Grid, IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, 2016.
J. Tsai, S. Rathi, C. Kiekintveld, F. Ordóñez, and M. Tambe, “Security and Game Theory: IRIS – A Tool for Strategic Security Allocation in Transportation Networks,” in Proceedings of the International Joint Conference on Autonomous Agents and Multiagent Systems, Budapest, Hungary, 2011.
View at: Google Scholar
M. Fanti, M. Nolich, S. Simic, and W. Ukovich, “Modeling cyber attacks by stochastic games and timed petri nets,” in Proceedings of the 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 002960–002965, Budapest, Hungary, October 2016.
View at: Google Scholar
M. Jain, E. Kardes, C. Kiekintveld, F. Ordóñez, and M. Tambe, Security Games with Arbitrary Schedules: A Branch-and-Price Approach, vol. 2, 2010.
A. H. Anwar, G. Atia, and M. Guirguis, “Game theoretic defense approach to wireless networks against stealthy decoy attacks,” in Proceedings of the 2016 54th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 816–821, Monticello, IL, USA, July 2016.
View at: Google Scholar
H. Li and Z. Zheng, “Optimal timing of moving target defense: a stackelberg game model,” in Proceedings of the MILCOM 2019- 2019 IEEE Military Communications Conference (MILCOM), pp. 1–6, Norfolk, VA, USA, June 2019.
View at: Publisher Site | Google Scholar
R. Venitta Raj and K. Balasubramanian, “Retracted article: trust aware similarity-based source routing to ensure effective communication using game-theoretic approach in VANETs,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 6, pp. 6781–6791, 2021.
View at: Publisher Site | Google Scholar
A. Jakóbik, F. Palmieri, and J. Kołodziej, “Stackelberg games for modeling defense scenarios against cloud security threats,” Journal of Network and Computer Applications, vol. 110, pp. 99–107, mai 2018.
View at: Publisher Site | Google Scholar
F. Eltayesh, J. Bentahar, R. Mizouni, H. Otrok, and E. Shakshuki, “Refined game-theoretic approach to improve authenticity of outsourced databases,” Journal of Ambient Intelligence and Humanized Computing, vol. 8, no. 3, pp. 329–344, juin 2017.
View at: Publisher Site | Google Scholar
R. Muthukkumar and D. Manimegalai, “Secured transmission using trust strategy-based dynamic Bayesian game in underwater acoustic sensor networks,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 2, pp. 2585–2600, 2021.
View at: Publisher Site | Google Scholar
G. Alcantara-Jiménez and J. B. Clempner, “Repeated Stackelberg security games: Learning with incomplete state information,” Reliability Engineering & System Safety, vol. 195, Article ID 106695, 2020.
View at: Google Scholar
J. Zhang and J. Zhuang, “Modeling a multi-target attacker-defender game with multiple attack types,” Reliability Engineering & System Safety, vol. 185, pp. 465–475, 2019.
View at: Google Scholar
X. P. Ji, W. Tian, W. Liu, and G. Liu, “Optimal attack strategy selection of an autonomous cyber-physical micro-grid based on attack-defense game model,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 9, pp. 8859–8866, 2021.
View at: Publisher Site | Google Scholar
L. Chen, Z. Wang, F. Li, Y. Guo, and K. Geng, “A stackelberg security game for adversarial outbreak detection in the internet of things,” Sensors, vol. 20, no. 3, p. 804, 2020.
View at: Publisher Site | Google Scholar
C. Kiekintveld, M. Jain, J. Tsai, J. Pita, F. Ordóñez, and M. Tambe, “Computing optimal randomized resource allocations for massive security games,” in Proceedings of the 8th International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS 2009), pp. 689–696, Budapest, Hungary, May 2009.
View at: Google Scholar
B. An, J. Pita, E. Shieh, M. Tambe, C. Kiekintveld, and J. Marecki, “GUARDS and PROTECT: next generation applications of security games,” ACM SIGecom Exchanges, vol. 10, no. 1, pp. 31–34, 2011.
View at: Publisher Site | Google Scholar
R. D. McKelvey and T. R. Palfrey, “Quantal response equilibria for normal form games,” Games and Economic Behavior, vol. 10, no. 1, pp. 6–38, 1995.
View at: Publisher Site | Google Scholar
S. Shen, K. Hu, L. Huang, H. Li, R. Han, and Q. Cao, “Quantal response equilibrium-based strategies for intrusion detection in WSNs,” Mobile Information Systems, vol. 2015, Article ID 179839, 10 pages, 2015.
View at: Publisher Site | Google Scholar
R. Yang, C. Kiekintveld, F. Ordóñez, M. Tambe, and R. John, “Improving resource allocation strategies against human adversaries in security games: an extended study,” Artificial Intelligence, vol. 195, pp. 440–469, 2013.
View at: Google Scholar

Copyright

Copyright © 2023 Abdelkarim Ait Temghart et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Security and Communication Networks

Stackelberg Security Game for Optimizing Cybersecurity Decisions in Cloud Computing

Abstract

1. Introduction

2. Problem Statement

2.1. The Uncertainty of Cyber-Attacks

2.2. The Limit of Defense Mechanisms

3. Related Works

4. Game Theoretical Model for Cloud Threats

4.1. Stackelberg Game

4.2. The Expected Utility in Security Games

4.3. Equilibrium Analysis of Cloud Security

5. Secure Stackelberg Game-Based Models

5.1. COBRA Models

5.2. ORIGAMI Model

5.3. SU-BRQR Model

6. Proposed Model

6.1. Quantal Response

6.2. Modify Quantal Response (Mod-QR)

7. Experimental Results

8. Conclusions

Data Availability

Ethical Approval

Conflicts of Interest

References

Copyright