An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud

Alavizadeh, Hooman; Alavizadeh, Hootan; Kim, Dong-Seong; Jang-Jaccard, Julian; Torshiz, Masood Niazi

doi:10.1007/978-3-030-40921-0_9

Cited by 6 publications

(5 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For future work, we plan to deploy our proposed method on a realistic cloud-based environment [36,37] to enable the DQL agent to improve its self-learning capabilities and classify the threats with high accuracy in a real-time manner. We plan to apply our proposed model in improving the self-learning capabilities in detecting Android-based malware [38] and ransomware [39] to test the generalizability and practicability of our model.…”

Section: Discussionmentioning

confidence: 99%

Deep Q-Learning Based Reinforcement Learning Approach for Network Intrusion Detection

2022

Self Cite

View full text Add to dashboard Cite

The rise of the new generation of cyber threats demands more sophisticated and intelligent cyber defense solutions equipped with autonomous agents capable of learning to make decisions without the knowledge of human experts. Several reinforcement learning methods (e.g., Markov) for automated network intrusion tasks have been proposed in recent years. In this paper, we introduce a new generation of the network intrusion detection method, which combines a Q-learning based reinforcement learning with a deep feed forward neural network method for network intrusion detection. Our proposed Deep Q-Learning (DQL) model provides an ongoing auto-learning capability for a network environment that can detect different types of network intrusions using an automated trial-error approach and continuously enhance its detection capabilities. We provide the details of fine-tuning different hyperparameters involved in the DQL model for more effective self-learning. According to our extensive experimental results based on the NSL-KDD dataset, we confirm that the lower discount factor, which is set as 0.001 under 250 episodes of training, yields the best performance results. Our experimental results also show that our proposed DQL is highly effective in detecting different intrusion classes and outperforms other similar machine learning approaches.

show abstract

Section: Discussionmentioning

confidence: 99%

Deep Q-Learning Based Reinforcement Learning Approach for Network Intrusion Detection

2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…Vulnerability scanning tools can scan network devices and software as well as cloud infrastructure to reveal configuration errors, unpatched and vulnerable devices, and known vulnerabilities [4,6]. SA can leverage the data collected from vulnerability scanning tools for more analysis.…”

Section: Vulnerability and Network Discoverymentioning

confidence: 99%

A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights

Alavizadeh¹,

Jang-Jaccard²,

Enoch³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats, analyzing and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights and limitations of this study and suggest some future work directions to address the limitations.

show abstract

“…This phase consists of two steps: (1) cloud scanning that includes network and vulnerability scanning, and (2) model creation using HARM. The details of generating HARM is given in [11]. Cloud scanning phase uses OpenStack APIs to collect the required information such as the number of VMs, Hosts, Connectivity of VMs, etc.…”

Section: A Situation Perception Using Security Modelingmentioning

confidence: 99%

“…Cloud scanning phase uses OpenStack APIs to collect the required information such as the number of VMs, Hosts, Connectivity of VMs, etc. Moreover, it captures the vulnerabilities existing on each VMs through Nessus tool and APIs to automatically obtain the scan reports [11]. The main results of the first phase are a set of VMs and the reachabilities of them, and a set of vulnerabilities (V) existing on each VM.…”

Section: A Situation Perception Using Security Modelingmentioning

confidence: 99%

“…For instance, deploying VM-LM can improve cloud's security, decrease risk and attack success probability, and thwart VM co-residency attacks [9], [10]. However, VM-LM technique is usually restricted for cloud users and can only be performed by the cloud providers due to load balancing and security consideration of the cloud providers [11]. As VM-LM can not be performed directly by the clients, alternatively, the security experts of the organisations can send a request to the cloud providers to deploy the requested defensive strategy.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Situation Awareness Monitoring and Proactive Response for Enterprises on the Cloud

Alavizadeh

Jang-Jaccard

2020

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Self Cite

View full text Add to dashboard Cite

The cloud model allows many enterprises able to outsource computing resources at an affordable price without having to commit the expense upfront. Although the cloud providers are responsible for the security of the cloud, there are still many security concerns due to inherently complex model the cloud providers operate on (e.g.,multi-tenancy). In addition, the enterprises whose services have migrated into the cloud have a preference for their own cybersecurity situation awareness capability on top of the security mechanisms provided by the cloud providers. In this way, the enterprises can monitor the performance of the security offerings of the cloud and have a choice to decide and select potential response strategies more appropriate to the enterprise in the presence of the attack where the defense provided by the cloud doesn't work for them. However, some response strategies, such as Moving Target Defense (MTD) techniques shown to be effective to secure cloud, cannot be deployed by the enterprise themselves. In this paper, we propose a framework that enables better collaboration between enterprises and cloud providers. Our proposed framework, which offers more in-depth security analysis based on the set of most advanced security metrics, allows the security experts of the enterprise to obtain better situational awareness in the cloud. With better and more effective situation awareness of cloud security, our framework can support better decision making and further allows to deploy more appropriate threat responses to protect the outsourced resources. We also propose a secure protocol which can facilitate more secure communication between the enterprises and cloud provider. Using our proposed secure protocol, which is based on authentication and key exchange mechanism, the enterprises can send a secure request to the cloud provider to perform a selected defensive strategy.

show abstract

An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud

Cited by 6 publications

References 23 publications

Deep Q-Learning Based Reinforcement Learning Approach for Network Intrusion Detection

Deep Q-Learning Based Reinforcement Learning Approach for Network Intrusion Detection

A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights

Cyber Situation Awareness Monitoring and Proactive Response for Enterprises on the Cloud

Contact Info

Product

Resources

About