The container-based cloud has its distinct security challenges. In this article, moving target defense (MTD) is used to increase the cost and effort of the attacker to exploit resources and follow an attack path to compromise the critical resources in a container-based cloud. The existing MTD mechanisms for cloud have not focused on intruder prevention inside containerized environment. The proposed solution is one of its kind that utilizes resource movement inside and across the virtual private network in the cloud to deceive intruders. The framework continuously changes the target/container to increase confusion about the routing path, so attackers cannot follow the simple attack path. This obscure cloud architecture increases the delay in attack and gives system/network administrators significant time to use Intrusion Detection mechanisms for countering the attack. The proposed scheme is implemented on the Google Cloud Platform (GCP) by using an extensive network of nodes hosting the stateful pods that are created and destroyed periodically. The experimental analysis confirmed that the proposed scheme substantially increased the attack path length and added obscurity at a low computation cost. However, as per experiments, implementing the proposed scheme in GCP slightly increases the dollar cost.
K E Y W O R D Scontainerization, intrusion attacks, Kubernetes, moving target defense, virtual private cloud
INTRODUCTIONContainerize technology has been introduced as an alternative to virtualization technology (VM). In the last few years, 1 the approach to set up the application in a container then the VM was widely accepted by companies around the world and adopted in the cloud environment. This containerized technology provides many benefits like lightweight, short startup time, and lower virtualization overhead. 2,3 In a cloud environment, the remote code execution attack is used to exploit the network for delivering the payload (malicious code) to the host OS. The attacker used some JavaScript-based code to exploit the vulnerable application to modify the authentication policy and gain access to the host operating system. The remote code execution method is harmful where the attacker scans for the target within the cloud virtual network.The attacker compromises the edge host facing the public Internet to get access and scan for other hosts within that virtual network. From that compromise entry point, attacker performs a series of attacks to search for the asset and follow the simple attack path to reach the target which is normally a database server. Which in most scenarios are isolated from the public Internet. The attacker repeats the attacks to find the path toward the target to reach the target server. 4 In a cloud network architecture, the successful attack requires only a few steps to reach from the edge host to Muhammad Faraz Hyder, Waqas Ahmed, and Maaz Ahmed contributed equally to this study.
