A Game Theoretic Model for Security in Cloud Environment

Abstract

Cloud computing has become an increasingly popular technology for businesses and individuals. With the ability to store and access data and applications from any location with an internet connection, the benefits of cloud computing are numerous. However, security remains a significant concern for many organizations utilizing cloud services. The primary security risks associated with cloud computing include external and internal attacks. External attacks occur due to unauthenticated access to sensitive data, insecure Application Programming In terfaces, and misconfiguration of security settings and can lead to loss of control over data and systems. Another critical component of cloud security is managing access to data and applications, which can cause internal attacks. This involves controlling who has access to what data and what actions they are allowed to take with that data. These can lead to regular attacks like Denial of Services, Brute force, malware injection, ransomware etc. New and sophisticated attacks can be performed, which makes cloud providers very difficult to secure cloud resources. To mitigate these risks, cloud service providers implement robust security mea sures such as encryption, authentication, and access controls and maintain high vigilance against potential threats. Also, Intrusion Detection System (IDS) is widely used to detect security attacks. The techniques like Machine Learning (ML), Deep Learning (DL) are used to enhance the accuracy of the IDS. But maintaining security in wide networks such as the cloud is very tedious. So, to en hance the security of the cloud further, the behavior of the attacker and defender can be analyzed. To model the interactions between the attacker and defender, Game Theory can be used. This mathematical framework allows researchers to analyze and address the complex security challenges, and the optimal strategies for each side in a given security scenario can be delineated. Taking into account factors such as the costs of launching an attack, the likelihood of success, and the consequences of a successful attack can provide valuable insights into the strengths and weaknesses of different security measures and inform the development of effective security policies and technologies. To overcome the above-mentioned challenges, in this thesis, four different. game-theoretic models are proposed and developed, namely Game Theoretic Model for Cloud Security (GTM-CSec), Bayesian Optimized Game Theoretic Approach (BOGTA), Game Theoretic Approach to enhance IDS detection(GTA-IDS), and Non-Cooperative Game Theoretic Model (NCGTM). (GTM-CSec) is developed to vii defend the external attacks. This is the first model and it is modeled between the attacker and the defender competing against each other to gain maximum payoff. Different strategies for both players are delineated, and a mixed strategy Nash Equilibrium is attained to conclude the game. The payoffs of the attacker and defender are analyzed and compared. Out of the different strategies available for defenders, it chooses the best one to defend against the attack.To increase the efficiency of GTM-CSec Model and to increase the accuracy of the IDS, a second model is devised namely BOGTA. It covers every possibility of working on three modules (signature, anomaly, or honeypot) of the defender system in a single cycle with the graphical Game Theory method that reduces the model’s time complexity. To optimize the IDS to a greater extent, a Bayesian Optimised DNN is used, and hyperparameter tuning is also done. Three different datasets for different detection modules are considered to train and test the IDS. The results show that BOGTA has taken significantly less time to decide than GTM-CSec and performed well with an improvement of 9.66%, 3.75%, and 4.16% in detection rates of the signature, anomaly, and honeypot modules, respectively. The accuracy is increased by 10.29%, 2.1%, and 3.41%, and the False Positive Rate (FPR) is reduced to 0.01%, 0.026%, and 0.138% for the three modules. The higher values of the detection rate and lower values of the FPR depict the adequate performance of BOGTA. The third model, GTA-IDS is devised to detect internal attacks, in which information theory is used along with the game theory. In this model, the information theory tracks the abnormal traffic flow and is sent to the GTA-IDS for further analysis. A game is modeled between the malicious node and the defender system. Different strategies for both players are also delineated, and a mixed strategy Nash Equilibrium is attained to conclude the game. The model is implemented on a benchmark real-time NSL-KDD dataset to check the detection rate and FPR of the defender system. With the addition of the GTA-IDS module, the detection rate of the IDS comes to be 99.5%, and FPR comes to be 0.07% which is better than the existing models like KNN, CNN etc.. The fourth model namely NCGTM is devised to enhance the decision-making process of the hybrid IDS which uses signature-based, anomaly-based, and a hybrid of signature and anomaly-based modules. The Attacker’s strategies are analyzed against the strategies of the IDS to make better predictions. Different machine learning models train the IDS to increase its detection rate. The NCGTM is tested on a real-time dataset and compared with the existing models. The overall performance of the IDS improves with a higher detection rate of 99% and a lower FPR of 0.01. The proposed models incorporate the interactions between the attacker and the defender, who have conflicting goals of maximizing their profits. The models analyze the optimal strategies for both players, the consequences of security breaches, and the incentives for cooperation and competition. The Machine Learning and Deep Learning techniques enhance the accuracy, detection rate and lower the FPR of the IDS. The results obtained from the four proposed models show improvement in the security of cloud services.