Bandits in the Cloud: A Moving Target Defense Against Multi-Armed Bandit Attack Policies

Date

2016-05

Authors

Penner, Terrence

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

The cloud is a very popular field in both business and computing right now, with many companies starting to move their data and operations into clouds hosted over the public Internet. Both the data stored on the hosts' servers and the operations on it are the customers' proprietary information, so they want assurance that their data will be safe, which makes the security of cloud computing critical for its adoption. Given the complexity of cloud systems, many different attack policies have been created, some of which are for the Multi-Armed Bandit (MAB) problem. In this thesis, we develop a set of Moving Target Defense (MTD) strategies that randomize the location of a cloud's Virtual Machines (VM) to counter attacks from a MAB policy and we assess through simulation the effect our defense has on a variety of MAB algorithms, showing that it can make them no more effective than a randomized attack policy. Additionally, we show the effect of the critical parameters (e.g. time between randomizations of VM locations, variance in the effectiveness of an attack, etc.) on the performance of our defense, and use a real OpenStack system to validate our defense strategy through the collection of migration times and VM down times for different VM memory loads.

Description

Keywords

Cloud, Security, Defense, Multi-armed bandit, Moving target defense, OpenStack

Citation

Penner, T. (2016). <i>Bandits in the cloud: A moving target defense against multi-armed bandit attack policies</i> (Unpublished thesis). Texas State University, San Marcos, Texas.

Rights

Rights Holder

Rights License

Rights URI