Bandits in the Cloud: A Moving Target Defense Against Multi-Armed Bandit Attack Policies
The cloud is a very popular field in both business and computing right now, with many companies starting to move their data and operations into clouds hosted over the public Internet. Both the data stored on the hosts' servers and the operations on it are the customers' proprietary information, so they want assurance that their data will be safe, which makes the security of cloud computing critical for its adoption. Given the complexity of cloud systems, many different attack policies have been created, some of which are for the Multi-Armed Bandit (MAB) problem. In this thesis, we develop a set of Moving Target Defense (MTD) strategies that randomize the location of a cloud's Virtual Machines (VM) to counter attacks from a MAB policy and we assess through simulation the effect our defense has on a variety of MAB algorithms, showing that it can make them no more effective than a randomized attack policy. Additionally, we show the effect of the critical parameters (e.g. time between randomizations of VM locations, variance in the effectiveness of an attack, etc.) on the performance of our defense, and use a real OpenStack system to validate our defense strategy through the collection of migration times and VM down times for different VM memory loads.
Cloud, Security, Defense, Multi-armed bandit, Moving target defense, OpenStack
Penner, T. (2016). <i>Bandits in the cloud: A moving target defense against multi-armed bandit attack policies</i> (Unpublished thesis). Texas State University, San Marcos, Texas.