ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2017, Vol. 54 ›› Issue (10): 2344-2355.doi: 10.7544/issn1000-1239.2017.20170433

Previous Articles     Next Articles

Advanced Persistent Threats Detection Game with Expert System for Cloud

Hu Qing1,2, Lü Shichao1,2, Shi Zhiqiang1,2, Sun Limin1,2, Xiao Liang3   

  1. 1(School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049); 2(Beijing Key Laboratory of IOT Information Security Technology (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093); 3(Department of Communication Engineering, Xiamen University, Xiamen, Fujian 361005)
  • Online:2017-10-01

Abstract: Cloud computing systems are under threaten of advanced persistent threats (APT). It is hard for an autonomous detector to discover APT attacks accurately. The expert system (ES)can help to reduce detection errors via double-checking suspicious behaviors. However, it takes an extended period of time for the ES to recheck, which may lead to a defense delay. Besides, the ES makes mistakes too. In this paper, we discuss the necessity of the ES to participate in APT detection and defense for a cloud computing system by game theory, based on the consideration of miss detection rates and false alarm rates of both the APT detector and the ES. The ES-based APT detection method is designed, and the ES-APT game between an APT attacker and a defender is formulated. We derive its Nash equilibrium and analyze how the ES enhances the security of the cloud computing system. Also, the dynamic game is studied, in case that the APT attack model is unknowable. We present a reinforcement learning scheme for the cloud computing system with ES to get the optimal strategy. Simulation results show that, with the knowledge of the ES, both the defenders utility and the cloud computing systems security are improved compared with benchmark schemes.

Key words: advanced persistent threats (APT), cloud security, expert system (ES), game theory, reinforcement learning

CLC Number: