Shanshan Tu,Muhammad Waqas,Yuan Meng,Sadaqat Ur Rehman,Iftekhar Ahmad,Anis Koubaa,Zahid Halim,Muhammad Hanif,Chin-Chen Chang,Chengjie Shi

DOI: https://doi.org/10.1016/j.comcom.2020.06.019

IF: 5.047

2020-01-01

Computer Communications

Abstract:Each fog node interacts with data from multiple end-users in mobile fog computing (MFC) networks. Malicious users can use a variety of programmable wireless devices to launch different modes of smart attacks such as impersonation attack, jamming attack, and eavesdropping attack between fog servers and legitimate users. The existing research in MFC lacks in the contributions of defense of smart attack and also requires in the discussions of subjective decision making by participants. Therefore, we propose a smart attack defense scheme for authorized users in MFC in this paper. First, we construct a static zero-sum game model between smart attackers and legitimate users based on prospect theory. Second, the double Q-learning (DQL) is proposed to restrain the attack motive of smart attackers in the dynamic environment. The proposed DQL method generates the optimum defense choice of legitimate users against smart attacks so that they can efficiently determine whether to use only physical layer security (PLS) to avoid those smart attacks. We use our scheme to contrast with the basic schemes, i.e., Q-learning scheme, the Sarsa scheme, and the greedy strategy. Experiment results prove that the proposed scheme can enhance the utility of legitimate users, restrain the attack motive of smart attackers, and further provide better security protection in the MFC environment.

Yuan Meng,Shanshan Tu,Jinliang Yu,Fengming Huang

DOI: https://doi.org/10.1016/j.jvcir.2019.102656

IF: 2.887

2019-01-01

Journal of Visual Communication and Image Representation

Abstract:Fog computing is a technology that can expands the network computing mode of cloud computing and extends network computing from the network center to the network edge. It adds fog layer between cloud data center layer and Internet of Things (IoT) device layer, and provides data storage, processing, forwarding and other functions for devices using the network edge. In mobile fog computing (MFC) networks, fog nodes communicate with end users through wireless networks. Malicious users can choose different attack modes to attack legitimate users. There is a lack of research on the subjective choice of attack modes for malicious users in current work. To solve this problem, an intelligent attack defense scheme based on Double Q-learning (DQL) algorithm in MFC is proposed. Firstly, the security model involving malicious users in MFC is described. Based on Prospect Theory (PT), a static method of subjective zero-sum game between malicious users and legitimate users is constructed. Secondly, a dynamic subjective game scheme based on DQL algorithm is proposed to resist intelligent attacks. The simulation results show that compared with the Q-learning-based method for resisting intelligent attacks, the proposed method can enhance the security of MFC network and enhance the protection performance.

Yaguan Qian,Yankai Guo,Qiqi Shao,Jiamin Wang,Bin Wang,Zhaoquan Gu,Xiang Ling,Chunming Wu

DOI: https://doi.org/10.1145/3517806

2021-01-01

Abstract:Edge intelligence has played an important role in constructing smart cities, but the vulnerability of edge nodes to adversarial attacks becomes an urgent problem. A so-called adversarial example can fool a deep learning model on an edge node for misclassification. Due to the transferability property of adversarial examples, an adversary can easily fool a black-box model by a local substitute model. Edge nodes in general have limited resources, which cannot afford a complicated defense mechanism like that on a cloud data center. To address the challenge, we propose a dynamic defense mechanism, namely EI-MTD. The mechanism first obtains robust member models of small size through differential knowledge distillation from a complicated teacher model on a cloud data center. Then, a dynamic scheduling policy, which builds on a Bayesian Stackelberg game, is applied to the choice of a target model for service. This dynamic defense mechanism can prohibit the adversary from selecting an optimal substitute model for black-box attacks. We also conduct extensive experiments to evaluate the proposed mechanism, and results show that EI-MTD could protect edge intelligence effectively against adversarial attacks in black-box settings.

Shanshan Tu,Muhammad Waqas,Sadaqat Ur Rehman,Muhammad Aamir,Obaid Ur Rehman,Jianbiao Zhang,Chin-Chen Chang

DOI: https://doi.org/10.1109/access.2018.2884672

IF: 3.9

2018-01-01

IEEE Access

Abstract:Fog computing is an encouraging technology in the coming generation to pipeline the breach between cloud data centers and Internet of Things (IoT) devices. Fog computing is not a counterfeit for cloud computing but a persuasive counterpart. It also accredits by utilizing the edge of the network while still rendering the possibility to interact with the cloud. Nevertheless, the features of fog computing are encountering novel security challenges. The security of end users and/or fog nodes brings a major dilemma in the implementation of real life scenario. Although there are several works investigated in the security challenges, physical layer security (PLS) in fog computing is not investigated in the above. The distinctive and evolving IoT applications necessitate new security regulations, models, and evaluations disseminated at the network edge. Notwithstanding, the achievement of the current cryptographic solutions in the customary way, many aspects, i.e., system imperfections, hacking skills, and augmented attack, has upheld the inexorableness of the detection techniques. Hence, we investigate PLS that exploits the properties of channel between end user and fog node to detect the impersonation attack in fog computing network. Moreover, it is also challenging to achieve the accurate channel constraints between end user and fog node. Therefore, we propose Q-learning algorithm to attain the optimum value of test threshold in the impersonation attack. The performance of the propose scheme validates and guarantees to detect the impersonation attack accurately in fog computing networks.

Vaishali Kansal,Mayank Dave

DOI: https://doi.org/10.48550/arXiv.2012.01964

2020-12-03

Abstract:Distributed Denial of Service (DDoS) attacks are serious cyber attacks and mitigating DDoS attacks in cloud is a topic of ongoing research interest which remains a major security challenge. Fog computing is an extension of cloud computing which has been used to secure cloud. Moving Target Defense (MTD) is a newly recognized, proactive security defense that can be used to mitigate DDoS attacks on cloud. MTD intends to make a system dynamic in nature and uncertain by changing attack surface continuously to confuse attackers. In this paper, a novel DDoS mitigation framework is presented to support Cloud-Fog Platform using MTD technique (CFPM). CFPM applies migration MTD technique at fog layer to mitigate DDoS attacks in cloud. It detects attacker among all the legitimate clients proactively at the fog layer and isolate it from innocent clients. CFPM uses an effective request handling procedure for load balancing and attacker isolation procedure which aims to minimize disruption to cloud server as well as serving fog servers. In addition, effectiveness of CFPM is evaluated by analyzing the behavior of the system before and after attack, considering different possible scenarios. This approach is effective as it uses the advantage of both MTD technique and Fog computing paradigm supporting cloud environment.

Cryptography and Security

Shaohan Feng,Zehui Xiong,Dusit Niyato,Ping Wang

DOI: https://doi.org/10.1109/tcc.2019.2896632

IF: 5.697

2021-07-01

IEEE Transactions on Cloud Computing

Abstract:Fog computing has gained tremendous popularity due to its capability of addressing the surging demand on high-quality ubiquitous mobile services. Nevertheless, the highly virtualized environment in fog computing leads to vulnerability to cyber attacks such as advanced persistent threats. In this paper, we propose a novel game approach of cyber risk management for the fog computing platform. We adopt the cyber-insurance concept to transfer cyber risks from fog computing platform to a third party. The system model under consideration consists of three main entities, i.e., the fog computing provider, attacker, and cyber-insurer. The fog computing provider dynamically optimizes the allocation of its defense computing resources to improve the security of the fog computing platform which is composed of multiple fog nodes. Meanwhile, the attacker dynamically adjusts the allocation of its attack computing resources to increase the probability of successful attack. Additionally, to prevent from the potential loss due to the attacks, the provider also makes a dynamic decision on the subscription of cyber-insurance for each fog node. Thereafter, the cyber-insurer accordingly determines the premium of cyber-insurance for each fog node. To model this dynamic interactive decision making problem, we formulate a dynamic Stackelberg game. In the lower-level, we formulate an evolutionary subgame to analyze the provider's defense and cyber-insurance subscription strategies as well as the attacker's attack strategy. In the upper-level, the cyber-insurer optimizes its premium strategy, taking into account the evolutionary equilibrium at the lower-level evolutionary subgame. We analytically prove that the evolutionary equilibrium is unique and stable, and we investigate the Stackelberg equilibrium by capitalizing on tools from the optimal control theory. Moreover, we provide a series of insightful analytical and numerical results on the equilibrium -f the dynamic Stackelberg game.

computer science, information systems, theory & methods

Jialin Wan,Muhammad Waqas,Shanshan Tu,Syed Mudassir Hussain,Ahsan Shah,Sadaqat Ur Rehman,Muhammad Hanif

DOI: https://doi.org/10.32604/cmc.2021.016260

2021-01-01

Abstract:: Fog computing paradigm extends computing, communication, storage, and network resources to the network’s edge. As the fog layer is located between cloud and end-users, it can provide more convenience and timely services to end-users. However, in fog computing (FC), attackers can behave as real fog nodes or end-users to provide malicious services in the network. The attacker acts as an impersonator to impersonate other legitimate users. Therefore, in this work, we present a detection technique to secure the FC environment. First, we model a physical layer key generation based on wireless channel characteristics. To generate the secret keys between the legitimate users and avoid impersonators, we then consider a Double Sarsa technique to identify the impersonators at the receiver end. We compare our proposed Double Sarsa technique with the other two methods to validate our work, i.e., Sarsa and Q-learning. The simulation results demonstrate that the method based on Double Sarsa outperforms Sarsa and Q-learning approaches in terms of false alarm rate (FAR), miss detection rate (MDR), and average error rate (AER).

Minghui Min,Liang Xiao,Caixia Xie,Mohammad Hajimirsadeghi,Narayan B. Mandayam

DOI: https://doi.org/10.48550/arXiv.1801.06270

2018-01-19

Abstract:Advanced Persistent Threat (APT) attackers apply multiple sophisticated methods to continuously and stealthily steal information from the targeted cloud storage systems and can even induce the storage system to apply a specific defense strategy and attack it accordingly. In this paper, the interactions between an APT attacker and a defender allocating their Central Processing Units (CPUs) over multiple storage devices in a cloud storage system are formulated as a Colonel Blotto game. The Nash equilibria (NEs) of the CPU allocation game are derived for both symmetric and asymmetric CPUs between the APT attacker and the defender to evaluate how the limited CPU resources, the date storage size and the number of storage devices impact the expected data protection level and the utility of the cloud storage system. A CPU allocation scheme based on "hotbooting" policy hill-climbing (PHC) that exploits the experiences in similar scenarios to initialize the quality values to accelerate the learning speed is proposed for the defender to achieve the optimal APT defense performance in the dynamic game without being aware of the APT attack model and the data storage model. A hotbooting deep Q-network (DQN)-based CPU allocation scheme further improves the APT detection performance for the case with a large number of CPUs and storage devices. Simulation results show that our proposed reinforcement learning based CPU allocation can improve both the data protection level and the utility of the cloud storage system compared with the Q-learning based CPU allocation against APTs.

Cryptography and Security

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Minghui Min,Liang Xiao,Caixia Xie,Mohammad Hajimirsadeghi,Narayan B. Mandayam

DOI: https://doi.org/10.1109/icc.2017.7997103

2017-01-01

Abstract:An Advanced Persistent Threat (APT) attacker applies multiple sophisticated methods to continuously and stealthily attack targeted cyber systems. In this paper, the interactions between an APT attacker and a cloud system defender in their allocation of the Central Processing Units (CPUs) over multiple devices are formulated as a Colonel Blotto game (CBG), which models the competition of two players under given resource constraints over multiple battlefields. The Nash equilibria (NEs) of the CBG-based APT defense game are derived for the case with symmetric players and the case with asymmetric players each with different total number of CPUs. The expected data protection level and the utility of the defender are provided for each game at the NE. An APT defense strategy based on the policy hill-climbing (PHC) algorithm is proposed for the defender to achieve the optimal CPU allocation distribution over the devices in the dynamic defense game without being aware of the APT attack model. Simulation results have verified the efficacy of our proposed algorithm, showing that both the data protection level and the utility of the defender are improved compared with the benchmark greedy allocation algorithm.

Ke Gu,Yiming Zuo,Jingjing Tan,Bo Yin,Zheng Yang,Xiong Li

DOI: https://doi.org/10.1109/tnsm.2024.3509983

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:With the growing popularity of federated learning, the security of training models against backdoor attacks has become a key challenge. Existing defense schemes often fail to address the complexity and diversity of such attacks so as to make training models vulnerable. In this paper, we propose a comprehensive dual-layered model protection scheme for fog computing-based federated learning framework. In our scheme, we first introduce a multi-metric defense mechanism deployed on fog servers to defend against malicious backdoor attacks from edge devices. The proposed defense mechanism employs multiple detection indicators to simultaneously evaluate and detect gradient and model training attributes, so that the abnormal local gradients are identified effectively. Further, we construct a second-layered defense scheme deployed on aggregation servers to regularly monitor the participation status of fog servers, whose purpose is to detect the distribution of uploaded gradients and eliminate malicious gradients from compromised fog servers. Additionally, we design an adaptive gradient adjustment method to mitigate the influence of deleting malicious gradients on the global model training process. Experimental results show that our dual-layered model protection scheme can perform well against three type of backdoor attacks (BadNet, Blended and WaNet).

Kun Lv,Yun Chen,Changzhen Hu

DOI: https://doi.org/10.1016/j.inffus.2019.01.001

IF: 18.6

2019-01-01

Information Fusion

Abstract:Advanced persistent threats (APTs) pose a grave threat in cyberspace because of their long latency and concealment. In this paper, we propose a hybrid strategy game-based dynamic defense model to optimally allocate constrained secure resources for the target network. In addition, values of profits of players in this game are computed by a novel data-fusion method called NetF. Based on network protocols and log documents, the NetF deciphers data packets collected from different networks to natural language to make them comparable. Using this algorithm, data observed from the Internet and wireless sensor networks (WSNs) can be fused to calculate the comprehensive payoff of every node precisely. The Nash equilibrium can be computed using the value to detect the possibility of a node being a malicious node. Using this method, the dynamic optimal defense strategy can be allocated to every node at different times, which enhances the security of the target network obviously. In experiments, we illustrate the obtained results via case studies of a cluster of heterogeneous networks. The results guide planning of optimal defense strategies for different kinds of nodes at different times.

Tian Wang,Jiyuan Zhou,Minzhe Huang,Zakirul Alam Bhuiyan,Anfeng Liu,Wenzheng Xu,Mande Xie

DOI: https://doi.org/10.1016/j.future.2017.12.036

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:The recent emergence of cloud computing has drastically influenced everyone’s perception of infrastructure architectures, data transmission and other aspects. With the advent of both mobile networks and cloud computing, the computationally-intensive services are moving to the cloud, and the end user’s mobile device is used as an interface to access these services. However, cyber threats are also becoming various and sophisticated, which will endanger the security of users’ private data. In traditional service mode, users’ data is totally stored in the cloud, they lose the right of control on their data and face cyber threats such as data loss and malicious modification. To this end, we propose a novel cloud storage scheme based on fog computing. In our scheme, user’s private data is separately stored in the cloud and fog servers. By this way, the integrity, availability and confidentiality of user’s data can be ensured because the data is retrieved from cloud as well as fog, which is safer. We implement a system prototype and design a series of mechanisms. Extensive experiments results also validate the proposed scheme and methods.

Huanhuan Yuan,Yuanqing Xia,Jinhui Zhang,Hongjiu Yang,Magdi S. Mahmoud

DOI: https://doi.org/10.1109/tii.2019.2925035

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:In this paper, the security problem for a cloud control system (CCS) is studied. In the CCS, so-called advanced persistent threats (APTs) can be launched by a malicious attacker to reduce the quality of service of cloud and deteriorate the system performance further. To defend against APTs and create a security as a service scheme, a defender needs to allocate defense resource to different units serving to different plants for improving the overall system performance when the CCS accommodates multiple physical plants simultaneously. After observing the defender's action, the attacker decides which serve units to comprise. Considering that both defender and attacker are subject to resource constraints, the interaction of two sides is modeled by a Stackelberg game. The optimal solutions for two players under different types of budget constraints are investigated. Simulation examples and comparison results are provided to verify the main results of this paper.

Ankur Chowdhary,Sailik Sengupta,Adel Alshamrani,Dijiang Huang,Abdulhakim Sabur

DOI: https://doi.org/10.1109/iccnc.2019.8685647

2019-02-01

Abstract:Large scale cloud networks consist of distributed networking and computing elements that process critical information and thus security is a key requirement for any environment. Unfortunately, assessing the security state of such networks is a challenging task and the tools used in the past by security experts such as packet filtering, firewall, Intrusion Detection Systems (IDS) etc., provide a reactive security mechanism. In this paper, we introduce a Moving Target Defense (MTD) based proactive security framework for monitoring attacks which lets us identify and reason about multi-stage attacks that target software vulnerabilities present in a cloud network. We formulate the multi-stage attack scenario as a two-player zero-sum Markov Game (between the attacker and the network administrator) on attack graphs. The rewards and transition probabilities are obtained by leveraging the expert knowledge present in the Common Vulnerability Scoring System (CVSS). Our framework identifies an attacker’s optimal policy and places countermeasures to ensure that this attack policy is always detected, thus forcing the attacker to use a sub-optimal policy with higher cost.

Sengathir Janakiraman,M. Deva Priya

DOI: https://doi.org/10.1007/s11277-023-10407-2

IF: 2.017

2023-04-26

Wireless Personal Communications

Abstract:Cloud computing is supported by Fog computing paradigm for achieving local data investigation at edge devices by offering storage support, infrastructure, computing and network facilities to end users. Availability is considered as the important security requirement for facilitating disruptive utilization of on-demand cloud service for diverse client applications. Seamless services of clouds are hindered by Distributed Denial of Service (DDoS) attacks in a cloud computing environment. In this paper, Deep Reinforcement Learning (DRL) and Long Short Term Memory (LSTM)-based DDoS attack mitigation scheme is propounded for handling the impacts of DDoS attacks in fog-assisted cloud computing environment. In the proposed scheme, Software Defined Network (SDN) is utilized for deploying defense module in the SDN controller for the purpose of identifying anomalous characteristics of DDoS attack in transport or network layer. It aids in filtering and forwarding legitimate packets by performing network traffic analysis while circumventing attacks caused by infected packets.

telecommunications

Yi-xi Xie,Li-xin Ji,Ling-shu Li,Zehua Guo,Thar Baker

DOI: https://doi.org/10.1080/09540091.2020.1832960

2020-01-01

Connection Science

Abstract:The expansion of information technology infrastructure is encountered with Advanced Persistent Threats (APTs), which can launch data destruction, disclosure, modification, and/or Denial of Service attacks by drawing upon vulnerabilities of software and hardware. Moving Target Defense (MTD) is a promising risk mitigation technique that replies to APTs via implementing randomisation and dynamic strategies on compromised assets. However, some MTD techniques adopt the blind random mutation, which causes greater performance overhead and worse defense utility. In this paper, we formulate the cyber-attack and defense as a dynamic partially observable Markov process based on dynamic Bayesian inference. Then we develop an Inference-Based Adaptive Attack Tolerance (IBAAT) system , which includes two stages. In the first stage, a forward–backward algorithm with a time window is employed to perform a security risk assessment. To select the defense strategy, in the second stage, the attack and defense process is modelled as a two-player general-sum Markov game and the optimal defense strategy is acquired by quantitative analysis based on the first stage. The evaluation shows that the proposed algorithm has about 10% security utility improvement compared to the state-of-the-art.

Xiao Zheng,Mingchu Li,Syed Bilal Hussain Shah,Dinh-Thuan Do,Yuanfang Chen,Constandinos X. Mavromoustakis,George Mastorakis,Evangelos Pallis

DOI: https://doi.org/10.1145/3458931

IF: 5.3

2022-01-01

ACM Transactions on Internet Technology

Abstract:The implementation of a variety of complex and energy-intensive mobile applications by resource-limited mobile devices (MDs) is a huge challenge. Fortunately, mobile edge computing (MEC) as a new computing paragon can offer rich resources to perform all or part of the MD’s task, which greatly reduces the energy consumption of the MD and improves the quality of service (QoS) for applications. However, offloading tasks to the edge server is vulnerable to attacks such as tampering and snooping, resulting in a deep learning (DL) security feature developed by major cloud service providers. An effective security strategy method to minimize ongoing attacks in the MEC setting is proposed. The algorithm is based on the synthetic principle of a special set of strategies, and it can quickly construct suboptimal solutions even if the number of targets achieves hundreds of millions. In addition, for a given structure and a given number of patrollers, the upper bound of the protection level can be obtained, and the lower bound required for a given protection level can also be inferred. These bounds apply to universal strategies. By comparing with the previous three basic experiments, it can be proved that our algorithm is better than the previous ones in terms of security and running time.

Xiaofan Zhou,Simon Yusuf Enoch,Dong Seong Kim

DOI: https://doi.org/10.48550/arXiv.2207.05436

2022-07-12

Cryptography and Security

Abstract:It is challenging for a security analyst to detect or defend against cyber-attacks. Moreover, traditional defense deployment methods require the security analyst to manually enforce the defenses in the presence of uncertainties about the defense to deploy. As a result, it is essential to develop an automated and resilient defense deployment mechanism to thwart the new generation of attacks. In this paper, we propose a framework based on Markov Decision Process (MDP) and Q-learning to automatically generate optimal defense solutions for networked system states. The framework consists of four phases namely; the model initialization phase, model generation phase, Q-learning phase, and the conclusion phase. The proposed model collects real network information as inputs and then builds them into structural data. We implement a Q-learning process in the model to learn the quality of a defense action in a particular state. To investigate the feasibility of the proposed model, we perform simulation experiments and the result reveals that the model can reduce the risk of network systems from cyber attacks. Furthermore, the experiment shows that the model has shown a certain level of flexibility when different parameters are used for Q-learning.

Yuming Feng,Weizhe Zhang,Zijun Feng,Xiaoxiong Zhong,Fangming Liu

DOI: https://doi.org/10.1109/iwqos61813.2024.10682921

2024-01-01

Abstract:The widespread deployment of low-cost, vulnerable IoT devices allows attackers to exploit them to generate botnets and launch distributed denial-of-service (DDoS) attacks, which has become a serious security challenge for ensuring quality of service (QoS). For cost-effective defense against DDoS, we propose a novel hybrid defense method that includes proactive moving target defense (MTD) and passive security control to resist DDoS threats at different stages in IoT networks in this paper. We construct a multi-stage Markov game model to portray the game as a competition between the attacker and the defender for the control duration of the attack surface, and design an optimal defense strategy algorithm. In particular, we introduce a new parameter of action execution interval expectation in the game and add node importance evaluation in the reward quantification so that the optimal action execution interval of each defense technique can be output. We also consider the possibility that advanced attackers may launch DDoS on the SDN controller in the game. The experimental results demonstrate that our proposed method can defend against DDoS cost-effectively and ensure the QoS in IoT networks with acceptable overhead.