Attack Surface Expansion Using Decoys to Protect Virtualized Infrastructure

Tulha Hasan Al-Salah, Tennessee State University

Abstract

As cloud services using the virtualized technique are emerging and developing rapidly, security and protection of cloud services become vital issues and pose significant challenges. Most research efforts focus on reducing the attack surface observed by the external attackers, which is an impractical solution for a complex system like virtualized infrastructure. In cyber defense, Moving Target Defense (MTD) that continuously changes system’s attack surface is a promising technique that increases complexity and cost for attackers, limits the exposure of vulnerabilities and opportunities for attack, and improve system resiliency. Apparently, when it comes to IT security, the risk of an attack can never be eliminated, but with MTD, the security of the virtualized infrastructure can be enhanced by expanding the attack surface that can be observed by external attackers through deploying a number of Decoy Virtual Machines (DVMs). In this research, to deceive the attackers and waste their time and efforts, three attack surface expansion approaches for MTD are proposed. These three approaches provide different protection capability with different system complexity by using DVMs that co-exist with the real virtual machines in the same physical host. The probability that the external attacker successfully exploits the valid assets and the optimum cost of deploying decoys to protect that assets are theoretically analyzed. Simulation results show the attackers’ success rate can be significantly reduced by adding DVMs and the greater the knowledge about the attackers’ capability, the better protection the proposed approaches can provide. Simulation results also show the optimum decoy deployment scheme and a cost reduction scheme to provide extensive flexibility to the IT staff staffs in choosing the best security schemes to secure the virtualized infrastructure.

Subject Area

Computer Engineering|Computer science

Recommended Citation

Tulha Hasan Al-Salah, "Attack Surface Expansion Using Decoys to Protect Virtualized Infrastructure" (2017). ETD Collection for Tennessee State University. Paper AAI10641461.
https://digitalscholarship.tnstate.edu/dissertations/AAI10641461

Share

COinS