网络与信息安全学报 (Jun 2022)
Strategy of container migration and honeypot deployment based on signal game in cloud environment
Abstract
Multi-tenant coexistence and resource sharing in the SaaS cloud pose serious security risks.On the one hand, soft isolation of logical namespaces is easy to be bypassed or broken.On the other hand, it is easy to be subjected to co-resident attacks due to sharing of the host operating system and underlying physical resources.Therefore it poses a serious threat to data availability, integrity and confidentiality in the container cloud.Given the problem that SaaS cloud services are vulnerable to container escape and side-channel equivalent resident attack, network deception technology increases the uncertainty of the cloud environment and reduces the effectiveness of attack by hiding the business function and characteristic attributes of the executor.Aiming at the security threat caused by the co-resident attack, combining dynamic migration and virtual honeypot security technology, the economical and reasonable network deception method was studied.Specifically, a container migration and honeypot deployment strategy based on the signal game was proposed.According to the security threat analysis, container migration and honeypot were used as defense methods.The former improved the undetectability of the system based on the idea of moving to target defense, while the latter confused attackers by placing decoy containers or providing false services.Furthermore, since network reconnaissance was the pre-step of the network attack chain, the attack and defense process was modeled as a two-person signal game with incomplete information.The sender chose to release a signal according to his type, and the receiver could only obtain the signal released by the sender but could not determine the type.Then, a game tree was constructed for the complete but imperfect information dynamic game, and the costs and benefits of different strategy combinations were set.The optimal deception strategy was determined by equilibrium analysis of attack-defense model.Experimental results show that the proposed strategy can effectively improve system security.Besides, it can also reduce container migration frequency and defense cost.