Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense
Summary The container‐based cloud has its distinct security challenges. In this article, moving target defense (MTD) is used to increase the cost and effort of the attacker to exploit resources and follow an attack path to compromise the critical resources in a container‐based cloud. The existing MT...
Gespeichert in:
| Veröffentlicht in: | Concurrency and computation 2023-02, Vol.35 (5), p.n/a |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | n/a |
|---|---|
| container_issue | 5 |
| container_start_page | |
| container_title | Concurrency and computation |
| container_volume | 35 |
| creator | Hyder, Muhammad Faraz Ahmed, Waqas Ahmed, Maaz |
| description | Summary
The container‐based cloud has its distinct security challenges. In this article, moving target defense (MTD) is used to increase the cost and effort of the attacker to exploit resources and follow an attack path to compromise the critical resources in a container‐based cloud. The existing MTD mechanisms for cloud have not focused on intruder prevention inside containerized environment. The proposed solution is one of its kind that utilizes resource movement inside and across the virtual private network in the cloud to deceive intruders. The framework continuously changes the target/container to increase confusion about the routing path, so attackers cannot follow the simple attack path. This obscure cloud architecture increases the delay in attack and gives system/network administrators significant time to use Intrusion Detection mechanisms for countering the attack. The proposed scheme is implemented on the Google Cloud Platform (GCP) by using an extensive network of nodes hosting the stateful pods that are created and destroyed periodically. The experimental analysis confirmed that the proposed scheme substantially increased the attack path length and added obscurity at a low computation cost. However, as per experiments, implementing the proposed scheme in GCP slightly increases the dollar cost. |
| doi_str_mv | 10.1002/cpe.7549 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2766830131</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2766830131</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2549-7f7372e6118bcefecf02ed71235c4b5adec34247c41faf36c58fdc11ca44ecbf3</originalsourceid><addsrcrecordid>eNp1kM1KAzEUhYMoWKvgIwTcuJmav5mpSyn1Bwq6qOshk7mpqdOkJpmWuhJ8AZ_RJzE64s5Vbi7fuYdzEDqlZEQJYRdqDaMyF5d7aEBzzjJScLH_N7PiEB2FsCSEUsLpAL3P3Vb6BjegwGyMXeD4BNjY6LtgnMUyRqmeQ9pg5WyUxoI3r9Bg1bquwWA3xju7AhtxEiR5-sdOtnjtzUZG6LnPt49ahqRaud5D-gXEZKrBBjhGB1q2AU5-3yF6vJ7OJ7fZ7P7mbnI1yxRLgbJSl7xkUFA6rlVSKk0YNCVlPFeizmWKwAUTpRJUS80LlY91oyhVUghQteZDdNbfXXv30kGI1dJ13ibLipVFMeaEcpqo855S3oXgQVcpykr6XUVJ9V1xlSquvitOaNajW9PC7l-umjxMf_gvcl2CLA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2766830131</pqid></control><display><type>article</type><title>Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense</title><source>Wiley Online Library Journals Frontfile Complete</source><creator>Hyder, Muhammad Faraz ; Ahmed, Waqas ; Ahmed, Maaz</creator><creatorcontrib>Hyder, Muhammad Faraz ; Ahmed, Waqas ; Ahmed, Maaz</creatorcontrib><description>Summary
The container‐based cloud has its distinct security challenges. In this article, moving target defense (MTD) is used to increase the cost and effort of the attacker to exploit resources and follow an attack path to compromise the critical resources in a container‐based cloud. The existing MTD mechanisms for cloud have not focused on intruder prevention inside containerized environment. The proposed solution is one of its kind that utilizes resource movement inside and across the virtual private network in the cloud to deceive intruders. The framework continuously changes the target/container to increase confusion about the routing path, so attackers cannot follow the simple attack path. This obscure cloud architecture increases the delay in attack and gives system/network administrators significant time to use Intrusion Detection mechanisms for countering the attack. The proposed scheme is implemented on the Google Cloud Platform (GCP) by using an extensive network of nodes hosting the stateful pods that are created and destroyed periodically. The experimental analysis confirmed that the proposed scheme substantially increased the attack path length and added obscurity at a low computation cost. However, as per experiments, implementing the proposed scheme in GCP slightly increases the dollar cost.</description><identifier>ISSN: 1532-0626</identifier><identifier>EISSN: 1532-0634</identifier><identifier>DOI: 10.1002/cpe.7549</identifier><language>eng</language><publisher>Hoboken: Wiley Subscription Services, Inc</publisher><subject>Cloud computing ; Computer architecture ; containerization ; Containers ; intrusion attacks ; Intrusion detection systems ; Kubernetes ; moving target defense ; Moving targets ; Time of use ; virtual private cloud ; Virtual private networks</subject><ispartof>Concurrency and computation, 2023-02, Vol.35 (5), p.n/a</ispartof><rights>2022 John Wiley & Sons, Ltd.</rights><rights>2023 John Wiley & Sons, Ltd.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c2549-7f7372e6118bcefecf02ed71235c4b5adec34247c41faf36c58fdc11ca44ecbf3</cites><orcidid>0000-0001-8904-1615</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://onlinelibrary.wiley.com/doi/pdf/10.1002%2Fcpe.7549$$EPDF$$P50$$Gwiley$$H</linktopdf><linktohtml>$$Uhttps://onlinelibrary.wiley.com/doi/full/10.1002%2Fcpe.7549$$EHTML$$P50$$Gwiley$$H</linktohtml><link.rule.ids>314,776,780,1411,27901,27902,45550,45551</link.rule.ids></links><search><creatorcontrib>Hyder, Muhammad Faraz</creatorcontrib><creatorcontrib>Ahmed, Waqas</creatorcontrib><creatorcontrib>Ahmed, Maaz</creatorcontrib><title>Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense</title><title>Concurrency and computation</title><description>Summary
The container‐based cloud has its distinct security challenges. In this article, moving target defense (MTD) is used to increase the cost and effort of the attacker to exploit resources and follow an attack path to compromise the critical resources in a container‐based cloud. The existing MTD mechanisms for cloud have not focused on intruder prevention inside containerized environment. The proposed solution is one of its kind that utilizes resource movement inside and across the virtual private network in the cloud to deceive intruders. The framework continuously changes the target/container to increase confusion about the routing path, so attackers cannot follow the simple attack path. This obscure cloud architecture increases the delay in attack and gives system/network administrators significant time to use Intrusion Detection mechanisms for countering the attack. The proposed scheme is implemented on the Google Cloud Platform (GCP) by using an extensive network of nodes hosting the stateful pods that are created and destroyed periodically. The experimental analysis confirmed that the proposed scheme substantially increased the attack path length and added obscurity at a low computation cost. However, as per experiments, implementing the proposed scheme in GCP slightly increases the dollar cost.</description><subject>Cloud computing</subject><subject>Computer architecture</subject><subject>containerization</subject><subject>Containers</subject><subject>intrusion attacks</subject><subject>Intrusion detection systems</subject><subject>Kubernetes</subject><subject>moving target defense</subject><subject>Moving targets</subject><subject>Time of use</subject><subject>virtual private cloud</subject><subject>Virtual private networks</subject><issn>1532-0626</issn><issn>1532-0634</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNp1kM1KAzEUhYMoWKvgIwTcuJmav5mpSyn1Bwq6qOshk7mpqdOkJpmWuhJ8AZ_RJzE64s5Vbi7fuYdzEDqlZEQJYRdqDaMyF5d7aEBzzjJScLH_N7PiEB2FsCSEUsLpAL3P3Vb6BjegwGyMXeD4BNjY6LtgnMUyRqmeQ9pg5WyUxoI3r9Bg1bquwWA3xju7AhtxEiR5-sdOtnjtzUZG6LnPt49ahqRaud5D-gXEZKrBBjhGB1q2AU5-3yF6vJ7OJ7fZ7P7mbnI1yxRLgbJSl7xkUFA6rlVSKk0YNCVlPFeizmWKwAUTpRJUS80LlY91oyhVUghQteZDdNbfXXv30kGI1dJ13ibLipVFMeaEcpqo855S3oXgQVcpykr6XUVJ9V1xlSquvitOaNajW9PC7l-umjxMf_gvcl2CLA</recordid><startdate>20230228</startdate><enddate>20230228</enddate><creator>Hyder, Muhammad Faraz</creator><creator>Ahmed, Waqas</creator><creator>Ahmed, Maaz</creator><general>Wiley Subscription Services, Inc</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0001-8904-1615</orcidid></search><sort><creationdate>20230228</creationdate><title>Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense</title><author>Hyder, Muhammad Faraz ; Ahmed, Waqas ; Ahmed, Maaz</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2549-7f7372e6118bcefecf02ed71235c4b5adec34247c41faf36c58fdc11ca44ecbf3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Cloud computing</topic><topic>Computer architecture</topic><topic>containerization</topic><topic>Containers</topic><topic>intrusion attacks</topic><topic>Intrusion detection systems</topic><topic>Kubernetes</topic><topic>moving target defense</topic><topic>Moving targets</topic><topic>Time of use</topic><topic>virtual private cloud</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Hyder, Muhammad Faraz</creatorcontrib><creatorcontrib>Ahmed, Waqas</creatorcontrib><creatorcontrib>Ahmed, Maaz</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Concurrency and computation</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Hyder, Muhammad Faraz</au><au>Ahmed, Waqas</au><au>Ahmed, Maaz</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense</atitle><jtitle>Concurrency and computation</jtitle><date>2023-02-28</date><risdate>2023</risdate><volume>35</volume><issue>5</issue><epage>n/a</epage><issn>1532-0626</issn><eissn>1532-0634</eissn><abstract>Summary
The container‐based cloud has its distinct security challenges. In this article, moving target defense (MTD) is used to increase the cost and effort of the attacker to exploit resources and follow an attack path to compromise the critical resources in a container‐based cloud. The existing MTD mechanisms for cloud have not focused on intruder prevention inside containerized environment. The proposed solution is one of its kind that utilizes resource movement inside and across the virtual private network in the cloud to deceive intruders. The framework continuously changes the target/container to increase confusion about the routing path, so attackers cannot follow the simple attack path. This obscure cloud architecture increases the delay in attack and gives system/network administrators significant time to use Intrusion Detection mechanisms for countering the attack. The proposed scheme is implemented on the Google Cloud Platform (GCP) by using an extensive network of nodes hosting the stateful pods that are created and destroyed periodically. The experimental analysis confirmed that the proposed scheme substantially increased the attack path length and added obscurity at a low computation cost. However, as per experiments, implementing the proposed scheme in GCP slightly increases the dollar cost.</abstract><cop>Hoboken</cop><pub>Wiley Subscription Services, Inc</pub><doi>10.1002/cpe.7549</doi><tpages>18</tpages><orcidid>https://orcid.org/0000-0001-8904-1615</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1532-0626 |
| ispartof | Concurrency and computation, 2023-02, Vol.35 (5), p.n/a |
| issn | 1532-0626 1532-0634 |
| language | eng |
| recordid | cdi_proquest_journals_2766830131 |
| source | Wiley Online Library Journals Frontfile Complete |
| subjects | Cloud computing Computer architecture containerization Containers intrusion attacks Intrusion detection systems Kubernetes moving target defense Moving targets Time of use virtual private cloud Virtual private networks |
| title | Toward deceiving the intrusion attacks in containerized cloud environment using virtual private cloud‐based moving target defense |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-30T15%3A06%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Toward%20deceiving%20the%20intrusion%20attacks%20in%20containerized%20cloud%20environment%20using%20virtual%20private%20cloud%E2%80%90based%20moving%20target%20defense&rft.jtitle=Concurrency%20and%20computation&rft.au=Hyder,%20Muhammad%20Faraz&rft.date=2023-02-28&rft.volume=35&rft.issue=5&rft.epage=n/a&rft.issn=1532-0626&rft.eissn=1532-0634&rft_id=info:doi/10.1002/cpe.7549&rft_dat=%3Cproquest_cross%3E2766830131%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2766830131&rft_id=info:pmid/&rfr_iscdi=true |