TY - GEN
T1 - Smart moving target defense for linux container resiliency
AU - Azab, Mohamed
AU - Mokhtar, Bassem
AU - Abed, Amr S.
AU - Eltoweissy, Mohamed
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2017/1/6
Y1 - 2017/1/6
N2 - Nature is a major source of inspiration for many of the inventions that we rely on to maintain our daily lifestyle. In this paper, we present ESCAPE, an evolved version of our natureinspired game-like informed moving-target-defense mechanism for cloud containers resiliency. ESCAPE rely on a novel container mobilization framework controlled by a smart attack maneuvering module. That module drives the running containers based on real-time models of the interaction between attackers and their targets as a "predator searching for a prey" search game. ESCAPE employs run-time live-migration of Linux-containers (prey) to avoid attacks (predator) and failures. The entire process is guided by a novel host-based behavior-monitoring system that seamlessly monitors containers for indications of intrusions and attacks. To evaluate the effect of ESCAPE's container livemigration evading attacks, we extensively simulated the attack avoidance process based on a mathematical model mimicking the prey-vs-predator search game. With ESCAPE's live-migrations, results show high container survival probabilities with minimal added overhead.
AB - Nature is a major source of inspiration for many of the inventions that we rely on to maintain our daily lifestyle. In this paper, we present ESCAPE, an evolved version of our natureinspired game-like informed moving-target-defense mechanism for cloud containers resiliency. ESCAPE rely on a novel container mobilization framework controlled by a smart attack maneuvering module. That module drives the running containers based on real-time models of the interaction between attackers and their targets as a "predator searching for a prey" search game. ESCAPE employs run-time live-migration of Linux-containers (prey) to avoid attacks (predator) and failures. The entire process is guided by a novel host-based behavior-monitoring system that seamlessly monitors containers for indications of intrusions and attacks. To evaluate the effect of ESCAPE's container livemigration evading attacks, we extensively simulated the attack avoidance process based on a mathematical model mimicking the prey-vs-predator search game. With ESCAPE's live-migrations, results show high container survival probabilities with minimal added overhead.
UR - http://www.scopus.com/inward/record.url?scp=85013191395&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85013191395&partnerID=8YFLogxK
U2 - 10.1109/CIC.2016.26
DO - 10.1109/CIC.2016.26
M3 - Conference contribution
AN - SCOPUS:85013191395
T3 - Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016
SP - 122
EP - 130
BT - Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2nd IEEE International Conference on Collaboration and Internet Computing, IEEE CIC 2016
Y2 - 1 November 2016 through 3 November 2016
ER -