Frequency-minimal utility-maximizing cloud resources allocation for moving target defense

Abstract

[ACCESS RESTRICTED TO THE UNIVERSITY OF MISSOURI AT REQUEST OF AUTHOR.] With the increase of cyber-attacks such as DDoS, intelligent resource-allocation based migration schemes are being devised as counter-strategies to protect critical cloud-hosted applications. However, most of such schemes follow static frequency of migration and on-the-fly sub-optimal cloud resource provisioning leading to: (a) high probability of attack success, (b) increased operational costs for cloud service providers (CSP), and (c) decreased user quality of experience (QoE). Thus, the critical challenge for resource-allocation based defense mechanisms is to minimize the waste of cloud resources and limit loss of availability, yet have effective proactive and reactive measures that can thwart attackers. In this thesis I address the defense needs by leveraging moving target defense based resource allocation within Software-Defined Networking-enabled cloud infrastructure. The novelty of my solution are: (a) the allocation frequency minimization of cloud-hosted applications across heterogeneous virtual machines based on attack probability, which in turn minimizes cloud management overheads, (b) a Market-driven utility maximizing resource allocation scheme that captures cloud-hosted application resource bids via a virtual market, and consequently re-allocates or migrates critical applications through a cost-aware utility-maximization scheme. I evaluate effectiveness of my proactive scheme using a large-scale GENI testbed for a just-in-time news feed application setup. My results show low attack success rate and higher performance of cloud-hosted application in comparison to the existing static moving target defense schemes that assume homogenous virtual machines. I also perform extensive simulations of allocations to multiple data centers for diverse cloud applications and user QoE profiles to demonstrate the improvement of my Market-based allocation approach over existing schemes that are largely based on centralized optimization principles.