Defensive deception framework against reconnaissance attacks in the cloud with deep reinforcement learning.

Implementing defensive deception in the cloud is promising to proactively counter reconnaissance attack. This technique presents decoys to camouflage cloud assets and distracts attack resource. However, the major challenge is to develop an effective deception strategy to orchestrate digital decoys. To address this issue, we propose a deep reinforcement learning (DRL)-based defensive deception framework. First, we formulate a utility function, which mathematically models underlying threats associated with common vulnerabilities among virtual machines in the cloud. Then, we customize training interfaces and the neural networks for a DRL agent. The reward function reflects the effectiveness of asset concealment and the waste of attack resources, referring to a comprehensive defense goal. Finally, the well-trained DRL agent generates the optimal defense strategy. It specifies a more granular deception strategy than existing proposals. Simulation results show that the proposed framework leads to a 7.87% average advantage in realizing the comprehensive defense goal. Moreover, it can stably improve the concealment degree of cloud assets up to 20.58%, and increase the attack cost up to 40.40%. This study shows that it is promising to improve cloud security with deception defense and artificial intelligence techniques. [ABSTRACT FROM AUTHOR]