报告简介:
Cloud storage is vulnerable to Advanced Persistent Threats (APTs), in which an attacker launches stealthy, continuous, well-funded and targeted attacks over storage devices. In this paper, we apply prospect theory to formulate the interaction between the defender of the cloud storage and an APT attacker who makes subjective decisions that sometimes deviate from the results of the expected utility theory, as the basis of game theory. In the PT-based cloud storage defense game with pure-strategy, the defender chooses the scan interval at each storage device and the subjective APT attacker decides his or her attack interval against each device under uncertain durations to complete the APT attacks. A mixed-strategy subjective storage defense game is also investigated, for the subjective defender and APT attacker under uncertain action of their opponent. The Nash equilibria (NEs) of both games are derived, showing that the subjective view of an APT attacker can improve the utility of the defender. A Q-learning based APT defense scheme is proposed for the storage defender without being aware of the APT attack model and the subjectivity model of the attacker in the dynamic APT defense game. Simulation results show that the proposed defense scheme suppresses the attack motivation of subjective APT attackers and improves the utility of the defender, compared with the benchmark greedy defense strategy.
报告人简介:
肖亮,厦门大学信息科学与技术学院教授,博士生导师,IEEE高级会员,中国计算机学会高级会员,中国电子学会高级会员,网络与数据通信专委会委员。从事网络安全,水声通信和大数据等方向的研究。获教育部留学回国人员科研启动基金,入选福建省高等学校新世纪优秀人才支持计划。主持和参与了多项国家自然科学基金和福建省自然科学基金研究项目,并参与863项目。曾担任IEEE Trans. Information Forensics & Security等多个SCI期刊编委,以及INFOCOM、GLOBECOM和ICC等国际学术会议技术议程委员。获2016 IEEE INFOCOM Bigsecurity WS最佳论文奖。
美国Rutgers(罗格斯新泽西州立)大学电子与计算机工程系博士,清华大学电子系硕士,南京邮电学院通信工程系学士。作为访问学者,曾在普林斯顿大学,弗吉尼亚理工和马里兰大学进行研究。曾任美国Rutgers大学无线信息网络实验室(WINLAB)助研,InterDigital公司和贝尔实验室实习研究员,北卡州立大学助教。