On Dynamic Recovery of Cloud Storage System Under Advanced Persistent Threats

Abstract

Advanced persistent threat (APT) for data theft poses a severe threat to cloud storage systems (CSSs). An APT actor may steal valuable data from the target CSS even in a strategic fashion. To protect a CSS from APT, the cloud defender has to dynamically allocate the limited security resources to recover the compromised storage servers, aiming at mitigating his total loss. This paper addresses this dynamic cloud storage recovery (DCSR) problem by employing differential game theory. First, by introducing an expected state evolution model capturing the CSS's expected state evolution process under a combination of attack strategy and recovery strategy, we measure the APT attacker's net benefit and the cloud defender's total loss. On this basis and in the worst-case situation where the cloud defender assumes that the APT attacker has full knowledge of his expected loss, we reduce the DCSR problem to a differential game-theoretic problem (the DCSR* problem) to characterize the strategic interactions between the two parties. Second, we derive a necessary condition for Nash equilibrium of the DCSR* problem and thereby introduce the concept of competitive strategy profile. Next, we study the structural properties of the competitive strategy profile, followed by some numerical examples. Then, we conduct extensive comparative experiments to exhibit that the competitive strategy profile is superior to a large number of randomly generated strategy profiles in the sense of Nash equilibrium solution concept. Finally, we briefly analyze the practicability (scalability and feasibility) of this paper. Our findings will be helpful to enhance the APT defense capabilities of the cloud defender.