Event-Based Moving Target Defense in Cloud Computing With VM Migration: A Performance Modeling Approach

The domain of information security is undergoing significant evolution to address the increasingly complex challenges aimed at bolstering system resilience against attacks. The Moving Target Defense (MTD) methodology, which entails altering the system’s configuration—for instance, by relocating virtual machines (VM) or modifying IP addresses—serves to dynamically modify vulnerable components of a system. This strategy effectively disorients potential attackers, complicating their efforts to comprehend or anticipate the system’s configuration. Moreover, MTD can be proactively utilized by, for example, relocating VMs from a network segment that has been compromised. Consequently, MTD emerges as a viable approach for mitigating security concerns, particularly within cloud computing frameworks. A critical facet of MTD involves the system migration across different hardware, presenting logistical and strategic challenges that necessitate a thorough evaluation of factors such as operational downtime and the impact on system performance. Analytical models, particularly those based on stochastic Petri nets (SPN), offer a methodological advantage in strategizing MTD implementations by facilitating the assessment of potential outcomes in a non-live environment. This paper proposes an advanced model that extends prior research through the integration of an event-based MTD mechanism, which encompasses both the probability of intrusion detection and the ability to discern potential threats. Through the application of diverse migration initiation policies, this study aims to identify more efficacious strategies under specific conditions. The findings indicate that reliance on event-detection policies is advantageous when the system possesses a detection accuracy exceeding 50%, underscoring the critical role of precise intrusion detection in the efficacy of MTD strategies.