Cloud networks are the backbone of the modern distributed internet infrastructure as they provision most of the on-demand resources organizations and individuals use daily. However, any abrupt cyber-attack could disrupt the provisioning of some of the cloud resources fulfilling the needs of customers, industries, and governments. In this work, we introduce a game-theoretic model that assesses the cyber-security risk of cloud networks and informs security experts on the optimal security strategies. Our approach combines game theory, combinatorial optimization, and cyber-security and aims at minimizing the unexpected network disruptions caused by malicious cyber-attacks under uncertainty. Methodologically, our approach consists of a simultaneous and non-cooperative attacker-defender game where each player solves a combinatorial optimization problem parametrized in the variables of the other player. Practically, our approach enables security experts to (i.) assess the security posture of the cloud network, and (ii.) dynamically adapt the level of cyber-protection deployed on the network. We provide a detailed analysis of a real-world cloud network and demonstrate the efficacy of our approach through extensive computational tests.

翻译：云网络是现代分布式互联网基础设施的支柱，因为它们提供了组织和个人日常使用的大部分按需资源。然而，任何突发的网络攻击都可能中断满足客户、行业和政府需求的云资源供应。在这项工作中，我们引入了一个博弈论模型，该模型评估云网络的网络安全风险，并为安全专家提供最优安全策略。我们的方法结合了博弈论、组合优化和网络安全，旨在最小化在不确定性条件下由恶意网络攻击引起的意外网络中断。在方法论上，我们的方法包括一个同时且非合作的攻击者-防御者博弈，其中每个玩家解决一个参数化于另一方变量中的组合优化问题。实际上，我们的方法使安全专家能够（i.）评估云网络的安全态势，以及（ii.）动态调整部署在网络上的网络防护级别。我们对一个真实的云网络进行了详细分析，并通过大量计算测试展示了我们方法的有效性。