Abstract

Nature is a major source of inspiration for many of the inventions that we rely on to maintain our daily lifestyle. In this paper, we present ESCAPE, an evolved version of our nature-inspired game-like informed moving-target-defense mechanism for cloud containers resiliency. ESCAPE rely on a novel container mobilization framework controlled by a smart attack maneuvering module. That module drives the running containers based on real-time models of the interaction between attackers and their targets as a "predator searching for a prey" search game. ESCAPE employs run-time live-migration of Linux-containers {prey} to avoid attacks (predator) and failures. The entire process is guided by a novel host-based behavior-monitoring system that seamlessly monitors containers for indications of intrusions and attacks. To evaluate the effect of ESCAPE's container live-migration evading attacks, we extensively simulated the attack avoidance process based on a mathematical model mimicking the prey-vs-predator search game. With ESCAPE's live-migrations, results show high container survival probabilities with minimal added overhead.