Stackelberg Security Game for Optimizing Cybersecurity Decisions in Cloud Computing

. As it is difcult to cover all cybersecurity threats, an optimal defense strategy is one of the focal issues in cloud computing due to its dynamic abstraction and scalability. On this basis, Stackelberg security games (SSG) have received signifcant attention for their better deployment of limited security. To deal with uncertainty and incomplete information, we introduce a modifed quantal response (Mod-QR) approach that incorporates bounded rationality and preference into the decision-making process. Formally, this can be done by using the quantal response equilibrium (QRE) framework to fnd a trade-of between the efectiveness and operating costs of cloud computing. In this case, the most efective countermeasures to defend the cloud can be viewed as a mixed strategy in which all the actions of the defender are played with a nonzero probability. Tis framework has been evaluated using an experimental study on MATLAB optimization toolbox to understand the behavioral aspects of cybersecurity actors and then to proactively protect cloud computing.


Introduction
To adapt quickly to changing business needs, cloud computing is an emerging trend that is revolutionizing the future of the IT industry by ofering the ability to grow or shrink infrastructure resources and services as needed.Such an approach provides a solid ground for designing a better usage-based pricing model that allows the on-demand provisioning of scalable services such as MBaaS (mobile backend as a service) [1], database as a service (DBaS) [2], and NaaS (network as a service) [3].
Although shared infrastructure and multitenancy are improving the redundancy and reliability of the cloud, users have limited visibility and control over online business data and applications.As a direct result of these virtualized services, data security is still a critical challenge in the cloud computing paradigm, and it becomes particularly serious because the data are located in diferent virtual machines (VMs) [4,5].One major problem with cloud security is that attackers can inject malicious queries using various cyberattacks such as credential stufng, Denial of service (DoS), Spectre and Meltdown, SQL injection, Cross-Site Scripting (XSS), CrossSite Request Forgery (CSRF), etc [6].Because of this, it is of utmost importance to build plans to react and recover from attacks as quickly as possible.With constantly changing cybersecurity threats, there has to be a strong strategy in place to make automated decisions in mitigating the risk of privacy attacks [7,8].Such an approach will hopefully lead to better design and implementation of the well-developed information security policy and then choose the appropriate countermeasures.To this aim, moving target defense (MTD) has become a focus point of recent cyber security advances.Concretely, there are two ways to best match security measures with available resources in large-scale virtualized data centers.One of the best ways to improve data security is to learn how to effectively cover all the most critical and emerging risks [9,10].Unfortunately, limited security resources prevent full security coverage for all possible vulnerabilities in modular data centers and large-scale clouds.Alternatively, we rely on game theory to analyze and model the competition between attackers and defenders as well.Taking into consideration the current situation of cloud infrastructure resources, we determine the optimal response to the cooperative and competitive behavior of two players (defenders and attackers) with conficting interests.Notice that in the noncooperative game, a malicious hacker seeks to dramatically reduce the overall proft margins.Based on this assumption, Stackelberg security games (SSG) are well-suited to adversarial reasoning for making efective, rational strategies when it comes to securing highly scalable cloud infrastructure.In practice, this is generally done by defning defense strategy by cloud providers (leaders) in advance while multiple adversaries (followers) would launch cyberattacks on a system based on the leader's policy.
Obviously, cloud providers try to continuously update the adopted security policy in such a way that it would maximize their payof.In this case, security measures aim to determine the optimal selection of countermeasures in IT security planning to mitigate cyber threats and meet the level of QoS as well.Put simply, a cloud provider guarantees providing highly available and efcient services and simultaneously improves business agility and revenue efciency by reducing the costs associated with security countermeasure.Note that the interests of the players confict totally in a zero-sum game environment.More interestingly, we proceed to defne quantal the response equilibrium (QRE) so that each player's strategy is chosen according to the probability distribution.In such challenging circumstances, every defense strategy is played with nonzero probability.Te main contributions of this paper include the following: (1) We identify and quantify potential security threats in cloud computing environments to build a cybersecurity model (2) We use Stackelberg games to model the attackerdefender strategic interaction in cloud computing, especially when using a limited number of resources (3) We develop a model of imperfect competition based on a noncooperative game to fnd an optimal defender strategy (4) We propose a model of bounded rationality based on the QRE so that all players always make their decisions with a limited amount of information about security threats and countermeasures (5) We conduct a comprehensive evaluation of the accuracy of the modeling defense strategy and its efect on the operating proft margin Te rest of this paper is structured as follows.In Section 2, we formalized the system model and security requirements for cloud-shared resources.Section 3 surveys the most notable research works by highlighting their advantages and shortcomings.Section 4 presents the Stackelberg game-based model for automating security decisions in the cloud environment.Section 5 examines existing Stackelberg security games and provides evidence about their ability to generate the tradeofs between the privacy risks and their corresponding countermeasures in cloud computing.In Section 6, we presented the construction and security analysis of the proposed method by detailing the game's mathematical model.Section 7 is dedicated to simulation results and performance analysis.Section 8 fnally concludes this work and presents some future works.

Problem Statement
Generally, cloud computing is seen as more vulnerable to cyber-attacks compared to traditional data centers.In fact, the dynamic nature and the building blocks of the cloud are the root cause of cyber-attacks. Figure 1 represents the four fundamental building blocks of cloud infrastructure.Concretely, it uses virtualization to run multiple independent instances of one physical device.
To meet QoS requirements, a distributed and parallel computing strategy is used to signifcantly improve performance by taking advantage of dynamic load balancing and task scheduling.Similarly, the use of web technologies would undoubtedly be of great value to facilitate quick and easy access to cloud services.Outsourcing business processes reduce costs and improve productivity and proftability.On one side, these features can often provide cost reduction while maintaining high-quality service, even though they may pose serious challenges to cloud security.On the other side, especially in a large-scale environment, the problem is where we should place a limited number of security measures to quickly detect cyber-attacks.In light of this fact, the following issue needs to be considered for our scenario.

Te Uncertainty of Cyber-Attacks.
In most cases, cyberattacks on cloud servers are uncertain.Te attacker exploits a vulnerability to infect VMs residing on the same host either the virtual machine or the hypervisor.Moreover, a successful attack on a VM may adversely afect the security in the virtualized environment by the interaction of virtual machines running on the same cloud computing.We assume that an attacker exploits a vulnerability to gain access to VM1, which has a negative impact on nearest neighbor VM2 and VM3.As all VMs interact directly with the console, it is uncertain which vulnerability on VM2 and VM3 will be exploited by the attacker to take control of a cloud resource, as shown in Figure 2.

Te Limit of Defense Mechanisms.
Te security of a large-scale data center is based on the security of all VMs [11].At the same time, security policy becomes inefective as it gets more and more complex to operate and maintain.It may not be realistic to monitor all activity and discover all VMs since it may potentially require system downtime.Often the biggest challenge in designing and deploying efcient countermeasures in large-scale distributed systems is cost.It might then require compromises to be made, increasing security and maintaining high-quality performance.

2
Security and Communication Networks

Related Works
Over the last three decades, a number of frameworks have been developed to promote the use of game theory to practically model the decision-making process between attackers and defenders in distributed data centers.Te authors in [12,13] use the Stackelberg game for a coalition between a mobile cloud computing (MCC) and unmanned aerial vehicle (UAV).Te main objective here is to optimize computation ofoading in terms of transmission time and energy consumption.In the same line, the Stackelberg game is used to formulate a discrete multileader multifollower in a coalition-based UAV network so as to achieve the lowest network energy consumption [14,15].Te authors in [16,17] use the Stackelberg game to formulate a discrete multileader multifollower in a coalition-based UAV network so as to achieve the lowest network energy consumption.In this case, the proposal is designed to choose the most optimal strategies that yield the maximum utility for the provider and meanwhile ensure the best service and a suitable price for end users.Yang et al. rely on the Markov chain model with a state transition matrix to build a game model for protecting smart grids.It is commonly performed by multiple adversaries cooperatively [18,19].By using a twoplayer stochastic game, the authors in [20,21] defne Nash equilibrium (NE) to select the best attack-defense strategy in satellite base stations.More specifcally, the authors in [22,23] use a mixed strategy-based zero-sum game with two players between providers and attackers.Li and Zheng [24] use the Stackelberg game model to secure data centers against advanced persistent threats (APTs).Basically, the authors applied semi-Markov models to generate a timing-aware model that captures potential variations sequence in a multistage defense mechanism.In wireless networks, game theory analyzes the behaviors of nodes to secure the routing process in VANET while also improving trafc safety and performance [25].Jakóbik et al. [26] examined the complex interactions between cloud providers and end users by using the Stackelberg game.In order to reach the security goals, the proposed solution is designed to reduce the information losses and secure sensitive communication systems as well.In [27], Eltayesh et al. formulated a Bayesian game to study the inaccurate, inconsistent, missing data in a database caused by the most common and dangerous cyber threats.In the same vein, the authors in [28] take into account the computational costs and misbehavior activities of malicious nodes and construct a dynamic Bayesian game to maximize the individual utility of each node in underwater acoustic sensor networks (UASNs).
Furthermore, game theory is the most efcient approach to modeling the confict or cooperative game relationship between the attacker and the defender so as to develop a deeper understanding of the scope of both the threat and potential damages.Tis was achieved with the help of reinforcement learning (RL) and repeated Stackelberg game [29].To deal with adaptive adversaries, Zhang and Zhuang [30] introduced a sequential game that accurately estimates the required resources to face several attack types.Tis will provide guidance on how to achieve efcient distribution of a limited amount of resources to multiple targets to reduce data loss caused by attackers.Ji et al. proposed an automatic smart security policy through the game theory model to make appropriate security strategies by studying potential security risks in microgrid systems [31].Chen et al. proposed a mechanism for an IoT environment to make efcient security decisions to minimize cyber-attacks [32].To this aim, Monte Carlo with the classical Stackelberg models is used to optimally place a set of intrusion detection systems (IDSs) in several locations across the network.
Overall, all previous works detailed in this section focus on the Stackelberg game framework to model interactions between service providers and attackers.Usually, a typical approach is based on the assumption that attackers are perfectly rational when defenders deploy limited security resources to maximize their efectiveness.Nevertheless, the environment may be nondeterministic in which case it is modeled by quantal response equilibrium (QRE).For decision-making under uncertainty, we opt for the game theory concept to model scenarios in which the players cannot know the strategy of their opponents.Even though it is hard to defne the utility (payof) function for defender and attacker, it is designed to identify utility functions based on the inverse game problem.Subsequently, the proposed model is an efective strategy for predicting future attack patterns and helps cloud providers to defend against a given threat.

Game Theoretical Model for Cloud Threats
Basically, we defne a mitigation approach and tools that minimize threats and vulnerabilities in cloud computing.In this context, game theory is one of the most prominent and efcient problem-solving approaches in choosing an optimal investment in information security.More precisely, game theory has long fulflled the promise of enhancing intelligent decision-making for complicated security challenges.Figure 3 illustrates the principle of the proposed optimal security measures.
Tis pledge has been achieved in part with the implementation of Stackelberg security games.Tis is a noncooperative game that models competition between a specifc group of players and a leader who has a favored status and makes the move frst.Accordingly, the remaining players (followers) are obligated to make their decisions based on the actions of the leader.

Stackelberg Game.
Stackelberg games were frst introduced to model the relationship between leadership and commitment to study the two competitors in the duopoly market.It requires players to decide the best strategic move: the frst player is the leader who commits to a strategy frst, and then the second player, called the follower, observes the strategy of the leader and then reacts to it so as to reduce the loss due to the leader strategy.
Te term Stackelberg security games (SSG) was frst introduced by [33] Kiekintveld to optimize resources used to defend against a potential attacker.Accordingly, this noncooperative game consists of defender (D) and attacker (A).Te attacker tries to attack any target from the available set of targets T � (t 1 , . . ., t n ) to gain access to critical and confdential information stored in the cloud whereas the defender tries to prevent attacks by covering targets by using a limited number of resources from the set R � (r 1 , . . ., r k ).In light of the fact, we formulate the game theoretical model for the defender and attacker scenario as two players noncooperative and nonzero-sum game G.
where N � (1, . . ., n) is a set of players; S i is the set of strategies; U i is the set of payof for each player.
In this way, this game comprises a set of players, actions/ strategies, and the fnal payof that is represented by a matrix, as shown in Table 1.
In a general sense, in a resource allocation game, there are two strategies to deal with cybersecurity in cloud computing environments, i.e., pure and mixed strategies.On the one hand, cloud provider in a pure strategy determines the specifc actions for any possible common cyber threats and attacks by deploying a set of resources R to defend targets.In parallel with this, for an attacker, it represents an attack at a target.On the other hand, a mixed strategy for cloud providers is a probability distribution over the set of possible countermeasures.In the context of the cloud, an active attacker would have taken control of one or several targets in a pure strategy while the targets in a mixed strategy are denoted by A � (a i ), where a i represents the probability of attacking a target t i .
In the cybersecurity context, the defender's mixed strategy is represented by a probability distribution x i that determines the probabilities associated with the cloud provider covering each target t [26].Tus, 1 − x i is the probability of uncovered target.Additionally, the utility for both the defender and the attacker is associated with each target, and whether it is covered by the cloud provider or not [30,33].More importantly, when the target t is attacked, and covered by the defender then, the defender's utility is As a general rule, the security games in cloud are a function that satisfes

Te Expected Utility in Security
Games.When a strategy profle D and A is played, the utility values of both players are given by the following: the payof of each cloud provider depends on the probability x i that a target t i is covered.Let R D i denote the income obtained after investing in security measures to cover cloud services.To greatly reduce the potential damage P D i from an attack, each cloud provider would expect to incur a cost e for the security expenses.Te marginal payof for a cloud provider can be expressed as follows: ( From the equation above it is clear that if the target is uncovered (the attack is successful), the cloud provider has no gain.In addition, if the target is covered, the cloud provider generates an income that is reduced by the operational expenses.We then focused on the damages committed by the attackers, and the payof depends on the major benefts R A i that can be obtained from an attack on target t and the estimated costs of each attack P A i .Ten, the payof of each attacker that gets access to a cloud environment can be defned as follows: Tat equation above refects the situation when the target is covered and then attackers are not able to generate proft.Obviously, unprotected target is the easiest way to earn passive income R A i .To deal with cybersecurity in a cloud computing environment, we assume that cloud providers select the appropriate level of security while the attackers observe the defender's strategy.Unfortunately, cloud providers allocate scarce defense resources to cover potential targets as full security coverage at all times is not possible.A strategic goal is to continuously ensure a balanced allocation of the defender, and the attacker depends on the budget constraints and the expected revenue.Note that given a coverage probability, it is always better for the cloud provider to secure all VMs, whereas the attacker prefers to gain access to specifcally unprotected VMs with a better payof.Moreover, we make the assumption that the cloud provider's payof depends on his own actions and an aggregate of the actions of all-possible attackers.In this paper, we only consider the case of defender-attacker Stackelberg games in which the defender's utility is the exact opposite of the attacker's utility.

Equilibrium Analysis of Cloud Security.
Te main challenge faced by each cloud provider is to choose an optimal policy when making strategic security decisions.Te most important in security game is to fnd equilibrium in stochastic games.In a Cournot duopoly, the cloud provider and attackers make their moves at the same time while, in a Stackelberg duopoly, the cloud provider becomes the leader and so makes the frst moves.Te payofs in equations above (1) and ( 2) only represent potential targets that are getting attacked regardless of whether they have been protected or not.In this case, we use Stackelberg game models as a standard solution concept to capture the interaction between the two players in a security game consisting of a defender (D) and multiple attackers (A).Terefore, we investigate Nash equilibrium (NE) in cyber security problems, which often are considered as competitive scenarios.Defnition 1.A pair of mixed strategies D and A forms an NE if the following conditions are satisfed: (1) Defender plays a best response, that is, Te Stackelberg equilibrium (SSE) is equal to the Nash equilibrium under the given zero-sum assumption, which is usually regarded as the maximum strategy.
Accordingly, the defender maximizes the minimum expected utility or minimizes the maximum attackers' utility.Suppose that the attacker's response function is (c): c ⟶ a.We assume that g(c) is unique to every c.Te solution is provided via the formalization of strong Stackelberg equilibrium (SSE) [14].

Secure Stackelberg Game-Based Models
In this section, we introduce common models to implement the Stackelberg security game.Specifcally, there are increasing eforts to reduce cybersecurity attacks and the cost of countermeasures as well.
5.1.COBRA Models.Pita et al. proposed the COBRA model based on three game models [16].Te frst one is bounded rationality represented by COBRA(0, ε).Te second one is observational uncertainties COBRA(α, 0), and the third one is the combination of the frst and second model COBRA(α, ε).Authors consider the strategy of both leader x and follower x ′ to be a linear problem: Security and Communication Networks , where α represents the player behavior.

ORIGAMI Model.
In this model, Kiekintveld et al. [31,33] defned C as the coverage vector of the optimal security strategy c t to protect a target t.Besides, the probabilities that target t is protected are x.Te author assumed that the equilibrium state of this game is achieved when U A (C) � x, and then, For each target t i , such that U u A (t i ) > x.

SU-BRQR Model.
Tambe et al. in [16,18] introduce a model that takes into consideration the adversary's preference.Te latter highlights the importance of rewards and penalties in every security policy.In this case, the optimal strategy is calculated by adding the utility function η i to the standard Stackelberg security model.Accordingly, the optimal strategy is expressed as follows: where In addition to the above models, the interactions of the typical attack and defense strategies are analyzed using several defense-allocation methods such as MAXMIN models [16], Eraser-C model [20], ASPEN model [22], and GUARDS model [34].

Proposed Model
Indeed, the weak performance in terms of predicting the behavior of the human adversary is the main obstacle to the development of realistic models, particularly in the context of SSGs.Te inherent difculty lies in accurately capturing the complex decision-making processes of adversaries.However, in order to devise more efcient defense strategies, it is imperative to overcome this challenge.
In this section, we propose a novel approach to modeling adversary decision-making in SSGs.Our approach combines the concepts of quantal response equilibrium and quantal response with preference, thereby ofering a comprehensive framework for understanding and predicting adversary behavior.
Quantal response equilibrium takes into account the bounded rationality of adversaries, acknowledging that their decision-making is not purely rational but infuenced by a certain level of randomness.By incorporating this notion into our model, we can better capture the realistic behavior of adversaries in SSGs.
Furthermore, we extend the model by incorporating quantal response with preference.Tis addition allows us to account for the fact that adversaries may exhibit a preference for certain targets or strategies.By considering the preferences of adversaries alongside their quantal response behavior, we gain deeper insights into their decision-making processes and can devise more efective defense strategies accordingly.It provides a powerful tool for analyzing and predicting adversary behavior, enabling the development of more efcient defense strategies.Tis advancement is crucial for ensuring the security and resilience of SSGs in the face of evolving threats.
6.1.Quantal Response.Quantal response equilibrium (QRE) is an important solution concept in game theory.It was introduced by McKelvey and Palfrey [35].Note that a set of boundary conditions is usually associated with discrete strategies to fnd equilibrium.In particular, the response of a player in the Stackelberg security game is modeled as a quantal response.Such a model leads to a secure cloud environment using systems with a probability of selecting an action i, which can be expressed in the following way [36]: where λ ∈ [0; +∞] is the parameter that refects the rationality level of each player and the degree of accuracy and precision of each action.In this case, the parameter λ � 0 means that the choice of an action becomes purely random.But more importantly, in contrast to the lack of complete information, the action with the higher expected payof is chosen for sure rational behavior when λ ⟶ +∞.When the expected utility for the attacker U a i (p) is replaced, we obtain the probability α i (p) of selecting an action.
Basically, the defender in SSGs seeks to maximize its expected utility; we assume that the adversary follows a quantal response (QR-adversary).Given the adversary's quantal response, which is described in equation ( 7), the defender's best response is From equations ( 3) and ( 9), the problem of fnding the optimal mixed strategy for the defender can be formulated as follows: 6 Security and Communication Networks x i ≤ M, and 0 ≤ x i ≤ 1, ∀i. (10)

Modify Quantal Response (Mod-QR).
Te quantal response model is enhanced by incorporating multiple parameters that infuence the attacker's decision-making process.Tis modifcation accounts for the various factors that can afect how attackers make their strategic choices.
For simplicity purposes, the parameter φ i refers to the efects of the successful attack rate.In other words, it describes also an attractor for the best response.In general, the attackers are attracted by targets that have been attacked successfully in the past with the highest payof since a successful attack with a large penalty would reduce the defender's reward.
Here, we modify the QR model by adding φ i to the probability in equation ( 6).We modeled the efect of a successful attack rate as follows: In this case, C i (x) ∈ [0, 1] refers to the target t i that has been attacked, and λ c indicates the preference of the attacker for this target.Tis parameter refects the willingness of attacker to again access to a specifc target.Furthermore, ρ c � P A i /R A i is the ratio of the attacker' penalty and reward.Ten, the probability of an attacker to attack the target t i is calculated as follows: Te optimal defender strategy against a Mod-QRadversary is computed by solving the following optimization problem: Ten, where the integer variables C i are introduced to represent the function C i (x).
Te optimization problem described above presents a challenge due to its nonlinear and nonconvex nature, combined with the presence of mixed integer-programming constraints.Consequently, solving this problem directly becomes a difcult task.To tackle this challenge, we employ a computational approach to determine the optimal strategy against the quantal response adversary.Specifcally, we focus on methods that enable the computation of local optima, as outlined in Algorithm 1.By utilizing Algorithm 1, we can explore and identify near-optimal solutions within the problem's complex solution space.Although global optimality may not be guaranteed, this approach allows us to obtain satisfactory solutions that maximize the objectives and satisfy the constraints.
In the frst place, we transform the maximization problem into a minimization problem.Here, we consider the problem of fnding the minimum cost according to stable constraints.Notably, the MATLAB optimization toolbox contains various diferent kinds of functions for searching optimal solutions with the inbuilt function given by fmincon.

Experimental Results
Tis section focused principally on evaluating the performance of the used defender's strategies against the diferent adversary models.Te frst model is designed to take into account quantal response while the second one relies on the modifed quantal response.Te frst adversary model incorporates quantal response, which considers the bounded rationality of the adversaries.Tis model takes into account the probabilistic nature of their decision-making process.Te defender's strategies are tested against this model to determine their efectiveness in countering adversaries with varying levels of rationality.Te second adversary model utilizes a modifed quantal response, which enhances the efciency of the decision-making process compared to standard quantal response.Tis model considers not only Security and Communication Networks the rationality but also the preferences of the adversaries.Te defender's strategies are evaluated against this model to assess their performance in a scenario where the adversaries exhibit preferences for specifc targets or strategies.In principle, the optimization of such systems is described exactly by equations described in the previous section.
In our case, and for the sake of simplicity, let us denote G as an instance of a game, which represents a combination of payof structure (R A i , P A i , R D i , P D i ).In the same vein, we suppose that the defender uses four resources (K � 4) to protect seven possible targets by exploiting security vulnerabilities, i.e., (t 1 , t 2 , t 3 , t 4 , t 5 , t 6 , t 7 ).Furthermore, we use the estimated parameters λ � 0.77 for quantal response and λ u � 0.6, λ c � 0.77, and C i � (1, 0, 1, 1, 0, 0, 0) for the modifed quantal response as mentioned in [37].For our purposes, we are restricting the topic to models for a range of potential parameters related to defender-attacker strategies, as shown in Tables 2 and 3.More importantly, we have developed the quantal properties of the mixed strategies as illustrated in Figures 4 and 5.
To further illustrate the proposed solution, we analyze the infuence of economic rational choice of the players' behavior and the infuence of each parameter.In particular, we focused on studying the efect of these parameters on defender's strategies.
Te convergence of the defender's mixed strategy can be observed in both Figures 6 and 7 as the attacker's rationality increases.Tese fgures illustrate the progressive alignment of the defender's strategy with the evolving tactics of the attacker.
In Figure 6, as the attacker becomes more rational, the defender's mixed strategy adjusts accordingly, converging towards a more optimal defense approach.Tis convergence indicates that the defender is adapting to the increasing rationality of the attacker, aiming to minimize vulnerabilities and mitigate potential threats.
Similarly, Figure 7 depicts the convergence of the defender's mixed strategy in response to the heightened rationality of the attacker.As the attacker's decision-making becomes more refned, the defender's strategy evolves to counteract these advancements.Te converging trends in this fgure demonstrate the dynamic nature of the defender's response to the attacker's increasing rationality.
From Figures 8 and 9, we can distinguish that the defender increases the security for targets, which have attacker's strict preference for these favored targets.Tis means that if an attacker has more preference for a specifc target, the defender is forced to protect this target.
As can be seen in Figure 10, the attacker at frst attacks all VMs with the same probability, which refects some irrational behavior.However, as time progresses, the attacker becomes more rational and strategic in their decisionmaking process.
Trough a careful analysis of the defender's strategies, the attacker gains valuable insights into the vulnerabilities and defenses of the VMs.Tis increased understanding allows the attacker to refne their approach and targetspecifc VMs more efectively.
Te transition towards rationality is evident in Fig-  In Figure 10, the probability of attacking the target 3, target 6, and target 7 increases.In contrast, the risk of cyber-attacks decreases for other targets.As the attackers become more rational, attacks have clearly become the most dangerous for both target 6 and target 7, while the probability of attacking target 3 decreases.Tis will undoubtedly contribute to minimize the overall penalty of executing all the tasks.

Security and Communication Networks
Furthermore, this situation would cause minimum penalty to attacker with high revenue, as illustrated in Figure 9.
Figures 11 and 12 show a proportional relationship between objective value and rationality λ u .In this case, when the attackers become more rational, they observe the defender's strategies and try to prevent the exploitation of coresident VMs with large penalties.Tis is due to the fact that these VMs often generate high revenue, and then, cloud providers can make a huge proft.Likewise, Figures 11 and  12 illustrate the efect of attackers with the goal of increasing the magnitude of their expected damage and their attacks on the defender's objective.In a general sense, this can be  Security and Communication Networks explained by the fact that each defender is interested in protecting vulnerable targets.In contrast, the probability of attacking other regular targets (VM) increases with the rationality λ u .As the defender's utility is defned as the expected payof on all VMs, the rewards of protecting cloud resources are directly related to the value of the attacked target and the level of protection.More precisely, the defender obtains a security gain by expending resources dedicated to protecting VMs.Tis can be clearly seen in Figure 13 which have higher the cloud provider's proft when purchasing and deploying more security countermeasures to protect against cyber-attacks.Furthermore, when the cloud provider demonstrates a preference for specifc targets, it is observed that the modifed quantal response (Mod-QR) exhibits greater efciency compared to the standard quantal response (QR) method.Indeed, this will lead to increased demands for cloud services and rapid growth in revenue as well.

Conclusions
Tis article attempts to model strategic interactions between both defenders and attackers to deal with the security of a multitenant cloud environment.To this aim, we use a Stackelberg security game (SSG) where a defender can simultaneously protect a set of targets using a limited number of resources.More specifcally, we study an equilibrium model in which players with conficts of interest maximize their expected utility.In this case, we assume that players have rational expectations and that attackers select targets following logit quantal response equilibrium models.

Security and Communication Networks
In such a situation, we use a nonzero-sum game for modeling and studying cloud security problems, as the gain of the attackers is not necessarily the same as the defender's losses.By formulating the defender's problem as an SSG decision process, the proposed model helps defenders to fnd and implement the most appropriate strategies that increase cloud defensibility and to predict and manage the behaviors of attackers.In the present study, a numerical simulation to further illustrate the efectiveness of the proposed model dealing is proposed and validated.In this research, experimental and numerical modeling is examined to defne the ideal security investment when evaluating and implementing cybersecurity measures.To achieve their strategic goals and objectives, cloud providers are bounded to rationality and dynamically change their strategies according to the attacker's preferences and its behavior.
In future work, we intend to explore the possible application of the Stackelberg security game to allocate defense resources to several targets subject to cyber-attacks, especially distributed denial-of-service (DDoS) attacks.We plan to further extend the proposed model by using a Markovbased approach to deal with cloud security using moving target defense (MTD) analysis.

Figure 1 :Figure 2 :
Figure 1: Building blocks of the cloud system.

Defnition 2 .( 1 )
A pair of strategies 〈c; g(c)〉 is defned as a strong Stackelberg equilibrium if the following conditions are satisfed: Te cloud provider uses the best security strategy: U d (c, g(c)) ≥ U d (c * , g(c ′ )) for any c * (2) Te attacker plays a best response: U a (c, g(c)) ≥ U a (c, g(c * )) for all g(c * ) (3) Te attacker breaks ties in favor of the defender policy: U d (c, g(c)) ≥ U d (c, ϕ(c)) for any ϕ(c) ∈ F a (c) where F a (c) � argmax a U d (c) is the set of the attacker's best responses.

Table 1 :
Example of two targets security game.