Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires

09/25/2020
by   Mario Kahlhofer, et al.
0

Rapidly-changing cloud environments that consist of heavily interconnected components are difficult to secure. Existing solutions often try to correlate many weak indicators to identify and reconstruct multi-step cyber attacks. The lack of a true, causal link between most of these indicators still leaves administrators with a lot of false-positives to browse through. We argue that cyber deception can improve the precision of attack detection systems, if used in a structured, and automatic way, i.e., in the form of so-called tripwires that ultimately span an attack graph, which assists attack reconstruction algorithms. This paper proposes an idea for a framework that combines cyber deception, automatic tripwire injection and attack graphs, which eventually enables us to reconstruct multi-step cyber attacks in modern cloud environments.

READ FULL TEXT

page 1

page 2

06/14/2020

Launching Stealth Attacks using Cloud

Cloud computing offers users scalable platforms and low resource cost. A...
11/16/2020

MAAC: Novel Alert Correlation Method To Detect Multi-step Attack

With the continuous improvement of attack methods, there are more and mo...
10/13/2018

False Data Injection Cyber-Attack Detection

State estimation estimates the system condition in real-time and provide...
04/26/2018

From product recommendation to cyber-attack prediction: Generating attack graphs and predicting future attacks

Modern information society depends on reliable functionality of informat...
08/16/2021

Using Cyber Terrain in Reinforcement Learning for Penetration Testing

Reinforcement learning (RL) has been applied to attack graphs for penetr...
10/27/2020

Generalized Insider Attack Detection Implementation using NetFlow Data

Insider Attack Detection in commercial networks is a critical problem th...