Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires

by   Mario Kahlhofer, et al.

Rapidly-changing cloud environments that consist of heavily interconnected components are difficult to secure. Existing solutions often try to correlate many weak indicators to identify and reconstruct multi-step cyber attacks. The lack of a true, causal link between most of these indicators still leaves administrators with a lot of false-positives to browse through. We argue that cyber deception can improve the precision of attack detection systems, if used in a structured, and automatic way, i.e., in the form of so-called tripwires that ultimately span an attack graph, which assists attack reconstruction algorithms. This paper proposes an idea for a framework that combines cyber deception, automatic tripwire injection and attack graphs, which eventually enables us to reconstruct multi-step cyber attacks in modern cloud environments.


page 1

page 2


Launching Stealth Attacks using Cloud

Cloud computing offers users scalable platforms and low resource cost. A...

MAAC: Novel Alert Correlation Method To Detect Multi-step Attack

With the continuous improvement of attack methods, there are more and mo...

False Data Injection Cyber-Attack Detection

State estimation estimates the system condition in real-time and provide...

From product recommendation to cyber-attack prediction: Generating attack graphs and predicting future attacks

Modern information society depends on reliable functionality of informat...

Using Cyber Terrain in Reinforcement Learning for Penetration Testing

Reinforcement learning (RL) has been applied to attack graphs for penetr...

Generalized Insider Attack Detection Implementation using NetFlow Data

Insider Attack Detection in commercial networks is a critical problem th...