Mario Kahlhofer
Michael Hölzl
ABSTRACT
Rapidly-changing cloud environments that consist of heavily interconnected components are difficult to secure. Existing solutions often try to correlate many weak indicators to identify and reconstruct multi-step cyber attacks. The lack of a true, causal link between most of these indicators still leaves administrators with a lot of false-positives to browse through. We argue that cyber deception can improve the precision of attack detection systems, if used in a structured, and automatic way, i.e., in the form of so-called tripwires that ultimately span an attack graph, which assists attack reconstruction algorithms. This paper proposes an idea for a framework that combines cyber deception, automatic tripwire injection and attack graphs, which eventually enables us to reconstruct multi-step cyber attacks in modern cloud environments.
- Ping Chen, Lieven Desmet, and Christophe Huygens. 2014. A Study on Advanced Persistent Threats. In Communications and Multimedia Security (CMS '14) (LNCS, Vol. 8735). Springer, Berlin, Heidelberg, 63--72. https://doi.org/10/gg33gxGoogle Scholar
Cross Ref
- Eric Hutchins, Michael Cloppert, and Rohan Amin. 2011. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. In 6th International Conference on Information Warfare and Security (ICIW '11). ACPI, Washington, DC, 113--125.Google Scholar
- Samuel T. King and Peter M. Chen. 2003. Backtracking Intrusions. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP '03). ACM, Bolton Landing, NY, 223--236. https://doi.org/10/b47kcmGoogle Scholar
- Ram Shankar Siva Kumar, Andrew Wicker, and Matt Swann. 2017. Practical Machine Learning for Cloud Intrusion Detection: Challenges and the Way Forward. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security (AISec '17). ACM, Dallas, Texas, 81--90. https://doi.org/10/ggkqcpGoogle ScholarDigital Library
- Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee, and Prateek Mittal. 2018. Towards a Timely Causality Analysis for Enterprise Security. In Proceedings 2018 Network and Distributed System Security Symposium (NDSS '18). Internet Society, San Diego, CA. https://doi.org/10/ggk6gjGoogle ScholarCross Ref
- Julio Navarro, Aline Deruyver, and Pierre Parrend. 2018. A Systematic Survey on Multi-Step Attack Detection. Computers & Security 76 (July 2018), 214--249. https://doi.org/10/gdv95jGoogle Scholar
- Cynthia Phillips and Laura Painton Swiler. 1998. A Graph-Based System for Network-Vulnerability Analysis. In Proc. of the 1998 Workshop on New Security Paradigms (NSPW '98). ACM, New York, NY, 71--79. https://doi.org/10/cxxqrdGoogle ScholarDigital Library
- Neil C. Rowe and Julian Rrushi. 2016. Introduction to Cyberdeception. Springer International Publishing, Cham. https://doi.org/10/d65qGoogle ScholarDigital Library
- Robin Sommer and Vern Paxson. 2010. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy (S&P '10). IEEE Computer Society, Oakland, CA, 305--316. https://doi.org/10/cgp43qGoogle Scholar
- Lance Spitzner. 2003. Honeytokens: The Other Honeypot. https://www.symantec.com/connect/articles/honeytokens-other-honeypotGoogle Scholar
Index Terms
Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires
Recommendations
Employing attack graphs for intrusion detection
NSPW '19: Proceedings of the New Security Paradigms WorkshopIntrusion detection systems are a commonly deployed defense that examines network traffic, host operations, or both to detect attacks. However, more attacks bypass IDS defenses each year, and with the sophistication of attacks increasing as well, we ...
Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach
Decision and Game Theory for SecurityAbstractReconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by ...
Comments