مدلسازی مسیرهای حمله APT در رایانش ابری
ترجمه نشده

مدلسازی مسیرهای حمله APT در رایانش ابری

عنوان فارسی مقاله: مدلسازی مسیرهای حمله APT وزنی مبتنی بر شبکه Bayesian در رایانش ابری
عنوان انگلیسی مقاله: Bayesian network based weighted APT attack paths modeling in cloud computing
مجله/کنفرانس: سیستم های کامپیوتری نسل آینده-Future Generation Computer Systems
رشته های تحصیلی مرتبط: مهندسی کامپیوتر
گرایش های تحصیلی مرتبط: رایانش ابری
کلمات کلیدی فارسی: مسیر حمله، تهدیدات پیشرفته مداوم، رایانش ابری، شبکه حمله Bayesian، بهره برداری، آسیب پذیری
کلمات کلیدی انگلیسی: attack path, advanced persistent threats, cloud computing, Bayesian attack network, exploit, vulnerability
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.future.2019.02.045
دانشگاه: Department of Computer Science and Technology, University of Science and Technology Beijing, 100083, China
صفحات مقاله انگلیسی: 34
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2019
ایمپکت فاکتور: 7.007 در سال 2018
شاخص H_index: 93 در سال 2019
شاخص SJR: 0.835 در سال 2018
شناسه ISSN: 0167-739X
شاخص Quartile (چارک): Q1 در سال 2018
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
کد محصول: E12079
فهرست مطالب (انگلیسی)

Abstract

1. Introduction

2. Threat model and attack path formalizations

3. Bayesian Network and Attacker’s Behavior Modeling

4. Path derivation and illustrative results

5. Conclusion

Acknowledgment

Research Data

References

بخشی از مقاله (انگلیسی)

Abstract

Security vulnerabilities exhibited in cloud computing components and technologies not limited to hypervisors, virtual machines, and virtualization present a major security concern. The primary challenge has been to characterize interlinked attack paths generated by Advanced Persistent Thereat (APT) attackers upon exploitation of vulnerabilities exhibited in cloud components. We propose a Bayesian network based weighted attack paths modeling technique to model these attack paths. In our approach, we employ quantitative induction to express weighted attack paths. We chain marginal and conditional probabilities together to characterize multiple attack paths from the attack source to the target node. In so doing, we evaluate the likelihood of an APT occurring in a given path. Furthermore, we propose an optimized algorithm to find the shortest attack path from multiple sources based on key nodes and key edges. The algorithm not only finds the shortest path but also resolves any existing ties amongst paths of equal weights. We characterize the attack time expense of the APT attack by modeling the associated atomic attack events in a path as Poisson variables obeying the Erlang distribution. The attack time expense is classified into three different levels; High, Medium and Low. We use the WannaCry ransomware attack to evaluate our model.

Introduction

Security presents a major concern echoed by many organizations migrating to cloud computing [1]. With the advent of e-governance, different governments likewise are switching to cloud computing and this has inadvertently attracted Advanced Persistent Threat (APT) attackers who target big corporations and governments [2]. APT attackers possess high levels of technical skills and have extensive resources at their disposal and this has enabled them to effectuate sophisticated stealthy reconnaissance, surveillance and data exfiltration attacks with little traceability if any at all. This profile of attackers has come to exploit vulnerabilities exhibited in cloud computing components not limited to hypervisors, virtual machines, virtual routers etc, to reach the otherwise secured or unreachable resources. Virtualization, for example, which is the foundation of most cloud offerings [3], has a myriad of attack vectors targeting virtual machines whether at rest in the cloud data centers or during migration on the network. Attacks on such a level of detail require highly skilled threat actors, hence APTs. Traversal of vulnerable cloud components during an attack generates virtual attack paths which depict dependencies shared amongst the exploited vulnerabilities. Attack paths have been widely studied [4 -7] in literature using different approaches. However, most of the studies apply to generic network environments with discrete network devices as opposed to virtualized cloud computing devices [8]. Bayesian networks have been employed to study attack paths but they suffer from attack cycles which typically occur in real-world scenarios due to the interleaving of reconnaissance and active APT attack stages.