EAI Endorsed Transactions on Security and Safety 18(13): e3

Research Article

Probabilistic Inference of the Stealthy Bridges between Enterprise Networks in Cloud

Download8 downloads
  • @ARTICLE{10.4108/eai.4-1-2018.153526,
        author={Xiaoyan Sun and Jun Dai and Anoop Singhal and Peng Liu},
        title={Probabilistic Inference of the Stealthy Bridges between Enterprise Networks in Cloud},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={18},
        number={13},
        publisher={EAI},
        journal_a={SESA},
        year={2018},
        month={1},
        keywords={cloud, stealthy bridge, Bayesian network, attack graph},
        doi={10.4108/eai.4-1-2018.153526}
    }
    
  • Xiaoyan Sun
    Jun Dai
    Anoop Singhal
    Peng Liu
    Year: 2018
    Probabilistic Inference of the Stealthy Bridges between Enterprise Networks in Cloud
    SESA
    EAI
    DOI: 10.4108/eai.4-1-2018.153526
Xiaoyan Sun1,*, Jun Dai1, Anoop Singhal2, Peng Liu3
  • 1: California State University, Sacramento, CA 95819, USA
  • 2: National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899, USA
  • 3: The Pennsylvania State University, University Park, PA 16802, USA
*Contact email: xiaoyan.sun@csus.edu

Abstract

Cloud computing, with the paradigm of computing as a utility, has the potential to significantly tranform the IT industry. Attracted by the high efficiency, low cost, and great flexibility of cloud, enterprises began to migrate large parts of their networks into cloud. The cloud becomes a public space where multiple “tenants” reside. Except for some public services, the enterprise networks in cloud should be absolutely isolated from each other. However, some “stealthy bridges” could be established to break such isolation due to two features of the public cloud: virtual machine image sharing and virtual machine co-residency. This paper proposes to use cross-layer Bayesian networks to infer the stealthy bridges existing between enterprise network islands. Cloud-level attack graphs are firstly built to capture the potential attacks enabled by stealthy bridges and reveal hidden possible attack paths. Cross-layer Bayesian networks are then constructed to infer the probability of stealthy bridge existence. The experiment results show that the cross-layer Bayesian networks are capable of inferring the existence of stealthy bridges given supporting evidence from other intrusion steps in a multi-step attack.