International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I

Research Article

Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks

Download
363 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-23829-6_1,
        author={Xiaoyan Sun and Jun Dai and Anoop Singhal and Peng Liu},
        title={Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks},
        proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I},
        proceedings_a={SECURECOMM},
        year={2015},
        month={11},
        keywords={Cloud Stealthy bridge Bayesian network Attack graph},
        doi={10.1007/978-3-319-23829-6_1}
    }
    
  • Xiaoyan Sun
    Jun Dai
    Anoop Singhal
    Peng Liu
    Year: 2015
    Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23829-6_1
Xiaoyan Sun1,*, Jun Dai2,*, Anoop Singhal3,*, Peng Liu1,*
  • 1: The Pennsylvania State University
  • 2: California State University
  • 3: National Institute of Standards and Technology
*Contact email: xzs5052@ist.psu.edu, daij@ecs.csus.edu, anoop.singhal@nist.gov, pliu@ist.psu.edu

Abstract

Enterprise networks are migrating to the public cloud to acquire computing resources for promising benefits in terms of efficiency, expense, and flexibility. Except for some public services, the enterprise network islands in cloud are expected to be absolutely isolated from each other. However, some “stealthy bridges” may be created to break such isolation due to two features of the public cloud: virtual machine image sharing and virtual machine co-residency. This paper proposes to use cross-layer Bayesian networks to infer the stealthy bridges existing between enterprise network islands. Prior to constructing cross-layer Bayesian networks, cloud-level attack graphs are built to capture the potential attacks enabled by stealthy bridges and reveal hidden possible attack paths. The result of the experiment justifies the cross-layer Bayesian network’s capability of inferring the existence of stealthy bridges given supporting evidence from other intrusion steps in a multi-step attack.