Layne T. Watson

Abstract

When remote command injection attacks succeed at the entry points of a cloud (servers exposed to the outside Internet), attackers targeting a specific asset in the cloud will pursue further exploration to find their targets. Attack targets, such as database servers, are often running on separate machines, forcing an extra step for a successful attack. However, compromising two or three machines is all an attacker needs to reach an isolated database through a simple attack path. The goal of this paper is to investigate the possibility of frustrating attackers by constructing a cloud network architecture that hides the path to a target asset in the network, utilizing multiple moving decoy virtual machines and confusing firewall configurations. A deceiving cloud network architecture can significantly delay attacks (by stretching the attack path from a handful of steps to thousands), providing time for system administrators to intervene and resolve the intrusion. This paper introduces the concept of misery digraphs, which provide a theoretical foundation for creating intrusion deception in clouds. This paper describes the necessary steps to convert a cloud to one that includes a misery digraph, and evaluates the feasibility and effectiveness of using the approach with Amazon Web Services. Our simulation results demonstrate that for a cloud implementing misery digraphs with a simple attack path of length five, there is a 91% probability that an attack requires at least 1000 steps to reach the target.

People

Layne T. Watson


Publication Details

Date of publication:
December 4, 2017
Journal:
IEEE Transactions on Information Forensics and Security
Page number(s):
1361-1375
Volume:
13
Issue Number:
6
Publication note:

Hussain M. J. Almohri, Layne T. Watson, David Evans: Misery Digraphs: Delaying Intrusion Attacks in Obscure Clouds. IEEE Trans. Inf. Forensics Secur. 13(6): 1361-1375 (2018)