Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires
This addresses security challenges for cloud administrators by offering a structured approach to attack reconstruction, though it appears incremental as it builds on existing concepts like tripwires and attack graphs.
The paper tackles the problem of reconstructing multi-step cyber attacks in cloud environments by proposing a framework that uses cyber deception, automatic tripwire injection, and attack graphs to improve precision, aiming to reduce false-positives in detection systems.
Rapidly-changing cloud environments that consist of heavily interconnected components are difficult to secure. Existing solutions often try to correlate many weak indicators to identify and reconstruct multi-step cyber attacks. The lack of a true, causal link between most of these indicators still leaves administrators with a lot of false-positives to browse through. We argue that cyber deception can improve the precision of attack detection systems, if used in a structured, and automatic way, i.e., in the form of so-called tripwires that ultimately span an attack graph, which assists attack reconstruction algorithms. This paper proposes an idea for a framework that combines cyber deception, automatic tripwire injection and attack graphs, which eventually enables us to reconstruct multi-step cyber attacks in modern cloud environments.