Securing cloud-hosted applications using active defense with rule-based adaptations

Security cloud-based applications is a dynamic problem since modern attacks are always evolving in their sophistication and disruption impact. Active defense is a state-of-the-art paradigm where proactive or reactive cybersecurity strategies are used to augment passive defense policies (e.g., firewalls). It involves using knowledge of the adversary to create of dynamic policy measures to secure resources and outsmart adversaries to make cyber-attacks difficult to execute. Using intelligent threat detection systems based on machine learning and active defense solutions implemented via cloud resource adaptations, we can slowdown attacks and derail attackers at an early stage so that they cannot proceed with their plots, while also increasing the probability that they will expose their presence or reveal their attack vectors. In this MS Thesis, we demonstrate the concept and benefits of active defense in securing cloud-based applications through rule-based adaptations on distributed resources. Specifically, we propose two novel active defense strategies to mitigate impact of security anomaly events within: (a) social virtual reality learning environment (VRLE), and (b) healthcare data sharing environment (HDSE). Our first strategy involves a "rule-based 3QS-adaptation framework" that performs risk and cost aware trade-off analysis to control cybersickness due to performance/security anomaly events during a VRLE session. VRLEs provide immersive experience to users with increased accessibility to remote learning, thus a breach of security in critical VRLE application domains (e.g., healthcare, military training, manufacturing) can disrupt functionality and induce cybersickness. Our framework implementation in a real-world social VRLE viz., vSocial monitors performance/security anomaly events in network data. In the event of an anomaly, the framework features rule-based adaptations that are triggered by using various decision metrics. Based on our experimental results, we demonstrate the effectiveness of our rulebased 3QS-adaptation framework in reducing cybersickness levels, while maintaining application functionality. Our second strategy involves a "defense by pretense methodology" that uses real-time attack detection and creates cyber deception for HDSE applications. Healthcare data consumers (e.g., clinicians and researchers) require access to massive, protected datasets, thus loss of assurance/auditability of critical data such as Electronic Health Records (EHR) can severely impact loss of privacy of patient's data and the reputation of the healthcare organizations. Our cyber deception utilizes elastic capacity provisioning via use of rule-based adaptation to provision Quarantine Virtual Machines (QVMs) that handle redirected attacker's traffic and increase threat intelligence collection. We evaluate our defense by pretense design by creating an experimental Amazon Web Services (AWS) testbed hosting a real-world OHDSI setup for protected health data analytics/sharing with electronic health record data (SynPUF) and publications data (CORD-19) related to COVID-19. Our experiment results show how we can successfully detect targeted attacks such as e.g., DDoS and create redirection of attack sources to QVMs.Includes bibliographical references

Dolus : cyber defense using pretense against DDoS attacks in cloud platforms

Cloud-hosted services are being increasingly used in online businesses in e.g., retail, healthcare, manufacturing, entertainment due to benefits such as scalability and reliability. These benefits are fueled by innovations in orchestration of cloud platforms that make them totally programmable as Software Defined everything Infrastructures (SDxI). At the same time, sophisticated targeted attacks such as Distributed Denial-of-Service (DDoS) are growing on an unprecedented scale threatening the availability of online businesses. In this thesis, we present a novel defense system called Dolus to mitigate the impact of DDoS attacks launched against high-value services hosted in SDxI-based cloud platforms. Our Dolus system is able to initiate a pretense in a scalable and collaborative manner to deter the attacker based on threat intelligence obtained from attack feature analysis in a two-stage ensemble learning scheme. Using foundations from pretense theory in child play, Dolus takes advantage of elastic capacity provisioning via quarantine virtual machines and SDxI policy co-ordination across multiple network domains. To maintain the pretense of false sense of success after attack identification, Dolus uses two strategies: (i) dummy traffic pressure in a quarantine to mimic target response time profiles that were present before legitimate users were migrated away, and (ii) Scapy-based packet manipulation to generate responses with spoofed IP addresses of the original target before the attack traffic started being quarantined. From the time gained through pretense initiation, Dolus enables cloud service providers to decide on a variety of policies to mitigate the attack impact, without disrupting the cloud services experience for legitimate users. We evaluate the efficacy of Dolus using a GENI Cloud testbed and demonstrate its real-time capabilities to: (a) detect DDoS attacks and redirect attack traffic to quarantine resources to engage the attacker under pretense, and (b) coordinate SDxI policies to possibly block DDoS attacks closer to the attack source(s)

A Survey of Network Requirements for Enabling Effective Cyber Deception

In the evolving landscape of cybersecurity, the utilization of cyber deception has gained prominence as a proactive defense strategy against sophisticated attacks. This paper presents a comprehensive survey that investigates the crucial network requirements essential for the successful implementation of effective cyber deception techniques. With a focus on diverse network architectures and topologies, we delve into the intricate relationship between network characteristics and the deployment of deception mechanisms. This survey provides an in-depth analysis of prevailing cyber deception frameworks, highlighting their strengths and limitations in meeting the requirements for optimal efficacy. By synthesizing insights from both theoretical and practical perspectives, we contribute to a comprehensive understanding of the network prerequisites crucial for enabling robust and adaptable cyber deception strategies

Consortium blockchain management with a peer reputation system for critical information sharing

Blockchain technology based applications are emerging to establish distributed trust amongst organizations who want to share critical information for mutual benefit amongst their peers. There is a growing need for consortium based blockchain schemes that avoid issues such as false reporting and free riding that impact cooperative behavior between multiple domains/entities. Specifically, customizable mechanisms need to be developed to setup and manage consortiums with economic models and cloud-based data storage schemes to suit various application requirements. In this MS Thesis, we address the above issues by proposing a novel consortium blockchain architecture and related protocols that allow critical information sharing using a reputation system that manages co-operation amongst peers using off-chain cloud data storage and on-chain transaction records. We show the effectiveness of our consortium blockchain management approach for two use cases: (i) threat information sharing for cyber defense collaboration system viz., DefenseChain, and (ii) protected data sharing in healthcare information system viz., HonestChain. DefenseChain features a consortium Blockchain architecture to obtain threat data and select suitable peers to help with cyber attack (e.g., DDoS, Advance Persistent Threat, Cryptojacking) detection and mitigation. As part of DefenseChain, we propose a novel economic model for creation and sustenance of the consortium with peers through a reputation estimation scheme that uses 'Quality of Detection' and 'Quality of Mitigation' metrics. Similarly, HonestChain features a consortium Blockchain architecture to allow protected data sharing between multiple domains/entities (e.g., health data service providers, hospitals and research labs) with incentives and in a standards-compliant manner (e.g., HIPAA, common data model) to enable predictive healthcare analytics. Using an OpenCloud testbed with configurations with Hyperledger Composer as well as a simulation setup, our evaluation experiments for DefenseChain and HonestChain show that our reputation system outperforms state-of-the-art solutions and our consortium blockchain approach is highly scalableIncludes bibliographical references (pages 45-52)

Modernization of Manufacturing with Cybersecurity at the Forefront

With the proliferation of Industrial Control Systems (ICSs), manufacturing processes have improved over the last 30 years, however, the organizational focus to securely exchange and process information to/from integrated systems has been consistently lacking. These environments continue to be susceptible to security vulnerabilities, despite history [15] showing that cybersecurity exposures in manufacturing have largely gone unaddressed and continue to rise [52]. This study evaluates cybersecurity challenges in the industry and proposes recommendations for practical and fiscally responsible defense-in-depth cybersecurity protections for manufacturing environments. The business operating model, how ICSs became pervasive, as well as the major components that enable the operational technology (OT) were evaluated. With an understanding of the traditional network architecture for the industry [37], the rapidly evolving challenges facing the industry were examined. These challenges are impactful to the traditional and slow to change manufacturing operating model that has not focused on the necessary cyber protections for their OT environments. In addition, the industry is now facing game-changing technological concepts such as advanced manufacturing and Industry 4.0 that bring new complex challenges and cyber threats, unfamiliar to most in the industry. This is all underpinned by an organizational divide where the personnel most knowledgeable with the modern technology and cyber risks, in the majority of cases, are not responsible for the OT architecture and security. These headwinds impact an industry which spends the least on IT and cyber security than any other industry, globally [22]. The cyber risks and challenges in the industry are diverse, spanning technological and organizational competencies, stemming from purpose built components which operate in an ecosystem where cybersecurity is an afterthought. As a means to close the gap, practical and reasonable recommendations to address these problems are discussed; some specific and unique to the manufacturing industry while others are fundamental applications discussed with a manufacturing industry lens, which are commonly ignored due to perceived complexity, cost or simply lack of awareness. Lastly, a number of these recommendations were selected for further evaluation and implementation; challenges, approach, benefits and outcomes are shared showing measureable improvements to the cybersecurity posture of the organization.Master of ScienceComputer and Information Science, College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/147433/1/49698122_CIS699 - Mangano Thesis - Modernization of Manufacturing with Cybersecurity at the Forefront - Final 121018-v4.pdfDescription of 49698122_CIS699 - Mangano Thesis - Modernization of Manufacturing with Cybersecurity at the Forefront - Final 121018-v4.pdf : Thesi

Measuring Social Influence in Online Social Networks - Focus on Human Behavior Analytics

With the advent of online social networks (OSN) and their ever-expanding reach, researchers seek to determine a social media user’s social influence (SI) proficiency. Despite its exploding application across multiple domains, the research confronts unprecedented practical challenges due to a lack of systematic examination of human behavior characteristics that impart social influence. This work aims to give a methodical overview by conducting a targeted literature analysis to appraise the accuracy and usefulness of past publications. The finding suggests that first, it is necessary to incorporate behavior analytics into statistical measurement models. Second, there is a severe imbalance between the abundance of theoretical research and the scarcity of empirical work to underpin the collective psychological theories to macro-level predictions. Thirdly, it is crucial to incorporate human sentiments and emotions into any measure of SI, particularly as OSN has endowed everyone with the intrinsic ability to influence others. The paper also suggests the merits of three primary research horizons for future considerations

Comparative Analysis Based on Survey of DDOS Attacks’ Detection Techniques at Transport, Network, and Application Layers

Distributed Denial of Service (DDOS) is one of the most prevalent attacks and can be executed in diverse ways using various tools and codes. This makes it very difficult for the security researchers and engineers to come up with a rigorous and efficient security methodology. Even with thorough research, analysis, real time implementation, and application of the best mechanisms in test environments, there are various ways to exploit the smallest vulnerability within the system that gets overlooked while designing the defense mechanism. This paper presents a comprehensive survey of various methodologies implemented by researchers and engineers to detect DDOS attacks at network, transport, and application layers using comparative analysis. DDOS attacks are most prevalent on network, transport, and application layers justifying the need to focus on these three layers in the OSI model

A Survey on Privacy and Security of Internet of Things

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Internet of Things (IoT) has fundamentally changed the way information technology and communication environments work, with significant advantages derived from wireless sensors and nanotechnology, among others. While IoT is still a growing and expanding platform, the current research in privacy and security shows there is little integration and unification of security and privacy that may affect user adoption of the technology because of fear of personal data exposure. The surveys conducted so far focus on vulnerabilities based on information exchange technologies applicable to the Internet. None of the surveys has brought out the integrated privacy and security perspective centred on the user. The aim of this paper is to provide the reader with a comprehensive discussion on the current state of the art of IoT, with particular focus on what have been done in the areas of privacy and security threats, attack surface, vulnerabilities and countermeasures and to propose a threat taxonomy. IoT user requirements and challenges were identified and discussed to highlight the baseline security and privacy needs and concerns of the user. The paper also proposed threat taxonomy to address the security requirements in broader perspective. This survey of IoT Privacy and Security has been undertaken through a systematic literature review using online databases and other resources to search for all articles that meet certain criteria, entering information about each study into a personal database, and then drawing up tables summarizing the current state of literature. As a result, the paper distills the latest development