Modeling And Detection Of Advanced Persistent Threats Attacks In Cloud Computing

Security presents a major concern echoed by many organizations migrating and connecting to cloud computing.With the advent of e-governance,different governments likewise are switching to cloud computing and this has inadvertently attracted Advanced Persistent Threat(APT)attackers who target big corporations and governments.Security vulnerabilities exhibited in cloud computing components and large-scale networks not limited to hypervisors,virtual machines,and virtualization present a major security concern.To model and detect APT attacks in these networks,the primary challenge has been to characterize interlinked attack paths generated by Advanced Persistent Threat(APT)attackers upon exploitation of vulnerabilities exhibited in cloud components.In order to fill in the gaps in current literature,this dissertation presents modeling and detection of APT attacks in cloud computing.Two broad classes of APT,i.e.espionage-based APTs and organized crime APTs are considered in the modeling and detection process.To address the first problem,this dissertation presents the design and implementation of a novel framework for modeling and detection Advanced Persistent Threats(APT)in cloud computing based on finite state machines.To address the second problem,this dissertation presents a novel dynamic Bayesian networks-based weighted APT attack paths modeling technique in cloud computing.It models the exploitation of vulnerabilities and the subsequent generation of attack paths in cloud computing.To this effect,an optimized algorithm to find the shortest attack path from multiple sources based on key nodes and key edges is formulated.The GameOver Zeus botnet in cloud computing is used as the scenario which is modeled as a scale-free network exhibiting dynamic complex network characteristics.In order to address the third problem and overcome the current limitations of formulating effective detection methodologies faced in APT studies,an innovative APT attack detection model based on a semi-supervised learning approach and complex networks characteristics is presented.As such,the entire targeted network is stochastically model as a small-world network and the evolving APT-Attack Network(APT-ABN)as a scale-free network.Finite state machines are employed to model the state transitions of the nodes in the time domain to characterize the state changes during the APT attack process.This modeling approach is demonstrated on real-world data from a large-scale enterprise network consisting of 17K hosts from Los Alamos security lab.The dataset is efficiently analyzed to reveal APT attack characteristics between the command and control center and the victim hosts.The final result is a ranked list of suspicious hosts participating in APT attack activities.The model can effectively detect the suspicious hosts suspected of participating in APT activities at different stages of the APT attack process.Such a modeling approach is useful to security and network analysts as a supplement to automated IDS since some aspects of the APT attack cycle cannot be automatically detected.