Detection of enumeration attacks in cloud environments using infrastructure log data

Abstract

With the ever-increasing number of cyber threats in today's world, attack identification has become a significant challenge. Furthermore, nowadays a significant number of enterprises are migrating to cloud-based environments to save costs and resources. This indicates that traditional approaches to confront cyber threats are not effective in the cloud environment. Considering the vast size and distributed nature of cloud computing systems, deep learning algorithms offer effective solutions to detect threats in cloud environments. In this project, two different neural network models, Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN) are adopted to train and evaluate using cloud log data to identify attackers' reconnaissance and enumeration activities. The two models leverage the infrastructure log data related to gain access to critical assets for attack identification. LSTM owing to having memory to capture what has been calculated so far is beneficial for this purpose. The data that is provided by the partner company, eSentire Inc., is used for training and evaluating the models. The two models achieved the same final accuracy of 99.96% in log anomaly detection. A basic visualization dashboard is created for the model to monitor detected incidents and data breaches.