Cyber Attacks in Cloud Computing: Modelling Multi-stage Attacks using Probability Density Curves

Abstract

Cyber attacks in cloud computing more often than not tend to exploit vulnerabilities and weaknesses found in the underlying structural components of the cloud. Such vulnerabilities and weaknesses have drawn interest from various attack profiles ranging from script kiddies to APTs. Regardless of the attack profile, cyber attackers have come to leverage the interdependencies exhibited amongst these vulnerabilities by chaining exploits together to effectuate complex interlinked attack paths. Such chaining of vulnerabilities in cloud components results in multi-stage attacks where the attacker traverses different segments of the cloud residing in different layers to reach the target. In this paper, we partition the cloud into three different layers to show how multi-stage attacks on Confidentiality, Integrity and Availability (CIA) interleave with the SaaS, PaaS and IaaS cloud computing service models. Further, we generate multi-stage attack paths based on the vulnerabilities exhibited in the components across the partitioned cloud layers. Furthermore, we model the constituents of multi-stage attack events as discrete random Bernoulli variables to characterize the attack path pursued by a given attack profile. We generate probability density curves of the associated resultant attack paths to infer on the nature of the attack and recommend a hierarchical security mitigation process based on the nature of the attack nodes.