| Title | SlingShot - Automated Threat Detection and Incident Response in Multi Cloud Storage Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Torkura, Kennedy A., Sukmana, Muhammad I.H., Cheng, Feng, Meinel, Christoph |
| Conference Name | 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA) |
| Keywords | Amazon S3, Amazon Web Services, Automated Response Actions, automated threat detection, chaos, cloud computing, cloud event log, cloud storage infrastructure, cloud storage security, cloud threat detection, Cloud-Security, composability, contemporary cloud attacks, Correlation, CSBAuditor, cyber-attacks, dynamic methods, dynamic snapshotting, Google, Google cloud platform, Google cloud storage, Guidelines, Incident Response, incident response system, multicloud storage systems, pubcrawl, Real-time Systems, recovery strategies, Resiliency, security, security events, security issues, security of data, security risk assessment, SlingShot, static methods, storage management, threat detection, web services |
| Abstract | Cyber-attacks against cloud storage infrastructure e.g. Amazon S3 and Google Cloud Storage, have increased in recent years. One reason for this development is the rising adoption of cloud storage for various purposes. Robust counter-measures are therefore required to tackle these attacks especially as traditional techniques are not appropriate for the evolving attacks. We propose a two-pronged approach to address these challenges in this paper. The first approach involves dynamic snapshotting and recovery strategies to detect and partially neutralize security events. The second approach builds on the initial step by automatically correlating the generated alerts with cloud event log, to extract actionable intelligence for incident response. Thus, malicious activities are investigated, identified and eliminated. This approach is implemented in SlingShot, a cloud threat detection and incident response system which extends our earlier work - CSBAuditor, which implements the first step. The proposed techniques work together in near real time to mitigate the aforementioned security issues on Amazon Web Services (AWS) and Google Cloud Platform (GCP). We evaluated our techniques using real cloud attacks implemented with static and dynamic methods. The average Mean Time to Detect is 30 seconds for both providers, while the Mean Time to Respond is 25 minutes and 90 minutes for AWS and GCP respectively. Thus, our proposal effectively tackles contemporary cloud attacks. |
| DOI | 10.1109/NCA.2019.8935040 |
| Citation Key | torkura_slingshot_2019 |
SlingShot - Automated Threat Detection and Incident Response in Multi Cloud Storage Systems