Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks

  • Xiaoyan SunEmail author
  • Jun Dai
  • Anoop Singhal
  • Peng Liu
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 152)


Enterprise networks are migrating to the public cloud to acquire computing resources for promising benefits in terms of efficiency, expense, and flexibility. Except for some public services, the enterprise network islands in cloud are expected to be absolutely isolated from each other. However, some “stealthy bridges” may be created to break such isolation due to two features of the public cloud: virtual machine image sharing and virtual machine co-residency. This paper proposes to use cross-layer Bayesian networks to infer the stealthy bridges existing between enterprise network islands. Prior to constructing cross-layer Bayesian networks, cloud-level attack graphs are built to capture the potential attacks enabled by stealthy bridges and reveal hidden possible attack paths. The result of the experiment justifies the cross-layer Bayesian network’s capability of inferring the existence of stealthy bridges given supporting evidence from other intrusion steps in a multi-step attack.


Cloud Stealthy bridge Bayesian network Attack graph 



This work was supported by ARO W911NF-09-1-0525 (MURI), NSF CNS-1223710, NSF CNS-1422594, ARO W911NF-13-1-0421 (MURI), and AFOSR W911NF1210055.


  1. 1.
    Amazon Elastic Compute Cloud (EC2).
  2. 2.
  3. 3.
    Windows Azure: Microsoft’s Cloud.
  4. 4.
    Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbors expense). In: Proceedings of the 2012 ACM conference on Computer and communications security (CCS) (2012)Google Scholar
  5. 5.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 2009 ACM CCS (2009)Google Scholar
  6. 6.
    Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium (2001)Google Scholar
  7. 7.
    Szefer, J., Keller, E., Lee, R.B., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 2011 ACM CCS (2011)Google Scholar
  8. 8.
    Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., Butler, K.: Detecting co-residency with active traffic analysis techniques. In: Proceedings of the 2012 ACM Workshop on Cloud computing security workshop (CCSW) (2012)Google Scholar
  9. 9.
    Dai, J., Sun, X., Liu, P.: Patrol: revealing zero-day attack paths through network-wide system object dependencies. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 536–555. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  10. 10.
    Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: co-residency detection in the cloud via side-channel analysis. In: 2011 Symposium on Security and Privacy (S&P) (2011)Google Scholar
  11. 11.
    Chen, Y., Paxson, V., Katz, R.H.: What’s new about cloud computing security. University of California, Berkeley Report No. UCB/EECS-2010-5, January 2010Google Scholar
  12. 12.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: 2002 Symposium on Security and Privacy (S&P) (2002)Google Scholar
  13. 13.
    Ramakrishnan, C.R., Sekar, R.: Model-based analysis of configuration vulnerabilities. J. Comput. Secur. 10(1/2), 189–209 (2002)CrossRefGoogle Scholar
  14. 14.
    Phillips C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New security paradigms (1998)Google Scholar
  15. 15.
    Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, vol. 5, pp. 247–266. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  16. 16.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 2002 ACM CCS (2002)Google Scholar
  17. 17.
    Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference (ACSAC) (2006)Google Scholar
  18. 18.
    Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 2006 ACM Conference on Computer and Communications Security (2006)Google Scholar
  19. 19.
    Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: A logic-based network security analyzer. In: USENIX Security Symposium (2005)Google Scholar
  20. 20.
    Balduzzi, M., Zaddach, J., Balzarotti, D., Kirda, E., Loureiro, S.: A security analysis of Amazon’s elastic compute cloud service. In: Proceedings of the 27th ACM SAC (2012)Google Scholar
  21. 21.
    Lazri, K., Laniepce, S., Ben-Othman, J.: Reconsidering intrusion monitoring requirements in shared cloud platforms. In: Availability, Reliability, and Security (ARES). IEEE (2013)Google Scholar
  22. 22.
  23. 23.
    Xie, P., Li, J., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: Dependable Systems and Networks (DSN). IEEE/IFIP (2010)Google Scholar
  24. 24.
  25. 25.
  26. 26.
  27. 27.
  28. 28.
  29. 29.
  30. 30.
  31. 31.
  32. 32.
  33. 33.
  34. 34.
    Bugiel, S., Nrnberger, S., Pppelmann, T., Sadeghi, A.-R., Schneider, T.: AmazonIA: when elasticity snaps back. In: Proceedings of the 2011 ACM CCS (2011)Google Scholar
  35. 35.
    Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In:19th Annual Computer Security Applications Conference (ACSAC) (2003)Google Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015

Authors and Affiliations

  1. 1.The Pennsylvania State UniversityState CollegeUSA
  2. 2.California State UniversitySacramentoUSA
  3. 3.National Institute of Standards and TechnologyGaithersburgUSA

Personalised recommendations