TY - JOUR
T1 - Real-Time Lateral Movement Detection Based on Evidence Reasoning Network for Edge Computing Environment
AU - Tian, Zhihong
AU - Shi, Wei
AU - Wang, Yuhang
AU - Zhu, Chunsheng
AU - Du, Xiaojiang
AU - Su, Shen
AU - Sun, Yanbin
AU - Guizani, Nadra
N1 - Publisher Copyright:
© 2005-2012 IEEE.
PY - 2019/7
Y1 - 2019/7
N2 - Edge computing provides high-class intelligent services and computing capabilities at the edge of the networks. The aim is to ease the backhaul impacts and offer an improved user experience. However, the edge artificial intelligence exacerbates the security of the cloud computing environment due to the dissociation of data, access control, and service stages. In order to prevent users from carrying out lateral movement attacks in an edge-cloud computing environment, in this paper we propose a real-time lateral movement detection method, named CloudSEC, based on an evidence reasoning network for the edge-cloud environment. First, the concept of vulnerability correlation is introduced. Based on the vulnerability knowledge and environmental information of the network system, the evidence reasoning network is constructed, and the lateral movement reasoning ability provided by the evidence reasoning network is then used. The experiment results show that CloudSEC provides a strong guarantee for the rapid and effective evidence investigation, as well as real-time attack detection.
AB - Edge computing provides high-class intelligent services and computing capabilities at the edge of the networks. The aim is to ease the backhaul impacts and offer an improved user experience. However, the edge artificial intelligence exacerbates the security of the cloud computing environment due to the dissociation of data, access control, and service stages. In order to prevent users from carrying out lateral movement attacks in an edge-cloud computing environment, in this paper we propose a real-time lateral movement detection method, named CloudSEC, based on an evidence reasoning network for the edge-cloud environment. First, the concept of vulnerability correlation is introduced. Based on the vulnerability knowledge and environmental information of the network system, the evidence reasoning network is constructed, and the lateral movement reasoning ability provided by the evidence reasoning network is then used. The experiment results show that CloudSEC provides a strong guarantee for the rapid and effective evidence investigation, as well as real-time attack detection.
KW - Cloud computing
KW - correlation
KW - edge artificial intelligence
KW - lateral movement
KW - network security
UR - http://www.scopus.com/inward/record.url?scp=85063893281&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063893281&partnerID=8YFLogxK
U2 - 10.1109/TII.2019.2907754
DO - 10.1109/TII.2019.2907754
M3 - Article
AN - SCOPUS:85063893281
SN - 1551-3203
VL - 15
SP - 4285
EP - 4294
JO - IEEE Transactions on Industrial Informatics
JF - IEEE Transactions on Industrial Informatics
IS - 7
M1 - 8675514
ER -