An article in HPCwire’s sister publication, EnterpriseTech, reports on how a group of cybersecurity researchers is utilizing a cloud computing test bed, called Chameleon and funded by the National Science Foundation, at the Texas Advanced Computing Center (TACC) at The University of Texas at Austin, and the Computational Institute at the University of Chicago to develop methods for detecting and containing cyber-attacks while still in the early stages.
From small, hardly noticeable beginnings the biggest cloud cyber-attacks grow. Called multi-stage intrusion attacks, it’s how hackers create a virtual machine in a public cloud to penetrate the on-prem portion of companies’ hybrid cloud environments. Multi-stage intrusions are responsible for some of the most notorious cyber-attacks in the retail, banking and entertainment industries, such as those at VTech Holdings (digital toymaker), Citigroup and Sony.
The research on Chameleon, which went into full production in July 2015, is carried out by white hat hackers at the University of Arkansas at Pine Bluff (UAPB), North Carolina Agricultural & Technical State University (NCA&T), and Louisiana State University to simulate attacks in the cloud and run Open Source intrusion detection and prevention software, such as Snort, that monitor networks for malicious activity and to detect an intruder hiding in everyday network traffic – the first step in a multi-stage attack. The group’s goal is to reengineer intrusion detection systems by creating new pre-defined rules based on the researchers study of sophisticated attack techniques. The new rules will then become open source items in the Snort repository.
“The one thing were seeing especially is the ‘virtual machine attack,’” Dr. Jessie Walker, associate professor of computer science at UAPB and cyber-security project co-PI, told EnterpriseTech. “Companies assume that data is siloed in the cloud and that on-premises data is removed from everyone else’s even though it’s connected to a public cloud. They don’t understand the smart hacker can get the same cloud storage you’re using (on a public cloud), and then they have a virus or a worm there and find other ways to attack.”
The x86-based Chameleon cluster at TACC and the University of Chicago will consist of 650 nodes with 5 petabytes of storage and a 100Gbps network. The test bed environment provides virtualization technologies that assess the reliability, security and performance of cloud computing. According to Dan Stanzione, executive director at TACC and Chameleon co-investigator, Chameleon is adaptable, designed to support a variety of cloud research methods and architectures, enabling researchers to mix-and-match hardware, software and networking components and test their performance.
Read the full article by Doug Black on EnterpriseTech, http://www.enterprisetech.com/2016/02/06/detecting-multi-stage-cloud-cyber-attacks-from-the-start/