About being the Tortoise or the Hare? - A Position Paper on Making Cloud Applications too Fast and Furious for Attackers

TL;DR

This paper proposes an immune system-inspired active defense approach for cloud applications to detect and purge intruders, reducing undetected intrusion periods significantly.

Contribution

It introduces a novel adaptive defense mechanism inspired by biological immune systems for cloud security, addressing the limitations of traditional fortress-like security.

Findings

Reduced undetected intrusion duration to minutes

Effective across multiple cloud platforms

Demonstrated potential for proactive intrusion management

Abstract

Cloud applications expose - beside service endpoints - also potential or actual vulnerabilities. And attackers have several advantages on their side. They can select the weapons, the point of time and the point of attack. Very often cloud application security engineering efforts focus to harden the fortress walls but seldom assume that attacks may be successful. So, cloud applications rely on their defensive walls but seldom attack intruders actively. Biological systems are different. They accept that defensive "walls" can be breached at several layers and therefore make use of an active and adaptive defense system to attack potential intruders - an immune system. This position paper proposes such an immune system inspired approach to ensure that even undetected intruders can be purged out of cloud applications. This makes it much harder for intruders to maintain a presence on victim systems. Evaluation experiments with popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) showed that this could minimize the undetected acting period of intruders down to minutes.