Strategies for Intrusion Monitoring in Cloud Services
George R. S. Weir, Andreas A{\ss}muth
TL;DR
This paper discusses strategies for intrusion monitoring in cloud services, emphasizing the importance of credible log data and resilient data sharing to detect and mitigate malicious tampering by intruders.
Contribution
It proposes an approach to ensure log data credibility and enable data sharing for log reconstruction despite malicious impairments in cloud environments.
Findings
Proposes methods to verify log data integrity in cloud monitoring.
Introduces techniques for resilient log data sharing and reconstruction.
Addresses challenges of intrusion and tampering in cloud activity logs.
Abstract
Effective activity and event monitoring is an essential aspect of digital forensic readiness. Techniques for capturing log and other event data are familiar from conventional networked hosts and transfer directly to the Cloud context. In both contexts, a major concern is the risk that monitoring systems may be targeted and impaired by intruders seeking to conceal their illicit presence and activities. We outline an approach to intrusion monitoring that aims (i)~to ensure the credibility of log data and (ii)~provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Smart Grid Security and Resilience