Lateral Movement Identification in Cross-Cloud Deployment

Research output: Contribution to conferencePaperpeer-review

Abstract

In the cloud computing era, cross-cloud deployments enable organizations to operate across multiple autonomous cloud platforms, offering advantages such as resilience, cost and performance optimization. However, lateral movement attacks, which are critical in the progression of Advanced Persistent Threats (APTs), pose significant challenges in this environment. This paper proposes a Lateral Movement Identification (LMD) system to identify lateral movement attacks in cross-cloud containerized environments. The LMD system utilizes Dynamic Information Flow Tracking (DIFT) and extended Berkeley Packet Filter (eBPF) sandboxes to monitor and associate network traffic within container host kernel without kernel modification. Our experiments validate the efficiency of the LMD system in tracking ingress and egress traffic, differentiating between multiple simultaneous connections, and maintaining minimal performance overhead.
Original languageEnglish
Pages1-4
DOIs
Publication statusPublished - 31 Dec 2024
EventIEEE 20th International Conference on Network and Service Management - Prague, Czech Republic
Duration: 28 Oct 202431 Oct 2024

Conference

ConferenceIEEE 20th International Conference on Network and Service Management
Abbreviated titleIEEE CNSM
Country/TerritoryCzech Republic
CityPrague
Period28/10/2431/10/24

Fingerprint

Dive into the research topics of 'Lateral Movement Identification in Cross-Cloud Deployment'. Together they form a unique fingerprint.

Cite this