Edge aggregation based Bayesian modeling of cyber attacks in hypervisor-enabled IaaS cloud networks

The Infrastructure as a Service (IaaS) offering of cloud computing has come to alleviate some of the challenges associated with infrastructural investments and other related costs for enterprise users. However, hypervisor networks in IaaS environments are not immune to security breaches as the components therein tend to exhibit vulnerabilities which are exploited by attackers. Attackers chain together these vulnerabilities for effective attack path traversal in a given attack. The challenge has not been in identifying the vulnerable components but in capturing the dependencies amongst the vulnerabilities and statistically evaluating the effect exerted by one vulnerability unto another. In this paper, we capture the dependencies between vulnerabilities in hypervisor networks by aggregating incoming attack edges via disjunction and conjunction of attack events in the resultant Bayesian attack network. We illustrate the use of local conditional probabilities distributions at a given node to evaluate the likelihood of node exploitation for attack propagation under varying conditions. We further identify critical nodes and edges without which a given attack will not materialize and show how a security analyst can use such in the security mitigation process. We model the security status of the target node using a finite state machine where state transitions are induced by attack instances in the aggregated critical edge.