Network-based Active Defense for Securing Cloud-based Healthcare Data Processing Pipelines

Active defense schemes are becoming critical to secure cloud-based applications in the fields such as healthcare, entertainment, and manufacturing. Active defense mechanisms in cloud platforms need to be robust against targeted attacks (such as Distributed Denial-of-Service (DDoS), malware, and SQL injection) that make servers unresponsive and/or cause data breaches/loss, which in turn can cause high impact especially for healthcare applications. In this paper, we present a novel network-based active defense mechanism viz., “defense by pretense” that uses real-time attack detection and creates cyber deception e.g., by redirecting attacker’s traffic to quarantine machines and sending spoofed responses to attacker for cloud-based healthcare data processing applications. We implement our active defense mechanism by creating a realistic testbed on AWS cloud platform featuring the Observational Health Data Sciences and Informatics (OHDSI) framework for protected health data analytics with electronic health record data (SynPUF) and COVID-19 publications (CORD-19). Our evaluation experiments show the need and effectiveness of our active defense mechanism against targeted resource and data exfiltration attacks. We compare our active defense system against state-of-the-art active defense works, and our results show that our system is cost-effective, scalable and easy to deploy for active defense.

[1]  Edgar Toshiro Yano,et al.  Towards a Framework to Detect Multi-stage Advanced Persistent Threats Attacks , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[2]  P. Calyam,et al.  Cloud-based data pipeline orchestration platform for COVID-19 evidence-based analytics , 2022, Novel AI and Data Science Advancements for Sustainability in the Era of COVID-19.

[3]  Jeff Avery,et al.  Mitigating Data Exfiltration in Storage-as-a-Service Clouds , 2016, ArXiv.

[4]  Debasish Jena,et al.  Honeypot in network security: a survey , 2011, ICCCS '11.

[5]  Abderrahim Beni Hssane,et al.  Big healthcare data: preserving security and privacy , 2018, Journal of Big Data.

[6]  P. S. Suryateja Threats and Vulnerabilities of Cloud Computing: A Review , 2018 .

[7]  O. Friedman,et al.  Children's generic interpretation of pretense. , 2016, Journal of experimental child psychology.

[8]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[10]  Yu-Chuan Li,et al.  Observational Health Data Sciences and Informatics (OHDSI): Opportunities for Observational Researchers , 2015, MedInfo.

[11]  Hiroshi Fujinoki,et al.  A Survey: Recent Advances and Future Trends in Honeypot Research , 2012 .

[12]  Taejin Lee,et al.  Detection of Advanced Persistent Threat by Analyzing the Big Data Log , 2013 .

[13]  Damir Delija,et al.  Advanced Persistent Threats - detection and defense , 2015, 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[14]  Khilari Shital,et al.  SECURING ELECTRONIC HEALTH RECORDS ON CLOUD , 2016 .

[15]  Julia W. Van de Vondervoort,et al.  Young children protest and correct pretense that contradicts their general knowledge , 2017 .

[16]  Stefan Katzenbeisser,et al.  From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation , 2014, CCS.

[17]  B. B. Gupta,et al.  Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment , 2017, Neural Computing and Applications.

[18]  Junho Choi,et al.  A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment , 2014, Soft Comput..

[19]  Hao Chen,et al.  A Security Evaluation Method Based on STRIDE Model for Web Service , 2010, 2010 2nd International Workshop on Intelligent Systems and Applications.

[20]  Prasad Calyam,et al.  Intelligent defense using pretense against targeted attacks in cloud platforms , 2019, Future Gener. Comput. Syst..

[21]  Fu Jiang,et al.  XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud , 2018, 2018 IEEE International Conference on Big Data and Smart Computing (BigComp).

[22]  A. Kuo Opportunities and Challenges of Cloud Computing to Improve Health Care Services , 2011, Journal of medical Internet research.

[23]  Ruby B. Lee,et al.  Machine Learning Based DDoS Attack Detection from Source Side in Cloud , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[24]  Shahrulniza Musa,et al.  Cloud-Based DDoS HTTP Attack Detection Using Covariance Matrix Approach , 2017, J. Comput. Networks Commun..

[25]  Yan Li,et al.  An Efficient DDoS TCP Flood Attack Detection and Prevention System in a Cloud Environment , 2017, IEEE Access.

[26]  Sajjan G. Shiva,et al.  Security and Privacy in the Internet of Medical Things: Taxonomy and Risk Assessment , 2017, 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops).

[27]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[28]  Sushil Jajodia,et al.  AHEAD: A New Architecture for Active Defense , 2016, SafeConfig@CCS.

[29]  V. Kanimozhi,et al.  Artificial Intelligence based Network Intrusion Detection with Hyper-Parameter Optimization Tuning on the Realistic Cyber Dataset CSE-CIC-IDS2018 using Cloud Computing , 2019, 2019 International Conference on Communication and Signal Processing (ICCSP).

[30]  Wei Jiang,et al.  Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control , 2016, Journal of Medical Systems.