A Cloud Computing Based Architecture for Cyber Security Situation Awareness

The exponential growth of cyber space has created opportunities for world-wide web-based businesses and information sharing, but also led to the proliferation of cyber attacks. To conduct the cyber security situation awareness, a large volume of data streams from monitored devices needs to be efficiently stored and processed in real time. In this paper, we propose a cloud computing based architecture for conducting cyber security situation awareness. Particularly, we leverage the cloud infrastructure with a cost-effective data storage and investigate efficient stream processing techniques to reduce operational delays. To effectively detect threats, we present a parallel cloud based threat detection that integrates both signature-based detection and anomaly-based detection. To capture the insightful characteristics of attacks, we discuss the attack scene analysis based on spatiotemporal correlation and visualization schemes to analyze, trace, and visualize abnormal behaviors. Lastly, we present the testbed setup and the implementation workflow to validate the effectiveness of our proposed system.