MITC Viz: Visual Analytics for Man-in-the-Cloud Threats Awareness

Abstract

Several common file synchronization services (such as GoogleDrive, Dropbox and so on) are employed as infrastructure for being used by command and control(C&C) and data exfiltration, saying Man-in-the-Cloud (MITC) attacks. MITC is not easily detected by common security measures result in without using any exploits, and re-configuration of these services can easily turn them into an attack tool. In this study, we propose Interactive Visualization Threats Explorer that can be with intuition to aware the potential cloud threats hiding in data and eventually improve the analyzing effectiveness significantly. Drill-down and quick response visualization analytics provides cloud administrators full and deep views between cloud resources and users behavior. In addition, Collaborative Risk Estimator which considers users social and business workflow behavior enhance analysis performance. By learning from past behavior of an individual user and social network relations, rolling up behavior models to continue adapt enterprise environment changes. Analyst can quickly aware high risk access behavior locality from abnormal cloud resource access and drill-down the unusual patterns and access behavior. To illustrate the effectiveness of this approach, we present example explorations on two real-world data sets for the detection and understanding of potential Advanced Persistent Threats in progress.