Toward scalable graph-based security analysis for cloud networks

Cloud-based systems and services are seeing exponential growth in the last few years. Many companies digital actively migrating their storage computational needs to cloud. With such an expansion of virtual services, security threats also significantly increasing. Utilizing Attack Representation Methods (ARMs) Graph (AG) enables administrator understand cloud network’s current situation. However, AG suffers from scalability challenges. It relies on connectivity between vulnerabilities associated with allow system realize its state. This approach caused be vast challenging generate analyze. To address challenges, we propose a segmentation-based scalable state (S3) framework for network. Our utilizes well-known divide-and-conquer divide large network region into smaller, manageable segments. We follow segmentation derived K-means clustering algorithm partition segments based similarity services. A distributed firewall (DFW) separates ensure attacker cannot move laterally compromise them. evaluation shows that separation not only preserves original reachability but enhances AG. The presented (a) provides attack graph generation by reducing time density, which turn reduces complexity analysis extensive network, (b) ensures loop-free through utilization cycle detection removal algorithm, (c) presents provide optimal number cost implementing using rules.