Network-based Active Defense for Securing Cloud-based Healthcare Data Processing Pipelines

Active defense schemes are becoming critical to secure cloud-based applications in the fields such as healthcare, entertainment, and manufacturing. Active defense mechanisms in cloud platforms need to be robust against targeted attacks (such as Distributed Denial-of-Service (DDoS), malware, and SQL...

Full description

Saved in:
Bibliographic Details
Main Authors: Akashe, Vaibhav, Neupane, Roshan Lal, Alarcon, Mauro Lemus, Wang, Songjie, Calyam, Prasad
Format: Conference Proceeding
Language:English
Subjects:
Active defense
Cloud computing
COVID-19
Cybersecurity Analytics
Data analysis
Data processing
Healthcare Data Application
Medical services
Pipelines
Threat Risk Assessment
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Active defense schemes are becoming critical to secure cloud-based applications in the fields such as healthcare, entertainment, and manufacturing. Active defense mechanisms in cloud platforms need to be robust against targeted attacks (such as Distributed Denial-of-Service (DDoS), malware, and SQL injection) that make servers unresponsive and/or cause data breaches/loss, which in turn can cause high impact especially for healthcare applications. In this paper, we present a novel network-based active defense mechanism viz., "defense by pretense" that uses real-time attack detection and creates cyber deception e.g., by redirecting attacker's traffic to quarantine machines and sending spoofed responses to attacker for cloud-based healthcare data processing applications. We implement our active defense mechanism by creating a realistic testbed on AWS cloud platform featuring the Observational Health Data Sciences and Informatics (OHDSI) framework for protected health data analytics with electronic health record data (SynPUF) and COVID-19 publications (CORD-19). Our evaluation experiments show the need and effectiveness of our active defense mechanism against targeted resource and data exfiltration attacks. We compare our active defense system against state-of-the-art active defense works, and our results show that our system is cost-effective, scalable and easy to deploy for active defense.
ISSN:2637-9430
DOI:10.1109/ICCCN52240.2021.9522267