Real-Time Lateral Movement Detection Based on Evidence Reasoning Network for Edge Computing Environment

Edge computing provides high-class intelligent services and computing capabilities at the edge of the networks. The aim is to ease the backhaul impacts and offer an improved user experience. However, the edge artificial intelligence exacerbates the security of the cloud computing environment due to the dissociation of data, access control, and service stages. In order to prevent users from carrying out lateral movement attacks in an edge-cloud computing environment, in this paper we propose a real-time lateral movement detection method, named CloudSEC, based on an evidence reasoning network for the edge-cloud environment. First, the concept of vulnerability correlation is introduced. Based on the vulnerability knowledge and environmental information of the network system, the evidence reasoning network is constructed, and the lateralmovement reasoning ability provided by the evidence reasoning network is then used. The experiment results show that Cloud-SEC provides a strong guarantee for the rapid and effective evidence investigation, as well as real-time attack detection.