A Programmable Threat Intelligence Framework for Containerized Clouds

Abstract

Contemporarily one of the main challenges for information security community is the growing number of cyber threats. Large scaled globally orchestrated and constantly evolving attacks are affecting our information systems and technologies every day. Therefore collection and the exchange of cyber threat intelligence is of supreme importance. The term Cyber Threat Intelligence (CTI) has emerged with the contemporary because of merging the cyber intelligence concepts with the risk and threat management in cyber space. Today a number of security companies provide cyber threat intelligence with their sensors deployed worldwide Security Information and Event Management (SIEM) software and Intrusion Detection and Prevention Systems (IDPS) working collaboratively. The collection of Cyber Threat Intelligence is the process of collecting and producing actionable information of threats and threat actors aimed at increasing awareness and operational capabilities upon recognition of attack and attempt scenarios in a timely fashion. This research aims to investigate the recent developments of SDN and Containerized Clouds with a security perspective. The implementation of a containerized cloud with a programmable network of honeypot is implemented in this research. The implementation is tested with a scenario where a propagation of a worm that is originated from an infected container image. The security mechanisms on the cloud are fed with the collected CTI and results of the experiments along with discussions are presented.