Network-based Active Defense for Securing Cloud-based Healthcare Data Processing Pipelines

Abstract

Active defense schemes are becoming critical to secure cloud-based applications in the fields such as healthcare, entertainment, and manufacturing. Active defense mechanisms in cloud platforms need to be robust against targeted attacks (such as Distributed Denial-of-Service (DDoS), malware, and SQL injection) that make servers unresponsive and/or cause data breaches/loss, which in turn can cause high impact especially for healthcare applications. In this paper, we present a novel network-based active defense mechanism viz., “defense by pretense” that uses real-time attack detection and creates cyber deception e.g., by redirecting attacker’s traffic to quarantine machines and sending spoofed responses to attacker for cloud-based healthcare data processing applications. We implement our active defense mechanism by creating a realistic testbed on AWS cloud platform featuring the Observational Health Data Sciences and Informatics (OHDSI) framework for protected health data analytics with electronic health record data (SynPUF) and COVID-19 publications (CORD-19). Our evaluation experiments show the need and effectiveness of our active defense mechanism against targeted resource and data exfiltration attacks. We compare our active defense system against state-of-the-art active defense works, and our results show that our system is cost-effective, scalable and easy to deploy for active defense.