Detecting Insider Malicious Activities in Cloud Collaboration Systems

Smrithy, G. S.; Cuzzocrea, A.; Balakrishnan, R.

doi:10.3233/FI-2018-1704

Powiadomienia systemowe

Sesja wygasła!

Artykuł - szczegóły

Tytuł artykułu

Detecting Insider Malicious Activities in Cloud Collaboration Systems

Autorzy

Smrithy G. S. , Cuzzocrea A. , Balakrishnan R.

Wybrane pełne teksty z tego czasopisma

https://fi.episciences.org/

Identyfikatory

DOI

10.3233/FI-2018-1704

Warianty tytułu

Języki publikacji

Abstrakty

Cloud Collaboration Systems (CCS) offer efficient coordination among users to work on shared tasks in diverse distributed environments such as social networking, healthcare, wikis, and intelligent systems. Many cloud collaboration systems services are basically loosely coupled in nature. The flexibility of such CCS lead to various vulnerabilities in the system since the users are given broad access privileges. This may result in catastrophic activities from malicious insiders which in turn result in major misuse and abuse of information. While many sophisticated security mechanisms have been established to detect outsider threats in various systems, a very few works have been reported so far to detect anomalous insider activities in complex CCS. In this paper, we propose a Sliding Window based Anomaly Detection using Maximum Mean Discrepancy or SWAD-MMD model to detect anomalous insider activities via access network of users and objects. The main scope of this paper is to exploit information theoretic and statistical techniques to address the above security issues in order to provide information theoretically provable security (i.e., anomaly detection with vanishing probability of error) based on graph based Maximum Mean Discrepancy (MMD) that measures the distance between mean embedding of distributions into a Reproducing Kernel Hilbert Space (RKHS). The theoretical aspects show that the proposed approach is suitable for detecting anomalous insider activities in dynamic cloud collaborative systems. Finally we validate the proposed model using two publicly available datasets from Wikipedia and present a performance evaluation in terms of accuracy of the proposed model.

Słowa kluczowe

cloud collaboration systems maximum mean discrepancy reproducing kernel Hilbert space anomaly detection SWAD-MMD model

Wydawca

IOS Press

Czasopismo

Fundamenta Informaticae

Rocznik

2018

Tom

Vol. 161, nr 3

Strony

299--316

Opis fizyczny

Bibliogr. 55 poz., rys., tab., wykr.

Twórcy

autor

Smrithy G. S.

smrithygs1990@gmail.com

Dept. of Computer Applications, National Institute of Technology, Tiruchirappalli - 620015, India

autor

Cuzzocrea A.

DIA Department, University of Trieste, Trieste, Italy

autor

Balakrishnan R.

Dept. of Computer Applications, National Institute of Technology, Tiruchirappalli - 620015, India

Bibliografia

[1] Agyemang M, Barker K, Alhajj R. A comprehensive survey of numeric and symbolic outlier mining techniques, Intelligent Data Analysis, 2006;10(6):521-538, ISSN 1088-467X.
[2] Anderson NH, Hall P, Titterington DM. Two-sample test statistics for measuring discrepancies between two multivariate probability density functions using kernel-based density estimates, Journal of Multivariate Analysis, 1994;50(1):41-54. URL https://doi.org/10.1006/jmva.1994.1033.
[3] Anderson RH, and Brackney R. Understanding the insider threat, Proceedings of a March 2004 Workshop, RAND Corporation, 2004, ISBN 0-8330-3680-7.
[4] Anscombe FJ. Rejection of outliers, Technometrics, 1960;2(2):123-146. doi:10.2307/1266540.
[5] Barbara D, Wu N, Jajodia S. Detecting novel network intrusions using bayes estimators, Proceedings of the 2001 SIAM International Conference on Data Mining, SIAM, 2001. URL https://doi.org/10.1137/1.9781611972719.28.
[6] Beimel D, and Peleg M. The context and the SitBAC models for privacy preservation-an experimental comparison of model comprehension and synthesis, IEEE Transactions on Knowledge and Data Engineering, 2010;22(10):1475-1488. doi:10.1109/TKDE.2009.161.
[7] Berlinet A, and Thomas-Agnan C. Reproducing kernel Hilbert spaces in probability and statistics, Springer Science & Business Media, 2011. ISBN-10:1441990976, 13:9781441990976.
[8] Bier EA, Card SK, Bodnar JW. Principles and tools for collaborative entity-based intelligence analysis, IEEE transactions on visualization and computer graphics, 2010;16(2):178-191. doi:10.1109/TVCG.2009.104.
[9] Borgwardt KM. Graph kernels, Ph.D. Thesis, lmu, 2007. URL https://edoc.ub.uni-muenchen.de/7169.
[10] Borgwardt KM, Gretton A, Rasch MJ, Kriegel HP, Schölkopf B, Smola AJ. Integrating structured biological data by kernel maximum mean discrepancy, Bioinformatics, 2006;22(14):e49-e57. doi:10.1093/bioinformatics/btl242.
[11] Borgwardt KM, Kriegel HP, Vishwanathan S, Schraudolph NN. Graph kernels for disease outcome prediction from protein-protein interaction networks, in: Biocomputing 2007, World Scientific, 2007, pp. 4-15. URL http://hdl.handle.net/1885/39403.
[12] Borgwardt KM, Ong CS, Schönauer S, Vishwanathan S, Smola AJ, Kriegel HP. Protein function prediction via graph kernels, Bioinformatics, 2005;21(suppl 1):i47-i56. doi:10.1093/bioinformatics/bti1007.
[13] Byun JW, and Li N. Purpose based access control for privacy protection in relational database systems, The VLDB Journal The International Journal on Very Large Data Bases, 2008;17(4):603-619. doi:10.1007/s00778-006-0023-0.
[14] Chandola V, Banerjee A, Kumar V. Anomaly detection: A survey, ACM computing surveys (CSUR), 2009;41(3): art.15. doi:10.1145/1541880.1541882.
[15] Chen Y, and Malin B. Detection of anomalous insiders in collaborative environments via relational analysis of access logs, Proceedings of the first ACM conference on Data and application security and privacy, ACM, 2011 pp. 63-74. doi:10.1145/1943513.1943524.
[16] Chitrakar R, and Huang C. Anomaly based intrusion detection using hybrid learning approach of combining k-medoids clustering and naive bayes classification, Wireless Communications, Networking and Mobile Computing (WiCOM), 2012 8th International Conference on, IEEE, 2012. doi:10.1109/WiCOM.2012.6478433.
[17] Clifton DA, Clifton L, Hugueny S, Wong D, Tarassenko L. An extreme function theory for novelty detection, IEEE Journal of Selected Topics in Signal Processing, 2013; 7(1):28-37. doi:10.1109/JSTSP.2012.2234081.
[18] Cook DJ, and Holder LB. Mining graph data, John Wiley & Sons, 2006, ISBN 978-0-471-73190-0.
[19] Doss G, and Tejay G. Developing insider attack detection model: a grounded approach, Intelligence and Security Informatics, 2009. ISI’09. IEEE International Conference on, IEEE, 2009 pp. 107-112. ISBN:978-1-4244-4171-6.
[20] Eberle W, and Holder LB. Mining for Structural Anomalies in Graph-based Data, DMIN, 2007. URL http://ailab.wsu.edu/subdue/papers/EberleDMIN07.pdf.
[21] Farid D, Harbi N, Rahman MZ. Combining naive bayes and decision tree for adaptive intrusion detection, arXiv preprint arXiv:1005.4496, 2010. doi:10.5121/ijnsa.2010.2202.
[22] Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA. A sense of self for unix processes, Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on, IEEE, 1996. doi:10.1109/SECPRI.1996.502675.
[23] Fu S, Liu J, Pannu H. A hybrid anomaly detection framework in cloud computing using one-class and two-class support vector machines, International Conference on Advanced Data Mining and Applications, Springer, 2012 pp. pp 726-738. doi:10.1007/978-3-642-35527-1_60.
[24] Gao D, Reiter MK, Song D. On gray-box program tracking for anomaly detection, Department of Electrical and Computing Engineering, 2004, 24. URL http://dl.acm.org/citation.cfm?id=1251375.1251383.
[25] Georgiadis CK, Mavridis I, Pangalos G, Thomas RK. Flexible team-based access control using contexts, Proceedings of the sixth ACM symposium on Access control models and technologies, ACM, 2001 pp. 21-27. doi:10.1145/373256.373259.
[26] González FA, and Dasgupta D. Anomaly detection using real-valued negative selection, Genetic Programming and Evolvable Machines, 2003;4(4):383-403. doi:10.1023/A:1026195112518.
[27] Gunter CA, Liebovitz D, Malin B. Experience-based access management: A life-cycle framework for identity and access management systems, IEEE security & privacy, 2011;9(5):48-55. ISSN:1540-7993.
[28] Hampton MP, and Levi M. Fast spinning into oblivion? Recent developments in money-laundering policies and offshore finance centres, Third World Quarterly, 1999;20(3):645-656. URL https://doi.org/10.1080/01436599913730.
[29] Hillestad R, Bigelow J, Bower A, Girosi F, Meili R, Scoville R, Taylor R. Can electronic medical record systems transform health care? Potential health benefits, savings, and costs, Health affairs, 2005;24(5):1103-1117. doi:0.1377/hlthaff.24.5.1103.
[30] Hoare SW, Asbridge D, Beatty PC. On-line novelty detection for artefact identification in automatic anaesthesia record keeping, Medical Engineering and Physics, 2002;24(10):673-681. URL https://www.ncbi.nlm.nih.gov/pubmed/12460726.
[31] Hodge V, and Austin J. A survey of outlier detection methodologies, Artificial intelligence review, 2004;22(2):85-126. doi:10.1007/s10462-004-4304-y.
[32] Hofmeyr SA, Forrest S, Somayaji A. Intrusion detection using sequences of system calls, Journal of computer security, 1998;6(3):151-180, ISSN 0926-227X.
[33] Holder LB, and Cook DJ. Graph-based data mining, in: Encyclopedia of data warehousing and mining, IGI Global, 2005 pp. 540-545. doi:10.4018/978-1-59140-557-3.ch102.
[34] Joshi JB. Access-control language for multidomain environments, IEEE Internet Computing, 2004;8(6):40-50. doi:10.1109/MIC.2004.53.
[35] Kulkarni D, and Tripathi A. Context-aware role-based access control in pervasive computing systems, Proceedings of the 13th ACM symposium on Access control models and technologies, ACM, 2008 pp. 113-122. doi:10.1145/1377836.1377854.
[36] Leskovec J, and Krevl A. SNAP Datasets: Stanford Large Network Dataset Collection, jun 2014. URL http://snap.stanford.edu/data.
[37] Matzner S, and Hetherington T. Detecting early indications of a malicious insider, IA newsletter, 2004;7(2):42-45. URL https://www.csiac.org/wp-content/uploads/2016/02/Vol7_No2.pdf.
[38] Nguyen N, Reiher P, Kuenning GH. Detecting insider threats by monitoring system call activity, Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society, IEEE, 2003. doi:10.1109/SMCSIA.2003.1232400.
[39] Parveen P, Evans J, Thuraisingham B, Hamlen KW, Khan L. Insider threat detection using stream mining and graph mining, Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third International Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on, IEEE, 2011. doi:10.1109/PASSAT/SocialCom.2011.211.
[40] Patcha A, Park JM. An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer networks, 2007;51(12):3448-3470. URL https://doi.org/10.1016/j.comnet.2007.02.001.
[41] Qiao Y, Xin X, Bin Y, Ge S. Anomaly intrusion detection method based on HMM, Electronics letters, 2002;38(13):663-664. doi:10.1049/el:20020467.
[42] Reddy MC, and Spence PR. Collaborative information seeking: A field study of a multidisciplinary patient care team, Information Processing and Management, 2008;44(1):242-255. ISSN:0306-4573,
[43] Salem MB, and Stolfo SJ. Modeling user search behavior for masquerade detection, International Workshop on Recent Advances in Intrusion Detection, Springer, 2011 pp. 181-200. doi:10.1007/978-3-642-23644-0_10.
[44] Seo YW, and Sycara K. Cost-sensitive access control for illegitimate confidential access by insiders, International Conference on Intelligence and Security Informatics, Springer, 2006. URL https://doi.org/10.1007/11760146_11.
[45] Serfling RJ. Approximation theorems of mathematical statistics. 1980, 2000. doi:10.1002/9780470316481.
[46] Smrithy G, Munirathinam S, Balakrishnan R. Online anomaly detection using non-parametric technique for big data streams in cloud collaborative environment, Big Data (Big Data), 2016 IEEE International Conference on, IEEE, 2016. doi:10.1109/BigData.2016.7840816.
[47] Song L, Bedo J, Borgwardt KM, Gretton A, Smola A. Gene selection via the BAHSIC family of algorithms, Bioinformatics, 2007;23(13):i490-i498. doi:10.1093/bioinformatics/btm216.
[48] Song Q, Hu W, Xie W. Robust support vector machine with bullet hole image classification, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 2002;32(4):440-448. doi:10.1109/TSMCC.2002.807277.
[49] Song X, Wu M, Jermaine C, Ranka S. Conditional anomaly detection, IEEE Transactions on Knowledge and Data Engineering, 2007;19(5):631-645. doi:10.1109/TKDE.2007.1009.
[50] Sun B, Shan X, Wu K, Xiao Y. Anomaly detection based secure in-network aggregation for wireless sensor networks, IEEE Systems Journal, 2013;7(1):13-25. doi:10.1109/JSYST.2012.2223531.
[51] Thomas RK, and Sandhu RS. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management, in: Database Security XI, Springer, 1998, pp. 166-181. doi:10.1007/978-0-387-35285-5_10.
[52] Westphal C. Data Mining for Intelligence, Fraud & Criminal Detection: Advanced Analytics & Information Sharing Technologies, CRC Press, 2008, ISBN: 9781420067231.
[53] Yasami Y, and Mozaffari SP. A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods, The Journal of Supercomputing, 2010;53(1):231245. URL https://doi.org/10.1007/s11227-009-0338-x.
[54] Yeung DY, and Chow C. Parzen-window network intrusion detectors, Pattern Recognition, 2002. Proceedings. 16th International Conference on, 4, IEEE, 2002. doi:0.1109/ICPR.2002.1047476.
[55] Zhang Y. An access control and trust management framework for loosely-coupled multidomain environments, University of Pittsburgh, 2010, ISBN: 9781124832739.

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2018).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-9a1ec847-c448-4e3c-b91b-00387b37fb36