Insider Threat Reduction Model for the cloud environment
Loading...
Date
2014
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Zululand
Abstract
Cloud computing is a growing paradigm that offers a lot of benefits to cloud users. Despite the potential benefits that cloud computing could offer to business and individuals, security threat remains one of the growing concerns that are hindering the adoption of this paradigm. Specifically, the Insider threat is of greatest concern. In the traditional systems, insiders are regarded as current employees, former employees and any stakeholders that have access to the system. However, in the cloud computing environment the scope of insider expands to include contractors, administrator and employees of the cloud service provider. All these have the potential to compromised customer data stored in the cloud. As a result, customers are not comfortable with the idea of moving their critical information to the cloud service provider. The challenge then becomes how to ensure that malicious insiders do not compromise the security of customer data and applications. Solutions are still needed to ensure that the data stored in the cloud is secure from malicious insiders of the cloud service provider. In an effort to address this problem, this work presents an insider threat reduction model for the cloud environment. The model uses sequential rule mining techniques to reason about the behaviour patterns of the user and predict whether a user is a normal user or a malicious user who has masqueraded in the system. A rule learning algorithm was developed and used in learning the behavior pattern of users, in order to build user profiles. Matching algorithm was also developed and then used to match the historical behavior of the user with the current behavior, in order to identify users that masquerade in the system as normal user. The result obtained proved that the proposed insider threat reduction model of the cloud environment maybe an effective solution in reducing insider attacks that originated from malicious users by accurately predicting whether a user was normal user or malicious user based on the behaviour patterns.
Description
A dissertation submitted to the Faculty of Science and Agriculture in fulfilment of the requirements for the degree of Master of Science in the Department of Computer Science at the University of Zululand, South Africa, 2014
Keywords
cloud computing --Threat Reduction Model