Insider Threats to Cloud Computing: Directions for New Research Challenges

Claycomb, William R.; Nicoll, Alex

doi:10.1109/compsac.2012.113

Cited by 106 publications

(39 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We screened 177 abstracts, evaluated 50 full-text articles, and included 37 articles-a total of 22 studies (59 %) propose novel IDPAs [9,. The other 15 papers either propose new features for IDP or discusses challenges associated with IDP [33][34][35][36][37][38][39][40][41][42][43][44][45][46][47]. Figure 1 presents the flow chart of the study selection process.…”

Section: Study Selectionmentioning

confidence: 99%

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

Gheyas

Abdallah

2016

Big Data Anal

View full text Add to dashboard Cite

Cyber security is vital to the success of today's digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950-2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders' online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detection and prediction algorithms, our meta-analysis study excludes theoretical papers proposing conceptual algorithms from the 37 selected papers resulting in the selection of 13 papers. We rank the insider threat detection and prediction algorithms presented in the 13 selected papers based on the theoretical merits and the transparency of information. To determine the significance of rank sums, we perform "the Friedman two-way analysis of variance by ranks" test and "multiple comparisons between groups or conditions" tests.

show abstract

Section: Study Selectionmentioning

confidence: 99%

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

Gheyas

Abdallah

2016

Big Data Anal

View full text Add to dashboard Cite

show abstract

“…Identified cloud security aspects include governance and compliance, virtualization, identity management [21][22] [23], and various threats aspects [24] [25]. Cloud Security Alliance (CSA) published the security report namely The Treacherous Twelve Cloud Computing Top Threats in 2016 providing organizations with the awareness of cloud security issues in making educated risk-management decisions [26].…”

Section: 2mentioning

confidence: 99%

Capability Maturity Model and Metrics Framework for Cyber Cloud Security

Le¹,

Hoang²

2017

SCPE

View full text Add to dashboard Cite

Abstract. Cyber space is affecting all areas of our life. Cloud computing is the cutting-edge technology of this cyber space and has established itself as one of the most important resources sharing technologies for future on-demand services and infrastructures that support Internet of Things (IOTs), big data platforms and software-defined systems/services. More than ever, security is vital for cloud environment. There exist several cloud security models and standards dealing with emerging cloud security threats. However, these models are mostly reactive rather than proactive and they do not provide adequate measures to assess the overall security status of a cloud system. Out of existing models, capability maturity models, which have been used by many organizations, offer a realistic approach to address these problems using management by security domains and security assessment on maturity levels. The aim of the paper is twofold: first, it provides a review of cyber space, cyber security, cloud security models and standards, cyber security capability maturity models and security metrics; second, it proposes a cloud security capability maturity model (CSCMM) that extends existing cyber security models with a security metric framework. CSCMM aims to present a credible overall security assessment of a cloud system to senior managers and to enable security experts to predict and identify necessary security measures.

show abstract

“…These changes can affect how insider attacks [26] and intrusions are performed. For example, the physical machine on which a VM is hosted can affect potential attacks scenarios.…”

Section: Adaptive Evidence Collection Scenariosmentioning

confidence: 99%