Mitigating insider threat in cloud relational databases

Yaseen, Qussai; Althebyan, Qutaibah; Panda, Brajendra; Jararweh, Yaser

doi:10.1002/sec.1405

Cited by 14 publications

(11 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table 6 presents the results obtained when considering scenario #5, where N users exploit 1 role for abusing 1 service. In this case, we have kept fixed the number of common users to 100, whilst varying the number of abusing users, according to existing similar experiments [25]. We noticed a detection time between 6 and 7 seconds for different numbers of malicious users.…”

Section: Resultsmentioning

confidence: 99%

“…For the performance experiments in our private Open-Stack cloud, we have considered a population of up to 1000 users, which is a reasonable number considering other similar works. For instance, Feng et al [15] used Symantec Box cloud file-sharing access log data to detect insider threats in a population of 688 users, and Yaseen et al [25] used up to 500 users to assess the performance of models to detect insider threats.…”

Section: Performance Experimentsmentioning

confidence: 99%

See 1 more Smart Citation

Self-adaptive authorisation in OpenStack cloud platform

Silva

Diniz

Cacho

et al. 2018

J Internet Serv Appl

View full text Add to dashboard Cite

Although major advances have been made in protection of cloud platforms against malicious attacks, little has been done regarding the protection of these platforms against insider threats. This paper looks into this challenge by introducing self-adaptation as a mechanism to handle insider threats in cloud platforms, and this will be demonstrated in the context of OpenStack. OpenStack is a popular cloud platform that relies on Keystone, its identity management component, for controlling access to its resources. The use of self-adaptation for handling insider threats has been motivated by the fact that self-adaptation has been shown to be quite effective in dealing with uncertainty in a wide range of applications. Insider threats have become a major cause for concern since legitimate, though malicious, users might have access, in case of theft, to a large amount of information. The key contribution of this paper is the definition of an architectural solution that incorporates self-adaptation into OpenStack Keystone in order to handle insider threats. For that, we have identified and analysed several insider threats scenarios in the context of the OpenStack cloud platform, and have developed a prototype that was used for experimenting and evaluating the impact of these scenarios upon the self-adaptive authorisation system for the cloud platforms.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Performance Experimentsmentioning

confidence: 99%

Self-adaptive authorisation in OpenStack cloud platform

Silva

Diniz

Cacho

et al. 2018

J Internet Serv Appl

View full text Add to dashboard Cite

show abstract

“…Furthermore, this algorithm restricts ordering between items and rates similar rules differently. Yaseen et al [21] discuss how load balancing across availability zones may increase insider attacks. They deal with insider attacks in cloud relational database systems by‫ا‬revealing the flaws‫ا‬in cloud‫ا‬computing‫ا‬that insiders may‫ا‬use to launch attacks.…”

Section: State-of-the-artmentioning

confidence: 99%

Correlation‐based sequence alignment models for detecting masquerades in cloud computing

Kholidy

2020

IET Information Security

View full text Add to dashboard Cite

“…The knowledgebase technique was extended to cloud computing systems. It aims to achieve advance detection of possible insider threats (Yaseen et al, 2013(Yaseen et al, , 2016Althebyan et al, 2015).…”

Section: Related Workmentioning

confidence: 99%

Hierarchical detection of insider attacks in cloud computing systems

Jarrah

Ayoub

Jararweh

2017

IJICS

Self Cite

View full text Add to dashboard Cite

Abstract:Cloud computing has emerged as a new computing paradigm with enormous benefits that have attracted many businesses and service providers. As a result, it is critical to ensure highly available and resilient cloud system that continues to operate correctly under different circumstances. This is endangered by risks of cloud insider attacks. In this work, we propose an artificial intelligence based system to detect cloud insider attacks. A hierarchical detection system is used to ensure high detection accuracy and speed. In the first layer, we use a simple expert system to classify the insider as a normal, an attacker, or a probable attacker. The system reacts accordingly by allowing normal insiders to continue their work, blocking attackers, and performing further investigation on probable attackers in the second layer using a decision tree. Simulation results show that our system is able to detect insider attacks with 99.67% detection accuracy.

show abstract

Mitigating insider threat in cloud relational databases

Cited by 14 publications

References 22 publications

Self-adaptive authorisation in OpenStack cloud platform

Self-adaptive authorisation in OpenStack cloud platform

Correlation‐based sequence alignment models for detecting masquerades in cloud computing

Hierarchical detection of insider attacks in cloud computing systems

Contact Info

Product

Resources

About