A review on Insider Threats Detection and Prevention Techniques: Analysis, Taxonomy and Challenges (original) (raw)
Related papers
Insider Threat Mitigation in Cloud Computing
International Journal of Computer Applications, 2015
Insider threat is one of the most critical security threats for any Industry, even it is the most eldest strategy to fall an empire down, very common in diplomacy according to the human history. In the cloud computing ecosystem there are several problems that is harder than the normal (not could) scenarios. If the insider threats are the most dangerous threat even in the non-cloud platform then it must has multidimensional attack vectors in cloud computing. Many researches have been done and are being carried out in the field of cyber security for malicious insider attacks. In the provider end of the service, the insider who can harm the system most is the System administrator because he has the highest access control and other privileges. Sometimes when the user demands some resources and the provider is running out of that kind of resource then, they outsource the resource from the third party or cloud broker. The resources are like server, storage and device or public/private cloud. In this paper we propose a technical solution and some policies for the cloud provider to mitigate the insider attack due to the rogue administrator. We also discuss about the possibility of insider attack in outsourcing issue of cloud computing and provide some policies as solution for that problem.
Insider threat detection model for the cloud
Cloud computing is a revolutionary technology that is changing the way people and organizations conduct business. It promises to help organizations save money on IT expenditure while increasing reliability, efficiency and productivity. However, despite the potential benefits that the cloud promises its users, it is facing some security challenges. Insider threats are some of the growing security concerns that are hindering the adoption of the cloud. Cloud providers are faced with a challenge of monitoring usage patterns of users so as to ensure that malicious insiders do not compromise the security of customer data and applications. Solutions are still needed to ensure that the data stored in the cloud is secure from malicious insiders of the cloud service provider. This paper presents an Insider Threat Detection Model that can be used to detect suspicious insider activities. An experimental system was designed to implement this model. This system uses sequential rule mining to detect malicious users by comparing incoming events against user profiles
A Multidimension Taxonomy of Insider Threats in Cloud Computing
The Computer Journal, 2016
The version presented here may differ from the published version or, version of record, if you wish to cite this item you are advised to consult the publisher's version. Please see the 'permanent WRAP URL' above for details on accessing the published version and note that access may require a subscription.
MITIS - An Insider Threats Mitigation Framework for Information Systems
Future Data and Security Engineering, 2017
Cloud computing is now among the most extensively used mean for resource sharing as SaaS, PaaS, and IaaS. Computing Scenarios have been emerged into cloud computing instead of distributed computing. It has provided an efficient and flexible way for dynamic services meeting needs and challenges of the time in cost effective manners. Virtual environments provided the opportunity to migrate traditional systems to the cloud. Cloud service providers and Administrators generally have full access on Virtual Machines (VMs) whereas tenants have limited access on respective VMs. Cloud Admins as well as remote administrators also have full access rights on respective resources and may pose severe insiders threats on which tenants haven shown their concerns. Securing these resources are the key issues. In this paper, available practices for cloud security are investigated and a self-managed framework is introduced to mitigate malicious insider threats posed to these virtual environments.
International Journal of Mathematical, Engineering and Management Sciences, 2019
Security is a critical factor for any of the computing platforms. Cloud computing is a new computing environment but still, its basic technology is the Internet. Thus, Cloud computing environment not only has the threats of its own but it is also prone to security issues of its underlying technology i.e. Internet. In this paper, the authors are proposing a secure routing framework viz. Authenticated Dynamic Routing in Cloud Networks (ADRCN) to mitigate the malicious insider attacks while maintaining the path integrity in the Clouds. Symmetric cryptography with hashing is used to maintain the integrity of the path between the source and destination. The purpose of ADRCN is to maintain the integrity of the path between the client and data center. If malicious insider tries to perform an attack between the client and the data center then it will be detected. This work aims to give a solution for detection and prevention of malicious insider attacks in Cloud-based environments.
Central Asian Journal of Theoretical and Applied Science, 2022
This study examines the security of cloud computing management infrastructures from the perspective of the insider attacker. It is also proposed to design and implement a security system for the infrastructures responsible for the management of cloud computing environment against the insider attacker. To achieve this aim, we designed a security solution that handles login verification and login information storage. The application stores the login information of every personnel who has been defined to access the system. The solution also stores information about infrastructure managers, the host server, the virtual server, the smart routers and switches, all of which are used for storage and transmission of data over the internet. The infrastructural security solution is applicable to Infrastructure as a service (IaaS). The system is also capable of handling authentication of cloud members, verification and monitoring of data transfer, thus maintaining network security for our cloud environment and data confidentiality. The security system also provides the administrator with the privilege of monitoring who is logged into the cloud environment, in other to protect the network from hackers. Because design method is required to complete this research, Waterfall Design Methodology was adopted for the research, design and implementation methodology. Programming is performed using PHP, coding is done using HTML platform, Couchbase offline server is used as our local server for hosting this cloud network security system, and advanced network security Standard algorithm is implemented for ensuring security framework.
Cyber Defenses for Physical Attacks and Insider Threats in Cloud Computing
In cloud computing, most of the computations and data in the data center do not belong to the cloud provider. This leaves owners of applications and data concerned about cyber and physical attacks which may compromise the confidentiality, integrity or availability of their applications or data. While much work has looked at protection from software (cyber) threats, very few have looked at physical attacks and physical security in data centers. In this work, we present a novel set of cyber defense strategies for physical attacks in data centers. We capitalize on the fact that physical attackers are constrained by the physical layout and other features of a data center which provide a time delay before an attacker can reach a server to launch a physical attack, even by an insider. We describe how a number of cyber defense strategies can be activated when an attack is detected, some of which can even take effect before the actual attack occurs. The defense strategies provide improved security and are more cost-effective than always-on protections in the light of the fact that on average physical attacks will not happen often -but can be very damaging when they do occur.
A knowledgebase insider threat mitigation model in the cloud: a proactive approach
International Journal of Advanced Intelligence Paradigms, 2020
Security of cloud computing is a major concern for both organisations and individuals. The cloud users want to make sure that their private data will be safe from disclosure of both outsiders of the cloud as well as from (probably malicious) insiders (cloud agents) of the cloud. Hence, insiders' threats of the cloud computing is a major issue that needs to be tackled and resolved. In this paper, we propose a proactive insider threat model using a knowledgebase approach. Proactive in a sense that our model tries to detect (in advance) any deliberate deviation of the legal accesses an insider might try to perform so that the individuals' private data will be protected and secured. At the same time the cloud resources will be insured to be secured as well as consistent at all times. Knowledgebase models were used earlier in preventing insider threats in both the system level and the database level. This knowledgebase work will be extended to cloud computing systems.
A System for Detecting Malicious Insider Data Theft in IaaS Cloud Environments
2016 IEEE Global Communications Conference (GLOBECOM), 2016
The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems.
Cloud Computing: Mitigating Insider Data Theft Attacks in the Cloud
2021
Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud