Misuse detection in a simulated IaaS environment

Burhan Al-Bayati, Nathan Clarke*, Paul Dowland, Fudong Li

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

156 Downloads (Pure)


Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to increase vulnerability to potential attacks and sensitive customer information being misused. To be able to detect this misuse, an additional intelligent security measures are arguably required. Tracking user’s activity by building user behaviour profiles is one technique that has been successfully applied in a variety of applications such as telecommunication misuse and credit card fraud. This paper presents an investigation into applying behavioural profiling in a simulated IaaS-based infrastructure for the purposes of misuse detection by verifying the active user continuously and transparently. In order to examine the feasibility of this approach within cloud infrastructure services, a private dataset was collected containing real interactions of 60 users over a three-week period (totalling 1,048,195 log entries). A series of experiments were conducted using supervised machine learning algorithms to examine the ability of detecting abnormal usage. The best experimental result of 0.32% Equal Error Rate is encouraging and indicates the ability of identifying misuse within cloud computing services via the behavioural profiling technique.

Original languageEnglish
Title of host publicationEmerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings
EditorsAndrea Saracino, Paolo Mori
PublisherSpringer Verlag
Number of pages13
ISBN (Electronic)978-3-030-04372-8
ISBN (Print)978-3-030-04371-1
Publication statusPublished - Dec 2018
Event1st International Workshop on Emerging Technologies for Authorization and Authentication - Barcelona, Spain
Duration: 7 Sept 20187 Sept 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11263 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference1st International Workshop on Emerging Technologies for Authorization and Authentication
Abbreviated titleETAA 2018


  • Behavioural profiling
  • Cloud computing services
  • Continuous identity verification
  • IaaS
  • Misuse


Dive into the research topics of 'Misuse detection in a simulated IaaS environment'. Together they form a unique fingerprint.

Cite this