Misuse detection in a simulated IaaS environment

Burhan Al-Bayati; Nathan Clarke; Paul Dowland; Fudong Li

doi:10.1007/978-3-030-04372-8_9

Misuse detection in a simulated IaaS environment

Burhan Al-Bayati, Nathan Clarke^*, Paul Dowland, Fudong Li

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

127 Downloads (Pure)

Abstract

Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to increase vulnerability to potential attacks and sensitive customer information being misused. To be able to detect this misuse, an additional intelligent security measures are arguably required. Tracking user’s activity by building user behaviour profiles is one technique that has been successfully applied in a variety of applications such as telecommunication misuse and credit card fraud. This paper presents an investigation into applying behavioural profiling in a simulated IaaS-based infrastructure for the purposes of misuse detection by verifying the active user continuously and transparently. In order to examine the feasibility of this approach within cloud infrastructure services, a private dataset was collected containing real interactions of 60 users over a three-week period (totalling 1,048,195 log entries). A series of experiments were conducted using supervised machine learning algorithms to examine the ability of detecting abnormal usage. The best experimental result of 0.32% Equal Error Rate is encouraging and indicates the ability of identifying misuse within cloud computing services via the behavioural profiling technique.

Original language	English
Title of host publication	Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings
Editors	Andrea Saracino, Paolo Mori
Publisher	Springer Verlag
Pages	103-115
Number of pages	13
ISBN (Electronic)	978-3-030-04372-8
ISBN (Print)	978-3-030-04371-1
DOIs	https://doi.org/10.1007/978-3-030-04372-8_9
Publication status	Published - Dec 2018
Event	1st International Workshop on Emerging Technologies for Authorization and Authentication - Barcelona, Spain Duration: 7 Sep 2018 → 7 Sep 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11263 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	1st International Workshop on Emerging Technologies for Authorization and Authentication
Abbreviated title	ETAA 2018
Country/Territory	Spain
City	Barcelona
Period	7/09/18 → 7/09/18

Keywords

Behavioural profiling
Cloud computing services
Continuous identity verification
IaaS
Misuse

Access to Document

10.1007/978-3-030-04372-8_9

Misuse detection in a simulated IaaS environment
The final authenticated version is available online at: http://dx.doi.org/10.1007%2F978-3-030-04372-8_9.
Accepted author manuscript (Post-print), 757 KB

Cite this

Al-Bayati, B., Clarke, N., Dowland, P., & Li, F. (2018). Misuse detection in a simulated IaaS environment. In A. Saracino, & P. Mori (Eds.), Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings (pp. 103-115). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11263 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-04372-8_9

Al-Bayati, Burhan ; Clarke, Nathan ; Dowland, Paul et al. / Misuse detection in a simulated IaaS environment. Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings. editor / Andrea Saracino ; Paolo Mori. Springer Verlag, 2018. pp. 103-115 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{12298e0a7d5540b0afec295c91dc11e3,

title = "Misuse detection in a simulated IaaS environment",

abstract = "Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to increase vulnerability to potential attacks and sensitive customer information being misused. To be able to detect this misuse, an additional intelligent security measures are arguably required. Tracking user{\textquoteright}s activity by building user behaviour profiles is one technique that has been successfully applied in a variety of applications such as telecommunication misuse and credit card fraud. This paper presents an investigation into applying behavioural profiling in a simulated IaaS-based infrastructure for the purposes of misuse detection by verifying the active user continuously and transparently. In order to examine the feasibility of this approach within cloud infrastructure services, a private dataset was collected containing real interactions of 60 users over a three-week period (totalling 1,048,195 log entries). A series of experiments were conducted using supervised machine learning algorithms to examine the ability of detecting abnormal usage. The best experimental result of 0.32% Equal Error Rate is encouraging and indicates the ability of identifying misuse within cloud computing services via the behavioural profiling technique.",

keywords = "Behavioural profiling, Cloud computing services, Continuous identity verification, IaaS, Misuse",

author = "Burhan Al-Bayati and Nathan Clarke and Paul Dowland and Fudong Li",

year = "2018",

month = dec,

doi = "10.1007/978-3-030-04372-8_9",

language = "English",

isbn = "978-3-030-04371-1",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "103--115",

editor = "Andrea Saracino and Paolo Mori",

booktitle = "Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings",

address = "Germany",

note = "1st International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2018 ; Conference date: 07-09-2018 Through 07-09-2018",

}

Al-Bayati, B, Clarke, N, Dowland, P & Li, F 2018, Misuse detection in a simulated IaaS environment. in A Saracino & P Mori (eds), Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11263 LNCS, Springer Verlag, pp. 103-115, 1st International Workshop on Emerging Technologies for Authorization and Authentication, Barcelona, Spain, 7/09/18. https://doi.org/10.1007/978-3-030-04372-8_9

Misuse detection in a simulated IaaS environment. / Al-Bayati, Burhan; Clarke, Nathan; Dowland, Paul et al.

Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings. ed. / Andrea Saracino; Paolo Mori. Springer Verlag, 2018. p. 103-115 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11263 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Misuse detection in a simulated IaaS environment

AU - Al-Bayati, Burhan

AU - Clarke, Nathan

AU - Dowland, Paul

AU - Li, Fudong

PY - 2018/12

Y1 - 2018/12

N2 - Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to increase vulnerability to potential attacks and sensitive customer information being misused. To be able to detect this misuse, an additional intelligent security measures are arguably required. Tracking user’s activity by building user behaviour profiles is one technique that has been successfully applied in a variety of applications such as telecommunication misuse and credit card fraud. This paper presents an investigation into applying behavioural profiling in a simulated IaaS-based infrastructure for the purposes of misuse detection by verifying the active user continuously and transparently. In order to examine the feasibility of this approach within cloud infrastructure services, a private dataset was collected containing real interactions of 60 users over a three-week period (totalling 1,048,195 log entries). A series of experiments were conducted using supervised machine learning algorithms to examine the ability of detecting abnormal usage. The best experimental result of 0.32% Equal Error Rate is encouraging and indicates the ability of identifying misuse within cloud computing services via the behavioural profiling technique.

AB - Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to increase vulnerability to potential attacks and sensitive customer information being misused. To be able to detect this misuse, an additional intelligent security measures are arguably required. Tracking user’s activity by building user behaviour profiles is one technique that has been successfully applied in a variety of applications such as telecommunication misuse and credit card fraud. This paper presents an investigation into applying behavioural profiling in a simulated IaaS-based infrastructure for the purposes of misuse detection by verifying the active user continuously and transparently. In order to examine the feasibility of this approach within cloud infrastructure services, a private dataset was collected containing real interactions of 60 users over a three-week period (totalling 1,048,195 log entries). A series of experiments were conducted using supervised machine learning algorithms to examine the ability of detecting abnormal usage. The best experimental result of 0.32% Equal Error Rate is encouraging and indicates the ability of identifying misuse within cloud computing services via the behavioural profiling technique.

KW - Behavioural profiling

KW - Cloud computing services

KW - Continuous identity verification

KW - IaaS

KW - Misuse

UR - http://www.scopus.com/inward/record.url?scp=85057862439&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-04372-8_9

DO - 10.1007/978-3-030-04372-8_9

M3 - Conference contribution

AN - SCOPUS:85057862439

SN - 978-3-030-04371-1

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 103

EP - 115

BT - Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings

A2 - Saracino, Andrea

A2 - Mori, Paolo

PB - Springer Verlag

T2 - 1st International Workshop on Emerging Technologies for Authorization and Authentication

Y2 - 7 September 2018 through 7 September 2018

ER -

Al-Bayati B, Clarke N, Dowland P, Li F. Misuse detection in a simulated IaaS environment. In Saracino A, Mori P, editors, Emerging Technologies for Authorization and Authentication - 1st International Workshop, ETAA 2018, Proceedings. Springer Verlag. 2018. p. 103-115. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Epub 2018 Nov 24. doi: 10.1007/978-3-030-04372-8_9

Misuse detection in a simulated IaaS environment

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this