Visible to the public Cloud Insider Attack Detection Using Machine Learning

TitleCloud Insider Attack Detection Using Machine Learning
Publication TypeConference Paper
Year of Publication2018
AuthorsNathezhtha, T., Yaidehi, V.
Conference Name2018 International Conference on Recent Trends in Advance Computing (ICRTAC)
Date Publishedsep
Keywordsanomaly detection, anomaly node, attackers, broken node, cloud computing, cloud insider attack detection, cloud network, cloud security issues, cloud user, composability, compromised node, Data models, data sources, Deep Learning, improvised long short-term memory model, internal attacker, internal attackers compromise, learning (artificial intelligence), Logic gates, Long short-term memory, machine learning, machine learning approaches, malicious node, misbehaving node, Monitoring, privacy, pubcrawl, resilience, Resiliency, security, security approaches, security of data, short-term behavioral data, trusted users, user behavior, valuable information, vulnerable information, vulnerable user node

Security has always been a major issue in cloud. Data sources are the most valuable and vulnerable information which is aimed by attackers to steal. If data is lost, then the privacy and security of every cloud user are compromised. Even though a cloud network is secured externally, the threat of an internal attacker exists. Internal attackers compromise a vulnerable user node and get access to a system. They are connected to the cloud network internally and launch attacks pretending to be trusted users. Machine learning approaches are widely used for cloud security issues. The existing machine learning based security approaches classify a node as a misbehaving node based on short-term behavioral data. These systems do not differentiate whether a misbehaving node is a malicious node or a broken node. To address this problem, this paper proposes an Improvised Long Short-Term Memory (ILSTM) model which learns the behavior of a user and automatically trains itself and stores the behavioral data. The model can easily classify the user behavior as normal or abnormal. The proposed ILSTM not only identifies an anomaly node but also finds whether a misbehaving node is a broken node or a new user node or a compromised node using the calculated trust factor. The proposed model not only detects the attack accurately but also reduces the false alarm in the cloud network.

Citation Keynathezhtha_cloud_2018