Detecting a malicious insider in the cloud environment using sequential rule mining

Abstract

Cloud computing is a growing paradigm that offers a lot of benefits to cloud users. Despite the potential benefits that cloud computing could offer to business and individuals, security remains one of the growing concerns that are hindering the adoption of this paradigm. Researchers have identified and dealt with many security threats to cloud computing. However, insider threats still remain as one of the major concerns. Threats from malicious insiders are often listed as dangerous threats by many researchers. However, this threat has not received the attention it deserves because many organizations turn out to be extra careful about external threats than insider threats. This paper discusses an approach that can help in identifying insiders behaving in a malicious way, which may lead to an attack. A rule learning algorithm was used in learning the behavior pattern of users, in order to build user profiles. A Matching algorithm was then used to match the historical behavior of the user with the current behavior, in order to identify users that masquerade in the system as normal users. The obtained results show that it was possible to identify insiders that masquerade in the system by observing their behavior patterns.