29-08-2014, 10:31 AM
Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud Project Report
Data Theft.pdf (Size: 158.14 KB / Downloads: 16)
SECURING CLOUDS WITH FOG
Numerous proposals for cloud-based services describe
methods to store documents, files, and media in a remote
service that may be accessed wherever a user may connect
to the Internet. A particularly vexing problem before such
services are broadly accepted concerns guarantees for securing
a user’s data in a manner where that guarantees only the user
and no one else can gain access to that data
Combining User Behavior Profiling and Decoy Technology
for Masquerade Detection
User Behavior Profiling: Legitimate users of a computer
system are familiar with the files on that system and where
they are located. Any search for specific files is likely to be
targeted and limited. A masquerader, however, who gets access
to the victim’s system illegitimately, is unlikely to be familiar
with the structure and contents of the file system. Their search
is likely to be widespread and untargeted.
Decoy Technology
We placed traps within the file
system. The traps are decoy files downloaded from a Fog
computing site, an automated service that offers several types
of decoy documents such as tax return forms, medical records,
credit card statements, e-bay receipts, etc. [10]. The decoy
files are downloaded by the legitimate user and placed in
highly-conspicuous locations that are not likely to cause any
interference with the normal user activities on the system. A
masquerader, who is not familiar with the file system and its
contents, is likely to access these decoy files, if he or she is in
search for sensitive information, such as the bait information
Combining the Two Techniques
The correlation of
search behavior anomaly detection with trap-based decoy
files should provide stronger evidence of malfeasance, and
therefore improve a detector’s accuracy. We hypothesize that
detecting abnormal search operations performed prior to an
unsuspecting user opening a decoy file will corroborate the
suspicion that the user is indeed impersonating another victim
user. This scenario covers the threat model of illegitimate
access to Cloud data. Furthermore, an accidental opening of
a decoy file by a legitimate user might be recognized as
an accident if the search behavior is not deemed abnormal.
In other words, detecting abnormal search and decoy traps
together may make a very effective masquerade detection
system. Combining the two techniques improves detection
accuracy
CONCLUSION
In this position paper, we present a novel approach to
securing personal and business data in the Cloud. We propose
monitoring data access patterns by profiling user behavior
to determine if and when a malicious insider illegitimately
accesses someone’s documents in a Cloud service. Decoy
documents stored in the Cloud alongside the user’s real
data also serve as sensors to detect illegitimate access. Once
unauthorized data access or exposure is suspected, and later
verified, with challenge questions for instance, we inundate the
malicious insider with bogus information in order to dilute
the user’s real data. Such preventive attacks that rely on
disinformation technology, could provide unpreced