Insider Attack Detection Using Deep Belief Neural Network in Cloud Computing

Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase of information in every field and the need for a centralized location for processing efficiently.This cloud is nowadays highly affected by internal threats of the user.Sensitive applications such as banking,hospital,and business are more likely affected by real user threats.An intruder is presented as a user and set as a member of the network.After becoming an insider in the network,they will try to attack or steal sensitive data during information sharing or conversation.The major issue in today's technological development is identifying the insider threat in the cloud network.When data are lost,compromising cloud users is difficult.Privacy and security are not ensured,and then,the usage of the cloud is not trusted.Several solutions are available for the external security of the cloud network.However,insider or internal threats need to be addressed.In this research work,we focus on a solution for identifying an insider attack using the artificial intelligence technique.An insider attack is possible by using nodes of weak users’systems.They will log in using a weak user id,connect to a network,and pretend to be a trusted node.Then,they can easily attack and hack information as an insider,and identifying them is very difficult.These types of attacks need intelligent solutions.A machine learning approach is widely used for security issues.To date,the existing lags can classify the attackers accurately.This information hijacking process is very absurd,which motivates young researchers to provide a solution for internal threats.In our proposed work,we track the attackers using a user interaction behavior pattern and deep learning technique.The usage of mouse movements and clicks and keystrokes of the real user is stored in a database.The deep belief neural network is designed using a restricted Boltzmann machine(RBM)so that the layer of RBM communicates with the previous and subsequent layers.The result is evaluated using a Cooja simulator based on the cloud environment.The accuracy and F-measure are highly improved compared with when using the existing long short-term memory and support vector machine.

Evaluation of Hypervisor Stability towards Insider Attacks

Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools（hypervisors,emulators,etc.） should be under precise consideration.However,threats of insider attacks are underestimated.The virtualization tools and hypervisors have been poorly protected from this type of attacks.Furthermore,hypervisor is one of the most critical elements in cloud computing infrastructure.Firstly,hypervisor vulnerabilities analysis is provided.Secondly,a formal model of insider attack on hypervisor is developed.Consequently,on the basis of the formal attack model,we propose a new methodology of hypervisor stability evaluation.In this paper,certain security countermeasures are considered that should be integrated in hypervisor software architecture.

Private Keyword-Search for Database Systems Against Insider Attacks

The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption （SSE） and public key encryption with keyword search （PEKS）. Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks;therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks （SEK-IA） framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.

Challenge-based collaborative intrusion detection in software-defined networking: An evaluation

Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a consistent and holistic way,without the need of understanding the underlying network structure.At present,SDN may face many challenges like insider attacks,i.e.,the centralized control plane would be attacked by malicious underlying devices and switches.To protect the security of SDN,effective detection approaches are indispensable.In the literature,challenge-based collaborative intrusion detection networks(CIDNs)are an effective detection framework in identifying malicious nodes.It calculates the nodes'reputation and detects a malicious node by sending out a special message called a challenge.In this work,we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes.Our results demonstrate that such a mechanism can be effective in SDN environments.

User Behavior Traffic Analysis Using a Simplified Memory-Prediction Framework

As nearly half of the incidents in enterprise security have been triggered by insiders,it is important to deploy a more intelligent defense system to assist enterprises in pinpointing and resolving the incidents caused by insiders or malicious software(malware)in real-time.Failing to do so may cause a serious loss of reputation as well as business.At the same time,modern network traffic has dynamic patterns,high complexity,and large volumes that make it more difficult to detect malware early.The ability to learn tasks sequentially is crucial to the development of artificial intelligence.Existing neurogenetic computation models with deep-learning techniques are able to detect complex patterns;however,the models have limitations,including catastrophic forgetfulness,and require intensive computational resources.As defense systems using deep-learning models require more time to learn new traffic patterns,they cannot perform fully online(on-the-fly)learning.Hence,an intelligent attack/malware detection system with on-the-fly learning capability is required.For this paper,a memory-prediction framework was adopted,and a simplified single cell assembled sequential hierarchical memory(s.SCASHM)model instead of the hierarchical temporal memory(HTM)model is proposed to speed up learning convergence to achieve onthe-fly learning.The s.SCASHM consists of a Single Neuronal Cell(SNC)model and a simplified Sequential Hierarchical Superset(SHS)platform.The s.SCASHMis implemented as the prediction engine of a user behavior analysis tool to detect insider attacks/anomalies.The experimental results show that the proposed memory model can predict users’traffic behavior with accuracy level ranging from 72%to 83%while performing on-the-fly learning.