Inferring User Actions from Provenance Logs

2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI:10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.442

Xin Li, Chaitanya Joshi, Yu Shyang Tan, R. Ko

{"title":"Inferring User Actions from Provenance Logs","authors":"Xin Li, Chaitanya Joshi, Yu Shyang Tan, R. Ko","doi":"10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.442","DOIUrl":null,"url":null,"abstract":"Progger, a kernel-spaced cloud data provenance logger which provides fine-grained data activity records, was recently developed to empower cloud stakeholders to trace data life cycles within and across clouds. Progger logs have the potential to allow analysts to infer user actions and create a data-centric behaviour history in a cloud computing environment. However, the Progger logs are complex and noisy and therefore, currently this potential can not be met. This paper proposes a statistical approach to efficiently infer the user actions from the Progger logs. Inferring logs which capture activities at kernel-level granularity is not a straightforward endeavour. This paper overcomes this challenge through an approach which shows a high level of accuracy. The key aspects of this approach are identifying the data preprocessing steps and attribute selection. We then use four standard classification models and identify the model which provides the most accurate inference on user actions. To our best knowledge, this is the first work of its kind. We also discuss a number of possible extensions to this work. Possible future applications include the ability to predict an anomalous security activity before it occurs.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"7 11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Trustcom/BigDataSE/ISPA","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.442","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Progger, a kernel-spaced cloud data provenance logger which provides fine-grained data activity records, was recently developed to empower cloud stakeholders to trace data life cycles within and across clouds. Progger logs have the potential to allow analysts to infer user actions and create a data-centric behaviour history in a cloud computing environment. However, the Progger logs are complex and noisy and therefore, currently this potential can not be met. This paper proposes a statistical approach to efficiently infer the user actions from the Progger logs. Inferring logs which capture activities at kernel-level granularity is not a straightforward endeavour. This paper overcomes this challenge through an approach which shows a high level of accuracy. The key aspects of this approach are identifying the data preprocessing steps and attribute selection. We then use four standard classification models and identify the model which provides the most accurate inference on user actions. To our best knowledge, this is the first work of its kind. We also discuss a number of possible extensions to this work. Possible future applications include the ability to predict an anomalous security activity before it occurs.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

从来源日志推断用户操作

Progger是一个内核间隔的云数据来源记录器，它提供细粒度的数据活动记录，最近被开发出来，使云利益相关者能够跟踪云内部和跨云的数据生命周期。程序日志有可能允许分析人员推断用户的操作，并在云计算环境中创建以数据为中心的行为历史。然而，Progger测井数据复杂且噪声大，因此目前还无法实现这一潜力。本文提出了一种从Progger日志中有效推断用户行为的统计方法。推断在内核级粒度上捕获活动的日志并不是一件简单的事情。本文通过一种精度较高的方法克服了这一挑战。该方法的关键方面是确定数据预处理步骤和属性选择。然后，我们使用四种标准分类模型，并确定对用户行为提供最准确推断的模型。据我们所知，这是同类作品中的第一部。我们还讨论了这项工作的一些可能的扩展。未来可能的应用包括在异常安全活动发生之前预测异常安全活动的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2015 IEEE Trustcom/BigDataSE/ISPA

自引率

0.00%

发文量