Lili Zhang, Huibin Wang, Chenming Li, Yehong Shao, Qing Ye
Nowadays, there are a lot of graph data in many fields such as biology, medicine, social networks and so on. However, it is difficult to detect anomaly and get the useful information if we want to apply the traditional algorithms in graph data. Statistical pattern recognition and structural pattern recognition are two main methods in pattern recognition. The disadvantage of statistical pattern recognition is that it is difficult to represent the relationship. In the structural pattern recognition, the object is generally expressed as a graph, and the key point is the similarity or matching of the graphs. However, graph matching is complex and NP-hard. Recently, graph kernel is proposed to solve the graph matching problem, so we can map the graphs into vector space. As a result, the operations in the vector space are applicable to graph data. In this paper, we propose a new algorithm to detect anomaly for graph data. Firstly, we use graph kernel to define the similarity of the graphs, and then we convert graph data into vector data. After that, we use the Kernel Principal Component Analysis (KPCA) to reduce the dimension, and then train these data by one-class classifier to get the model for anomaly detection. The experiments on datasets MUTAG and ENZYMES at the end of the paper show the efficiency of proposed algorithm
{"title":"Unsupervised Anomaly Detection Algorithm of Graph Data Based on Graph Kernel","authors":"Lili Zhang, Huibin Wang, Chenming Li, Yehong Shao, Qing Ye","doi":"10.1109/CSCloud.2017.23","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.23","url":null,"abstract":"Nowadays, there are a lot of graph data in many fields such as biology, medicine, social networks and so on. However, it is difficult to detect anomaly and get the useful information if we want to apply the traditional algorithms in graph data. Statistical pattern recognition and structural pattern recognition are two main methods in pattern recognition. The disadvantage of statistical pattern recognition is that it is difficult to represent the relationship. In the structural pattern recognition, the object is generally expressed as a graph, and the key point is the similarity or matching of the graphs. However, graph matching is complex and NP-hard. Recently, graph kernel is proposed to solve the graph matching problem, so we can map the graphs into vector space. As a result, the operations in the vector space are applicable to graph data. In this paper, we propose a new algorithm to detect anomaly for graph data. Firstly, we use graph kernel to define the similarity of the graphs, and then we convert graph data into vector data. After that, we use the Kernel Principal Component Analysis (KPCA) to reduce the dimension, and then train these data by one-class classifier to get the model for anomaly detection. The experiments on datasets MUTAG and ENZYMES at the end of the paper show the efficiency of proposed algorithm","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128734793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hypervisor-based virtualization rapidly becomes a commodity, and it turns valuable in many scenarios such as resource optimization, uptime maximization, and consolidation. Container-based application virtualization is an appropriate solution to develop a light weighted partitioning by providing application isolation with less overhead. Undoubtedly, container based virtualization delivers a lightweight and efficient environment, however raises some security concerns as it allows isolated processes to utilize an underlying host kernel. A new security layer with the Most Privileged Container (MPC) is proposed in this article. The proposed MPC layer exhibits three main functional blocks: Access policies, Black list database, and Runtime monitoring. The introduced MPC layer implements privilege based access control and assigns resource access permissions based on policies and the security profiles of containerized application user processes. Furthermore, the monitoring block examines the runtime behavior of containers and black list database is updated if the container violets its policies. The proposed MPC layer provides higher level of application container security against potential threats.
{"title":"Secure Cloud Container: Runtime Behavior Monitoring Using Most Privileged Container (MPC)","authors":"Vivek Vijay Sarkale, P. Rad, Wonjun Lee","doi":"10.1109/CSCloud.2017.68","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.68","url":null,"abstract":"Hypervisor-based virtualization rapidly becomes a commodity, and it turns valuable in many scenarios such as resource optimization, uptime maximization, and consolidation. Container-based application virtualization is an appropriate solution to develop a light weighted partitioning by providing application isolation with less overhead. Undoubtedly, container based virtualization delivers a lightweight and efficient environment, however raises some security concerns as it allows isolated processes to utilize an underlying host kernel. A new security layer with the Most Privileged Container (MPC) is proposed in this article. The proposed MPC layer exhibits three main functional blocks: Access policies, Black list database, and Runtime monitoring. The introduced MPC layer implements privilege based access control and assigns resource access permissions based on policies and the security profiles of containerized application user processes. Furthermore, the monitoring block examines the runtime behavior of containers and black list database is updated if the container violets its policies. The proposed MPC layer provides higher level of application container security against potential threats.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129033612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Load balance is a crucial issue for data-intensive computing on cloud platforms, because a load balanced cluster can significantly improve the completion time of data-intensive jobs. In this paper, we present an improved replica placement policy for Hadoop Distributed File System (HDFS), which is specifically designed for heterogeneous clusters. The HDFS replica placement policy cannot generate balanced replica assignment, and hence has to rely on a load balance utility to balance the load among cluster nodes. In contrast, our proposed policy can generate perfectly even replica assignment, and also achieve load balance among cluster nodes in any heterogeneous or homogeneous environments without the running of the load balance utility.
{"title":"An Improved Replica Placement Policy for Hadoop Distributed File System Running on Cloud Platforms","authors":"Wei Dai, Ibrahim Adel Ibrahim, M. Bassiouni","doi":"10.1109/CSCloud.2017.65","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.65","url":null,"abstract":"Load balance is a crucial issue for data-intensive computing on cloud platforms, because a load balanced cluster can significantly improve the completion time of data-intensive jobs. In this paper, we present an improved replica placement policy for Hadoop Distributed File System (HDFS), which is specifically designed for heterogeneous clusters. The HDFS replica placement policy cannot generate balanced replica assignment, and hence has to rely on a load balance utility to balance the load among cluster nodes. In contrast, our proposed policy can generate perfectly even replica assignment, and also achieve load balance among cluster nodes in any heterogeneous or homogeneous environments without the running of the load balance utility.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126051119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
While assuming the role of Chief Security Officer, Network Security Designer, and Network Security Administrator, the intention of this research was to identify principle elements related to network security and provide an overview of potential threats, vulnerabilities, and countermeasures associated with technology designed to the IEEE 802.11 wireless LAN standard. In addition, fundamental security requirements are discussed and access control principles were included to address future trends in wireless network security.
{"title":"An Overview of Wireless Network Security","authors":"Alireza Kavianpour, Michael C. Anderson","doi":"10.1109/CSCloud.2017.45","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.45","url":null,"abstract":"While assuming the role of Chief Security Officer, Network Security Designer, and Network Security Administrator, the intention of this research was to identify principle elements related to network security and provide an overview of potential threats, vulnerabilities, and countermeasures associated with technology designed to the IEEE 802.11 wireless LAN standard. In addition, fundamental security requirements are discussed and access control principles were included to address future trends in wireless network security.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126708820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jie Shen, Ying Li, B. Li, Hanteng Chen, Jianxin Li
Internet of Things (IoT) serves not only as an essential part of the new generation information technology but as an important development stage in the information era. IoT devices such as unmanned aerial vehicles, robots and wearable equipments have been widely used in recent years. For most organizations' inner networks, innumerable dynamic connections with Internet accessible IoT devices occur at many parts all the time. It is usually these temporal links that arise potential threats to the security of the whole intranet. In this paper, we propose a new system named IoT Eye, which automatically discovers the IoT devices in real time. The IoT Eye detects all the potential IoT target hosts using an innovative two-stage architecture: (1) Scanning suspicious IP segments with stateless TCP SYN scan model and zero copy TCP stack; (2) Identifying each IoT device on various protocols using PI-AC, which is a novel high-performance multi-pattern matching algorithm. The preceding model ensures the IoT Eye searching each newly connected device out in rather small time delay, which minimizes the missing and wrong detection rates. Related intelligence on the active IoT devices linked with the organization's intranets are of great importance to the professionals. Since it can help them: (1) re-examine the borders of large intranets; (2) reduce non-essential device access; (3) fix security vulnerabilities timely.
物联网(Internet of Things, IoT)是新一代信息技术的重要组成部分,也是信息时代的重要发展阶段。近年来,无人机、机器人、可穿戴设备等物联网设备得到了广泛应用。对于大多数组织的内部网络来说,与互联网可访问的物联网设备的无数动态连接每时每刻都在许多地方发生。通常是这些临时链接对整个内部网的安全产生潜在的威胁。在本文中,我们提出了一个名为“物联网之眼”的新系统,该系统可以实时自动发现物联网设备。物联网之眼使用创新的两阶段架构检测所有潜在的物联网目标主机:(1)使用无状态TCP SYN扫描模型和零复制TCP堆栈扫描可疑IP段;(2)使用PI-AC识别各种协议上的每个物联网设备,这是一种新型的高性能多模式匹配算法。上述模型确保物联网之眼在相当小的时间延迟内搜索到每个新连接的设备,从而最大限度地减少丢失和错误的检测率。与组织内部网相连的活动物联网设备上的相关智能对专业人员来说非常重要。因为它可以帮助他们:(1)重新检查大型内部网的边界;(2)减少非必要设备接入;(3)及时修复安全漏洞。
{"title":"IoT Eye An Efficient System for Dynamic IoT Devices Auto-discovery on Organization Level","authors":"Jie Shen, Ying Li, B. Li, Hanteng Chen, Jianxin Li","doi":"10.1109/CSCloud.2017.66","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.66","url":null,"abstract":"Internet of Things (IoT) serves not only as an essential part of the new generation information technology but as an important development stage in the information era. IoT devices such as unmanned aerial vehicles, robots and wearable equipments have been widely used in recent years. For most organizations' inner networks, innumerable dynamic connections with Internet accessible IoT devices occur at many parts all the time. It is usually these temporal links that arise potential threats to the security of the whole intranet. In this paper, we propose a new system named IoT Eye, which automatically discovers the IoT devices in real time. The IoT Eye detects all the potential IoT target hosts using an innovative two-stage architecture: (1) Scanning suspicious IP segments with stateless TCP SYN scan model and zero copy TCP stack; (2) Identifying each IoT device on various protocols using PI-AC, which is a novel high-performance multi-pattern matching algorithm. The preceding model ensures the IoT Eye searching each newly connected device out in rather small time delay, which minimizes the missing and wrong detection rates. Related intelligence on the active IoT devices linked with the organization's intranets are of great importance to the professionals. Since it can help them: (1) re-examine the borders of large intranets; (2) reduce non-essential device access; (3) fix security vulnerabilities timely.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122647639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The real-time time series data of multiple water quality parameters are obtained from the water sensor networks deployed in the water supply network. The accurate and efficient detection and warning of contamination events to prevent pollution from spreading is one of the most important issues when the pollution occurs. In order to comprehensively reduce the event detection deviation, a Temporal Abnormal Event Detection Algorithm for Multivariate time series data (M-TAEDA) was proposed. In M-TAEDA, first, Back Propagation neural network models are adopted to analyze the time series data of multiple water quality parameters and calculate the possible outliers. Then, M-TAEDA algorithm determines the potential contamination events through Bayesian sequential analysis to estimate the probability of a contamination event. Finally, it can make decision based on the multiple event probabilities fusion in the water supply system. The experimental results indicate that the proposed M-TAEDA algorithm can obtain the 90% accuracy with BP neural network model and improve the rate of detection about 40% and reduce the false alarm rate about 45%, compared with the temporal event detection of Single Variate Temporal Abnormal Event Detection Algorithm (S-TAEDA).
{"title":"Event Detection with Multivariate Water Parameters in the Water Monitoring Applications","authors":"Yingchi Mao, Hai Qi, Xiaoli Chen, Xiaofang Li","doi":"10.1109/CSCloud.2017.67","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.67","url":null,"abstract":"The real-time time series data of multiple water quality parameters are obtained from the water sensor networks deployed in the water supply network. The accurate and efficient detection and warning of contamination events to prevent pollution from spreading is one of the most important issues when the pollution occurs. In order to comprehensively reduce the event detection deviation, a Temporal Abnormal Event Detection Algorithm for Multivariate time series data (M-TAEDA) was proposed. In M-TAEDA, first, Back Propagation neural network models are adopted to analyze the time series data of multiple water quality parameters and calculate the possible outliers. Then, M-TAEDA algorithm determines the potential contamination events through Bayesian sequential analysis to estimate the probability of a contamination event. Finally, it can make decision based on the multiple event probabilities fusion in the water supply system. The experimental results indicate that the proposed M-TAEDA algorithm can obtain the 90% accuracy with BP neural network model and improve the rate of detection about 40% and reduce the false alarm rate about 45%, compared with the temporal event detection of Single Variate Temporal Abnormal Event Detection Algorithm (S-TAEDA).","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116699292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The discipline of Homeland Security is gaining wider traction especially after the horrendous attack on the world trade center, the USA in 2001. Recently national governments are very seriously and sincerely putting a lot of emphasis and efforts on national security aspects that implicitly cover the safety and security of people, infrastructures, and resources. It is overwhelmingly acknowledged that Information and Communication Technology (ICT) is the best fit and the route for effectively scavenging, sensitizing and securing the various mission and life-critical sources and resources of the continents, countries, counties, and cities. In this paper, we would like to insist how the emerging and evolving concept of cloud computing will effectively safeguard and seal the security of nations and their occupants, constituents, and participants. In this paper, we have contributed with a description of homeland security services that can be designed, built and hosted on public clouds. We have designed a flexible framework for the cloud–based service development, deployment, and delivery platform, especially for homeland security. As services are being implemented in the cloud environment, the availability and accessibility get comprehensively easy and ensured for worldwide developers to come out with better, leaner, and adaptive homeland security applications.
{"title":"A Cloud-Based Service Delivery Platform for Effective Homeland Security","authors":"P. Chelliah, S. Kumar","doi":"10.1109/CSCloud.2017.16","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.16","url":null,"abstract":"The discipline of Homeland Security is gaining wider traction especially after the horrendous attack on the world trade center, the USA in 2001. Recently national governments are very seriously and sincerely putting a lot of emphasis and efforts on national security aspects that implicitly cover the safety and security of people, infrastructures, and resources. It is overwhelmingly acknowledged that Information and Communication Technology (ICT) is the best fit and the route for effectively scavenging, sensitizing and securing the various mission and life-critical sources and resources of the continents, countries, counties, and cities. In this paper, we would like to insist how the emerging and evolving concept of cloud computing will effectively safeguard and seal the security of nations and their occupants, constituents, and participants. In this paper, we have contributed with a description of homeland security services that can be designed, built and hosted on public clouds. We have designed a flexible framework for the cloud–based service development, deployment, and delivery platform, especially for homeland security. As services are being implemented in the cloud environment, the availability and accessibility get comprehensively easy and ensured for worldwide developers to come out with better, leaner, and adaptive homeland security applications.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132736064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The increasingly important role of Long Term Evolution (LTE) has increased security concerns among the service provider and end users and made security of the network even more indispensable. In this paper, the power control mechanism for LTE is explored. The unprotected power control signal together with the Cell Radio Network Temporary Identifier (CRNTI) can be exploited to trick the victim User Equipment (UE) to transmit at a much higher than required power, which introduces significant inter-cell interference to the adjacent based station, evolved NodeB (eNodeB). The ways that an attacker can maliciously manipulate the control field of the power control mechanism are demonstrated. The effectiveness of such attack is evaluated with respect to the victim UEs and the adjacent eNodeB.
{"title":"Power Control Weakness in Long Term Evolution Network","authors":"Weilian Su, Too Huseh Tien, T. Ha","doi":"10.1109/CSCloud.2017.33","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.33","url":null,"abstract":"The increasingly important role of Long Term Evolution (LTE) has increased security concerns among the service provider and end users and made security of the network even more indispensable. In this paper, the power control mechanism for LTE is explored. The unprotected power control signal together with the Cell Radio Network Temporary Identifier (CRNTI) can be exploited to trick the victim User Equipment (UE) to transmit at a much higher than required power, which introduces significant inter-cell interference to the adjacent based station, evolved NodeB (eNodeB). The ways that an attacker can maliciously manipulate the control field of the power control mechanism are demonstrated. The effectiveness of such attack is evaluated with respect to the victim UEs and the adjacent eNodeB.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127637779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Tara Salman, D. Bhamare, A. Erbad, R. Jain, M. Samaka
Cloud computing has been widely adopted by application service providers (ASPs) and enterprises to reduce both capital expenditures (CAPEX) and operational expenditures (OPEX). Applications and services previously running on private data centers are now being migrated to private or public clouds. Since most of the ASPs and enterprises have globally distributed user bases, their services need to be distributed across multiple clouds, spread across the globe which can achieve better performance in terms of latency, scalability and load balancing. The shift has eventually led the research community to study multi-cloud environments. However, the widespread acceptance of such environments has been hampered by major security concerns. Firewalls and traditional rule-based security protection techniques are not sufficient to protect user-data in multi-cloud scenarios. Recently, advances in machine learning techniques have attracted the attention of the research community to build intrusion detection systems (IDS) that can detect anomalies in the network traffic. Most of the research works, however, do not differentiate among different types of attacks. This is, in fact, necessary for appropriate countermeasures and defense against attacks. In this paper, we investigate both detecting and categorizing anomalies rather than just detecting, which is a common trend in the contemporary research works. We have used a popular publicly available dataset to build and test learning models for both detection and categorization of different attacks. To be precise, we have used two supervised machine learning techniques, namely linear regression (LR) and random forest (RF). We show that even if detection is perfect, categorization can be less accurate due to similarities between attacks. Our results demonstrate more than 99% detection accuracy and categorization accuracy of 93.6%, with the inability to categorize some attacks. Further, we argue that such categorization can be applied to multi-cloud environments using the same machine learning techniques.
{"title":"Machine Learning for Anomaly Detection and Categorization in Multi-Cloud Environments","authors":"Tara Salman, D. Bhamare, A. Erbad, R. Jain, M. Samaka","doi":"10.1109/CSCloud.2017.15","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.15","url":null,"abstract":"Cloud computing has been widely adopted by application service providers (ASPs) and enterprises to reduce both capital expenditures (CAPEX) and operational expenditures (OPEX). Applications and services previously running on private data centers are now being migrated to private or public clouds. Since most of the ASPs and enterprises have globally distributed user bases, their services need to be distributed across multiple clouds, spread across the globe which can achieve better performance in terms of latency, scalability and load balancing. The shift has eventually led the research community to study multi-cloud environments. However, the widespread acceptance of such environments has been hampered by major security concerns. Firewalls and traditional rule-based security protection techniques are not sufficient to protect user-data in multi-cloud scenarios. Recently, advances in machine learning techniques have attracted the attention of the research community to build intrusion detection systems (IDS) that can detect anomalies in the network traffic. Most of the research works, however, do not differentiate among different types of attacks. This is, in fact, necessary for appropriate countermeasures and defense against attacks. In this paper, we investigate both detecting and categorizing anomalies rather than just detecting, which is a common trend in the contemporary research works. We have used a popular publicly available dataset to build and test learning models for both detection and categorization of different attacks. To be precise, we have used two supervised machine learning techniques, namely linear regression (LR) and random forest (RF). We show that even if detection is perfect, categorization can be less accurate due to similarities between attacks. Our results demonstrate more than 99% detection accuracy and categorization accuracy of 93.6%, with the inability to categorize some attacks. Further, we argue that such categorization can be applied to multi-cloud environments using the same machine learning techniques.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"2018 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114498354","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Protection of data in cloud computing is a critical problem for many enterprises. We propose a solution that protects sensitive data outsourced to a cloud throughout their entire life cycle—both in the cloud as well as outside of the cloud (e.g., during transmission to or from the cloud). Our solution, known as Active Data Bundles using Secure Multi-Party Computation (ADB-SMC), uses: (i) active data bundles (ADBs)—for self-protecting data; (ii) ciphertext-policy attribute-based encryption—for fine-grained access control; and, (iii) threshold RSA—for secure key management. We describe components and design of ADB-SMC and present the pseudocode for creating ADB to outsource data to the cloud. We implemented a prototype of the solution and compared its overhead with the overhead of the approach known as Active Bundles with Trusted Third Party (ABTTP). The results of performance tests show that the execution time overhead for ADBSMC is acceptable.
{"title":"A Highly-Secure Self-Protection Data Scheme in Clouds Using Active Data Bundles and Agent-Based Secure Multi-party Computation","authors":"Akram Y. Sarhan, S. Carr","doi":"10.1109/CSCloud.2017.36","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.36","url":null,"abstract":"Protection of data in cloud computing is a critical problem for many enterprises. We propose a solution that protects sensitive data outsourced to a cloud throughout their entire life cycle—both in the cloud as well as outside of the cloud (e.g., during transmission to or from the cloud). Our solution, known as Active Data Bundles using Secure Multi-Party Computation (ADB-SMC), uses: (i) active data bundles (ADBs)—for self-protecting data; (ii) ciphertext-policy attribute-based encryption—for fine-grained access control; and, (iii) threshold RSA—for secure key management. We describe components and design of ADB-SMC and present the pseudocode for creating ADB to outsource data to the cloud. We implemented a prototype of the solution and compared its overhead with the overhead of the approach known as Active Bundles with Trusted Third Party (ABTTP). The results of performance tests show that the execution time overhead for ADBSMC is acceptable.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129089306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: