Investigation of Fake Insider Threats on Private Cloud Computing Services
Keywords:
Threat, MITC, Cloud Forensics, Cybersecurity, ISO 27032
Abstract
Cloud-based services are service system mechanisms used by companies or organizations in conducting computerized and integrated transactions in a computer network. A service system must of course be balanced with a level of security. This is used to anticipate cyber crimes that have the potential to occur. Cloud-based services themselves are usually offered by a Cloud Service Provider (CSP). CSPs are generally configured so that they are accessible on the public internet for their services. Companies that prioritize data security want a system that is safe from a series of cyber crimes. Private cloud computing scheme is a solution that can be implemented as an alternative. The problem that occurs is the possibility of MITC (Man in the Cloud) attacks that infiltrate and manipulate identities so that they are detected as fake insider threats on cloud systems. This thesis aims to carry out threat analysis with the Man in the Cloud attack technique on private cloud computing services based on a study of the ISO 27032 standard. Reports and documentation of the results of the analysis are expected to become recommendations for the cybersecurity investigation and management process related to threats to cloud services with private schemes cloud computing.
Downloads
Download data is not yet available.
References
[1] N. Widiyasono, I. Riadi, and A. Luthfi, “Investigation on the services of private cloud computing by using ADAM Method,” International Journal of Electrical and Computer Engineering, vol. 6, no. 5, pp. 2387–2395, 2016, doi: 10.11591/ijece.v6i5.11527.
[2] M. I. Tariq and V. Santarcangelo, “Analysis of ISO 27001:2013 controls effectiveneb for cloud computing,” in ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy, 2016, pp. 201–208. doi: 10.5220/0005648702010208.
[3] N. Tissir, S. el Kafhali, and N. Aboutabit, “Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal,” Journal of Reliable Intelligent Environments, vol. 7, no. 2. Springer Science and Business Media Deutschland GmbH, pp. 69–84, Jun. 01, 2021. doi: 10.1007/s40860-020-00115-0.
[4] P. Sharma, D. Arora, and T. Sakthivel, “Enhanced Forensic Process for Improving Mobile Cloud Traceability in Cloud-Based Mobile Applications,” in Procedia Computer Science, 2020, vol. 167, pp. 907–917. doi: 10.1016/j.procs.2020.03.390.
[5] A. Alshammari, S. Alhaidari, A. Alharbi, and M. Zohdy, “Security Threats and Challenges in Cloud Computing,” in Proceedings - 4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017, Jul. 2017, pp. 46–51. doi: 10.1109/CSCloud.2017.59.
[6] A. Harilal, F. Toffalini, J. Castellanos, J. Guarnizo, I. Homoliak, and M. Ochoa, “TWOS: A dataset of malicious insider threat behavior based on a gamified competition,” in MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017, Oct. 2017, vol. 2017-January, pp. 45–56. doi: 10.1145/3139923.3139929.
[7] D. C. Le and A. N. Zincir-Heywood, “Evaluating insider threat detection workflow using supervised and unsupervised learning,” in Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018, Aug. 2018, pp. 270–275. doi: 10.1109/SPW.2018.00043.
[8] F. Liu, X. Jiang, Y. Wen, X. Xing, D. Zhang, and D. Meng, “Log2vec: A heterogeneous graph embedding based approach for detecting cyber threats within enterprise,” in Proceedings of the ACM Conference on Computer and Communications Security, Nov. 2019, pp. 1777–1794. doi: 10.1145/3319535.3363224.
[9] P. Moriano, J. Pendleton, S. Rich, and L. J. Camp, “Insider threat event detection in user-system interactions,” in MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017, Oct. 2017, vol. 2017-January, pp. 1–12. doi: 10.1145/3139923.3139928.
[10] X. Liang, S. Shetty, L. Zhang, C. Kamhoua, and K. Kwiat, “Man in the Cloud (MITC) Defender: SGX-Based User Credential Protection for Synchronization Applications in Cloud Computing Platform,” in IEEE International Conference on Cloud Computing, CLOUD, Sep. 2017, vol. 2017-June, pp. 302–309. doi: 10.1109/CLOUD.2017.46.
[11] M. Malatji, A. Marnewick, and S. von Solms, “Validation of a socio-technical management process for optimising cybersecurity practices,” Computers and Security, vol. 95, Aug. 2020, doi: 10.1016/j.cose.2020.101846.
[12] M. Malatji, S. von Solms, and A. Marnewick, “Socio-technical systems cybersecurity framework,” Information and Computer Security, vol. 27, no. 2, pp. 233–272, May 2019, doi: 10.1108/ICS-03-2018-0031.
[13] S. Yuan and X. Wu, “Deep learning for insider threat detection: Review, challenges and opportunities,” Computers and Security, vol. 104. Elsevier Ltd, May 01, 2021. doi: 10.1016/j.cose.2021.102221.
[14] F. Yuan, Y. Cao, Y. Shang, Y. Liu, J. Tan, and B. Fang, “Insider threat detection with deep neural network,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, vol. 10860 LNCS, pp. 43–54. doi: 10.1007/978-3-319-93698-7_4.
[15] S. H. Mohtasebi, A. Dehghantanha, and K. K. R. Choo, “Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud,” in Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Elsevier Inc., 2017, pp. 205–246. doi: 10.1016/B978-0-12-805303-4.00013-7.
[16] C. Y. Cheng, E. Colbert, and H. Liu, “Experimental study on the detectability of man-in-the-middle attacks for cloud applications,” in Proceedings - 2019 3rd IEEE International Conference on Cloud and Fog Computing Technologies and Applications, Cloud Summit 2019, Aug. 2019, pp. 52–57. doi: 10.1109/CloudSummit47114.2019.00015.
[17] A. Ghorbel, M. Ghorbel, and M. Jmaiel, “Privacy in cloud computing environments: a survey and research challenges,” Journal of Supercomputing, vol. 73, no. 6, pp. 2763–2800, Jun. 2017, doi: 10.1007/s11227-016-1953-y.
[18] Z. A. Al-Sharif, M. I. Al-Saleh, L. M. Alawneh, Y. I. Jararweh, and B. Gupta, “Live forensics of software attacks on cyber–physical systems,” Future Generation Computer Systems, vol. 108, pp. 1217–1229, Jul. 2020, doi: 10.1016/j.future.2018.07.028.
[19] N. Y. Ahn and D. H. Lee, “Forensics and Anti-Forensics of a NAND Flash Memory: From a Copy-Back Program Perspective,” IEEE Access, vol. 9. Institute of Electrical and Electronics Engineers Inc., pp. 14130–14137, 2021. doi: 10.1109/ACCESS.2021.3052353.
[20] R. R, I. Riadi, and Y. Prayudi, “A Maturity Level Framework for Measurement of Information Security Performance,” International Journal of Computer Applications, vol. 141, no. 8, pp. 1–6, May 2016, doi: 10.5120/ijca2016907930.
[21] T. Rashid, I. Agrafiotis, and J. R. C. Nurse, “A new take on detecting insider threats: Exploring the use of Hidden Markov Models,” in MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016, Oct. 2016, pp. 47–56. doi: 10.1145/2995959.2995964.
[22] B. Krumay, E. W. N. Bernroider, and R. Walser, “Evaluation of Cybersecurity Management Controls and Metrics of Critical Infrastructures: A Literature Review Considering the NIST Cybersecurity Framework,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, vol. 11252 LNCS, pp. 369–384. doi: 10.1007/978-3-030-03638-6_23.
[23] S. Alneyadi, E. Sithirasenan, and V. Muthukkumarasamy, “A survey on data leakage prevention systems,” Journal of Network and Computer Applications, vol. 62, pp. 137–152, Feb. 2016, doi: 10.1016/j.jnca.2016.01.008.
[24] R. von Solms and J. van Niekerk, “From information security to cyber security,” Computers and Security, vol. 38, pp. 97–102, 2013, doi: 10.1016/j.cose.2013.04.004.
[25] M. Alim, I. Riadi, and Y. Prayudi, “Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard,” International Journal of Computer Applications, vol. 180, no. 35, pp. 23–30, Apr. 2018, doi: 10.5120/ijca2018916879.
[2] M. I. Tariq and V. Santarcangelo, “Analysis of ISO 27001:2013 controls effectiveneb for cloud computing,” in ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy, 2016, pp. 201–208. doi: 10.5220/0005648702010208.
[3] N. Tissir, S. el Kafhali, and N. Aboutabit, “Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal,” Journal of Reliable Intelligent Environments, vol. 7, no. 2. Springer Science and Business Media Deutschland GmbH, pp. 69–84, Jun. 01, 2021. doi: 10.1007/s40860-020-00115-0.
[4] P. Sharma, D. Arora, and T. Sakthivel, “Enhanced Forensic Process for Improving Mobile Cloud Traceability in Cloud-Based Mobile Applications,” in Procedia Computer Science, 2020, vol. 167, pp. 907–917. doi: 10.1016/j.procs.2020.03.390.
[5] A. Alshammari, S. Alhaidari, A. Alharbi, and M. Zohdy, “Security Threats and Challenges in Cloud Computing,” in Proceedings - 4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017, Jul. 2017, pp. 46–51. doi: 10.1109/CSCloud.2017.59.
[6] A. Harilal, F. Toffalini, J. Castellanos, J. Guarnizo, I. Homoliak, and M. Ochoa, “TWOS: A dataset of malicious insider threat behavior based on a gamified competition,” in MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017, Oct. 2017, vol. 2017-January, pp. 45–56. doi: 10.1145/3139923.3139929.
[7] D. C. Le and A. N. Zincir-Heywood, “Evaluating insider threat detection workflow using supervised and unsupervised learning,” in Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018, Aug. 2018, pp. 270–275. doi: 10.1109/SPW.2018.00043.
[8] F. Liu, X. Jiang, Y. Wen, X. Xing, D. Zhang, and D. Meng, “Log2vec: A heterogeneous graph embedding based approach for detecting cyber threats within enterprise,” in Proceedings of the ACM Conference on Computer and Communications Security, Nov. 2019, pp. 1777–1794. doi: 10.1145/3319535.3363224.
[9] P. Moriano, J. Pendleton, S. Rich, and L. J. Camp, “Insider threat event detection in user-system interactions,” in MIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017, Oct. 2017, vol. 2017-January, pp. 1–12. doi: 10.1145/3139923.3139928.
[10] X. Liang, S. Shetty, L. Zhang, C. Kamhoua, and K. Kwiat, “Man in the Cloud (MITC) Defender: SGX-Based User Credential Protection for Synchronization Applications in Cloud Computing Platform,” in IEEE International Conference on Cloud Computing, CLOUD, Sep. 2017, vol. 2017-June, pp. 302–309. doi: 10.1109/CLOUD.2017.46.
[11] M. Malatji, A. Marnewick, and S. von Solms, “Validation of a socio-technical management process for optimising cybersecurity practices,” Computers and Security, vol. 95, Aug. 2020, doi: 10.1016/j.cose.2020.101846.
[12] M. Malatji, S. von Solms, and A. Marnewick, “Socio-technical systems cybersecurity framework,” Information and Computer Security, vol. 27, no. 2, pp. 233–272, May 2019, doi: 10.1108/ICS-03-2018-0031.
[13] S. Yuan and X. Wu, “Deep learning for insider threat detection: Review, challenges and opportunities,” Computers and Security, vol. 104. Elsevier Ltd, May 01, 2021. doi: 10.1016/j.cose.2021.102221.
[14] F. Yuan, Y. Cao, Y. Shang, Y. Liu, J. Tan, and B. Fang, “Insider threat detection with deep neural network,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, vol. 10860 LNCS, pp. 43–54. doi: 10.1007/978-3-319-93698-7_4.
[15] S. H. Mohtasebi, A. Dehghantanha, and K. K. R. Choo, “Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud,” in Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Elsevier Inc., 2017, pp. 205–246. doi: 10.1016/B978-0-12-805303-4.00013-7.
[16] C. Y. Cheng, E. Colbert, and H. Liu, “Experimental study on the detectability of man-in-the-middle attacks for cloud applications,” in Proceedings - 2019 3rd IEEE International Conference on Cloud and Fog Computing Technologies and Applications, Cloud Summit 2019, Aug. 2019, pp. 52–57. doi: 10.1109/CloudSummit47114.2019.00015.
[17] A. Ghorbel, M. Ghorbel, and M. Jmaiel, “Privacy in cloud computing environments: a survey and research challenges,” Journal of Supercomputing, vol. 73, no. 6, pp. 2763–2800, Jun. 2017, doi: 10.1007/s11227-016-1953-y.
[18] Z. A. Al-Sharif, M. I. Al-Saleh, L. M. Alawneh, Y. I. Jararweh, and B. Gupta, “Live forensics of software attacks on cyber–physical systems,” Future Generation Computer Systems, vol. 108, pp. 1217–1229, Jul. 2020, doi: 10.1016/j.future.2018.07.028.
[19] N. Y. Ahn and D. H. Lee, “Forensics and Anti-Forensics of a NAND Flash Memory: From a Copy-Back Program Perspective,” IEEE Access, vol. 9. Institute of Electrical and Electronics Engineers Inc., pp. 14130–14137, 2021. doi: 10.1109/ACCESS.2021.3052353.
[20] R. R, I. Riadi, and Y. Prayudi, “A Maturity Level Framework for Measurement of Information Security Performance,” International Journal of Computer Applications, vol. 141, no. 8, pp. 1–6, May 2016, doi: 10.5120/ijca2016907930.
[21] T. Rashid, I. Agrafiotis, and J. R. C. Nurse, “A new take on detecting insider threats: Exploring the use of Hidden Markov Models,” in MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016, Oct. 2016, pp. 47–56. doi: 10.1145/2995959.2995964.
[22] B. Krumay, E. W. N. Bernroider, and R. Walser, “Evaluation of Cybersecurity Management Controls and Metrics of Critical Infrastructures: A Literature Review Considering the NIST Cybersecurity Framework,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, vol. 11252 LNCS, pp. 369–384. doi: 10.1007/978-3-030-03638-6_23.
[23] S. Alneyadi, E. Sithirasenan, and V. Muthukkumarasamy, “A survey on data leakage prevention systems,” Journal of Network and Computer Applications, vol. 62, pp. 137–152, Feb. 2016, doi: 10.1016/j.jnca.2016.01.008.
[24] R. von Solms and J. van Niekerk, “From information security to cyber security,” Computers and Security, vol. 38, pp. 97–102, 2013, doi: 10.1016/j.cose.2013.04.004.
[25] M. Alim, I. Riadi, and Y. Prayudi, “Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard,” International Journal of Computer Applications, vol. 180, no. 35, pp. 23–30, Apr. 2018, doi: 10.5120/ijca2018916879.
Published
2022-09-29
How to Cite
Dwi Kurnia Wibowo, Ahmad Luthfi, & Nur Widiyasono. (2022). Investigation of Fake Insider Threats on Private Cloud Computing Services . International Journal of Science, Technology & Management, 3(5), 1484-1491. https://doi.org/10.46729/ijstm.v3i5.613
Section
Articles
