Automatic Derivation and Validation of a Cloud Dataset for Insider Threat Detection

Pamela Carvallo, Ana R. Cavalli, Natalia Kushik

Abstract

The malicious insider threat is often listed as one of the most dangerous cloud threats. Considering this threat, the main difference between a cloud computing scenario and a traditional IT infrastructure, is that once perpetrated, it could damage other clients due to the multi-tenancy and virtual environment cloud features. One of the related challenges concerns the fact that this threat domain is highly dependent on human behavior characteristics as opposed to the more purely technical domains of network data generation. In this paper, we focus on the derivation and validation of the dataset for cloud-based malicious insider threat. Accordingly, we outline the design of synthetic data, while discussing cloud-based indicators, and socio-technical human factors. As a proof of concept, we test our model on an airline scheduling application provided by a flight operator, together with proposing realistic threat scenarios for its future detection. The work is motivated by the complexity of the problem itself as well as by the absence of the open, realistic cloud-based datasets.

Download


Paper Citation


in Harvard Style

Carvalllo P., R. Cavalli A. and Kushik N. (2017). Automatic Derivation and Validation of a Cloud Dataset for Insider Threat Detection . In Proceedings of the 12th International Conference on Software Technologies - Volume 1: ICSOFT, ISBN 978-989-758-262-2, pages 480-487. DOI: 10.5220/0006480904800487


in Bibtex Style

@conference{icsoft17,
author={Pamela Carvalllo and Ana R. Cavalli and Natalia Kushik},
title={Automatic Derivation and Validation of a Cloud Dataset for Insider Threat Detection},
booktitle={Proceedings of the 12th International Conference on Software Technologies - Volume 1: ICSOFT,},
year={2017},
pages={480-487},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006480904800487},
isbn={978-989-758-262-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Software Technologies - Volume 1: ICSOFT,
TI - Automatic Derivation and Validation of a Cloud Dataset for Insider Threat Detection
SN - 978-989-758-262-2
AU - Carvalllo P.
AU - R. Cavalli A.
AU - Kushik N.
PY - 2017
SP - 480
EP - 487
DO - 10.5220/0006480904800487