Automatic derivation and validation of a cloud dataset for insider threat detection

Pamela Carvallo; Ana R. Cavalli; Natalia Kushik

doi:10.5220/0006480904800487

Automatic derivation and validation of a cloud dataset for insider threat detection

Pamela Carvallo
, Ana R. Cavalli
, Natalia Kushik

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The malicious insider threat is often listed as one of the most dangerous cloud threats. Considering this threat, the main difference between a cloud computing scenario and a traditional IT infrastructure, is that once perpetrated, it could damage other clients due to the multi-tenancy and virtual environment cloud features. One of the related challenges concerns the fact that this threat domain is highly dependent on human behavior characteristics as opposed to the more purely technical domains of network data generation. In this paper, we focus on the derivation and validation of the dataset for cloud-based malicious insider threat. Accordingly, we outline the design of synthetic data, while discussing cloud-based indicators, and socio-technical human factors. As a proof of concept, we test our model on an airline scheduling application provided by a flight operator, together with proposing realistic threat scenarios for its future detection. The work is motivated by the complexity of the problem itself as well as by the absence of the open, realistic cloud-based datasets.

Original language	English
Title of host publication	ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies
Editors	Jorge Cardoso, Jorge Cardoso, Leszek Maciaszek, Leszek Maciaszek, Marten van Sinderen, Enrique Cabello
Publisher	SciTePress
Pages	480-487
Number of pages	8
ISBN (Electronic)	9789897582622
DOIs	https://doi.org/10.5220/0006480904800487
Publication status	Published - 1 Jan 2017
Externally published	Yes
Event	12th International Conference on Software Technologies, ICSOFT 2017 - Madrid, Spain Duration: 24 Jul 2017 → 26 Jul 2017

Publication series

Name	ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies

Conference

Conference	12th International Conference on Software Technologies, ICSOFT 2017
Country/Territory	Spain
City	Madrid
Period	24/07/17 → 26/07/17

Keywords

Cloud computing
Dataset
Dataset validation
Intrusion threat
Synthetic data generation
User behavior

Access to Document

10.5220/0006480904800487

Cite this

Carvallo, P., Cavalli, A. R., & Kushik, N. (2017). Automatic derivation and validation of a cloud dataset for insider threat detection. In J. Cardoso, J. Cardoso, L. Maciaszek, L. Maciaszek, M. van Sinderen, & E. Cabello (Eds.), ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies (pp. 480-487). (ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies). SciTePress. https://doi.org/10.5220/0006480904800487

Carvallo, Pamela ; Cavalli, Ana R. ; Kushik, Natalia. / Automatic derivation and validation of a cloud dataset for insider threat detection. ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies. editor / Jorge Cardoso ; Jorge Cardoso ; Leszek Maciaszek ; Leszek Maciaszek ; Marten van Sinderen ; Enrique Cabello. SciTePress, 2017. pp. 480-487 (ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies).

@inproceedings{0b3023e3c1ea48cbb7f8e4ee408d1d9c,

title = "Automatic derivation and validation of a cloud dataset for insider threat detection",

abstract = "The malicious insider threat is often listed as one of the most dangerous cloud threats. Considering this threat, the main difference between a cloud computing scenario and a traditional IT infrastructure, is that once perpetrated, it could damage other clients due to the multi-tenancy and virtual environment cloud features. One of the related challenges concerns the fact that this threat domain is highly dependent on human behavior characteristics as opposed to the more purely technical domains of network data generation. In this paper, we focus on the derivation and validation of the dataset for cloud-based malicious insider threat. Accordingly, we outline the design of synthetic data, while discussing cloud-based indicators, and socio-technical human factors. As a proof of concept, we test our model on an airline scheduling application provided by a flight operator, together with proposing realistic threat scenarios for its future detection. The work is motivated by the complexity of the problem itself as well as by the absence of the open, realistic cloud-based datasets.",

keywords = "Cloud computing, Dataset, Dataset validation, Intrusion threat, Synthetic data generation, User behavior",

author = "Pamela Carvallo and Cavalli, \{Ana R.\} and Natalia Kushik",

note = "Publisher Copyright: Copyright {\textcopyright} 2017 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.; 12th International Conference on Software Technologies, ICSOFT 2017 ; Conference date: 24-07-2017 Through 26-07-2017",

year = "2017",

month = jan,

day = "1",

doi = "10.5220/0006480904800487",

language = "English",

series = "ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies",

publisher = "SciTePress",

pages = "480--487",

editor = "Jorge Cardoso and Jorge Cardoso and Leszek Maciaszek and Leszek Maciaszek and \{van Sinderen\}, Marten and Enrique Cabello",

booktitle = "ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies",

}

Carvallo, P, Cavalli, AR & Kushik, N 2017, Automatic derivation and validation of a cloud dataset for insider threat detection. in J Cardoso, J Cardoso, L Maciaszek, L Maciaszek, M van Sinderen & E Cabello (eds), ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies. ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies, SciTePress, pp. 480-487, 12th International Conference on Software Technologies, ICSOFT 2017, Madrid, Spain, 24/07/17. https://doi.org/10.5220/0006480904800487

Automatic derivation and validation of a cloud dataset for insider threat detection. / Carvallo, Pamela; Cavalli, Ana R.; Kushik, Natalia.
ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies. ed. / Jorge Cardoso; Jorge Cardoso; Leszek Maciaszek; Leszek Maciaszek; Marten van Sinderen; Enrique Cabello. SciTePress, 2017. p. 480-487 (ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automatic derivation and validation of a cloud dataset for insider threat detection

AU - Carvallo, Pamela

AU - Cavalli, Ana R.

AU - Kushik, Natalia

PY - 2017/1/1

Y1 - 2017/1/1

N2 - The malicious insider threat is often listed as one of the most dangerous cloud threats. Considering this threat, the main difference between a cloud computing scenario and a traditional IT infrastructure, is that once perpetrated, it could damage other clients due to the multi-tenancy and virtual environment cloud features. One of the related challenges concerns the fact that this threat domain is highly dependent on human behavior characteristics as opposed to the more purely technical domains of network data generation. In this paper, we focus on the derivation and validation of the dataset for cloud-based malicious insider threat. Accordingly, we outline the design of synthetic data, while discussing cloud-based indicators, and socio-technical human factors. As a proof of concept, we test our model on an airline scheduling application provided by a flight operator, together with proposing realistic threat scenarios for its future detection. The work is motivated by the complexity of the problem itself as well as by the absence of the open, realistic cloud-based datasets.

AB - The malicious insider threat is often listed as one of the most dangerous cloud threats. Considering this threat, the main difference between a cloud computing scenario and a traditional IT infrastructure, is that once perpetrated, it could damage other clients due to the multi-tenancy and virtual environment cloud features. One of the related challenges concerns the fact that this threat domain is highly dependent on human behavior characteristics as opposed to the more purely technical domains of network data generation. In this paper, we focus on the derivation and validation of the dataset for cloud-based malicious insider threat. Accordingly, we outline the design of synthetic data, while discussing cloud-based indicators, and socio-technical human factors. As a proof of concept, we test our model on an airline scheduling application provided by a flight operator, together with proposing realistic threat scenarios for its future detection. The work is motivated by the complexity of the problem itself as well as by the absence of the open, realistic cloud-based datasets.

KW - Cloud computing

KW - Dataset

KW - Dataset validation

KW - Intrusion threat

KW - Synthetic data generation

KW - User behavior

U2 - 10.5220/0006480904800487

DO - 10.5220/0006480904800487

M3 - Conference contribution

AN - SCOPUS:85029316730

T3 - ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies

SP - 480

EP - 487

BT - ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies

A2 - Cardoso, Jorge

A2 - Maciaszek, Leszek

A2 - van Sinderen, Marten

A2 - Cabello, Enrique

PB - SciTePress

T2 - 12th International Conference on Software Technologies, ICSOFT 2017

Y2 - 24 July 2017 through 26 July 2017

ER -

Carvallo P, Cavalli AR, Kushik N. Automatic derivation and validation of a cloud dataset for insider threat detection. In Cardoso J, Cardoso J, Maciaszek L, Maciaszek L, van Sinderen M, Cabello E, editors, ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies. SciTePress. 2017. p. 480-487. (ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies). doi: 10.5220/0006480904800487

Automatic derivation and validation of a cloud dataset for insider threat detection

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this