A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments

Computers and Security

Volumn 74, Issue , 2018, Pages 340-354

  Sohal, Amandeep Singh ^a   Sandhu, Rajinder ^a,b   Sood, Sandeep K ^a   Chang, Victor ^c  

^a GURU NANAK DEV UNIVERSITY   (India)

^b CHITKARA UNIVERSITY   (India)

^c XI AN JIAOTONG LIVERPOOL UNIVERSITY   (China)

Author keywords

Edge device; Fog computing; Internet of Things; Intrusion detection system; Two stage Markov model; Virtual Honeypot Device

Indexed keywords

COMPUTER CRIME; DATA HANDLING; FOG; HIDDEN MARKOV MODELS; INTERNET OF THINGS; MARKOV PROCESSES; MERCURY (METAL); NETWORK FUNCTION VIRTUALIZATION; NETWORK SECURITY; VIRTUAL REALITY; WINDOWS OPERATING SYSTEM;

COMPUTING ENVIRONMENTS; CRITICAL ACTIVITIES; EDGE DEVICE; HONEYPOTS; INTRUSION DETECTION SYSTEMS; LOG REPOSITORIES; MARKOV MODEL; UNKNOWN ATTACKS;

INTRUSION DETECTION;

EID: 85029784320     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2017.08.016     Document Type: Article

References (57)

1. Abraham, S., Nair, S., Cyber security analytics: a stochastic model for security quantification using absorbing markov chains. J Commun 9:12 (2014), 899–907.
2. Artail, H., Safa, H., Sraj, M., Kuwatly, I., Al-Masri, Z., A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks. Comput Secur 25:4 (2006), 274–288.
3. Bondada, M.B., Bhanu, S.M.S., Analyzing user behavior using keystroke dynamics to protect cloud from malicious insiders. 2014 IEEE International Conference on Cloud Computing in Emerging Markets, CCEM 2014, 2015, 1–8.
4. Bonomi, F., Milito, R., Zhu, J., Addepalli, S., Fog computing and its role in the Internet of Things. Proc. first Ed. MCC Work. Mob. cloud Comput, 2012, 13–16.
5. Bowen, B.M., Ben Salem, M., Hershkop, S., Keromytis, A.D., Stolfo, S.J., Designing host and network sensors to mitigate the insider threat. IEEE Secur Priv 7:6 (2009), 22–29.
6. Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S., Towards a theory of insider threat assessment. 2005 Int. Conf. dependable Syst. networks, 2005.
7. Chonka, A., Xiang, Y., Zhou, W., Bonti, A., Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34:4 (2011), 1097–1107.
8. Colwill, C., Human factors in information security: the insider threat – who can you trust these days?. Inf Secur Tech Rep 14:4 (2009), 186–196.
9. Costa, D.L., Collins, M.L., Perl, S.J., Albrethsen, M.J., Silowash, G.J., Spooner, D.L., An ontology for insider threat indicators development and applications. CEUR workshop proceedings, vol. 1304, 2014, 48–53.
10. De Fonzo, V., Aluffi-Pentini, F., Parisi, V., Hidden Markov models in bioinformatics. Curr Bioinform 2:1 (2007), 49–61.
11. Dent, A.W., Hybrid signcryption schemes with insider security. Information security and privacy LNCS, vol. 3574, 2005, 253–266.
12. D'Orazio, C.J., Choo, K.K.R., Circumventing iOS security mechanisms for APT forensic investigations: a security taxonomy for cloud apps. Future Gener Comput Syst, 2016, 1–15.
13. D'Orazio, C.J., Choo, K.K.R., A technique to circumvent SSL/TLS validations on iOS devices. Future Gener Comput Syst 74 (2017), 366–374.
14. D'Orazio, C.J., Choo, K.K.R., Yang, L.T., Data exfiltration from internet of things devices: IOS devices as case studies. IEEE Internet Things J 4:2 (2017), 524–535.
15. D'Orazio, C.J., Lu, R., Choo, K.K.R., Vasilakos, A.V., A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps. Appl Math Comput 293 (2017), 523–544.
16. Fine, S., Singer, Y., Tishby, N., Hierarchical Hidden Markov Model: analysis and applications. Mach Learn 32:1 (1998), 41–62.
17. Furnell, S., Enemies within: the problem of insider attacks. Comput Fraud Secur 2004:7 (2004), 6–11.
18. Glastopf- A Web Application Honeypot. [Online]; Available from https://www.edgis-security.org/honeypot/glastopf, 2017. (Accessed 20 August 2017)
19. Greitzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., Hull, T.D., Combating the insider cyber threat. IEEE Secur Priv 6:1 (2008), 61–64.
20. Honeynet Project [Honeypot], Blogs | The Honeynet Project. [Online]; Available from http://www.honeynet.org/. (Accessed 13 February 2017)
21. Kharchenko, V., Kolisnyk, M., Piskachova, I., Bardis, N., Reliability & security issues for IoT-based smart business center: architecture & Markov model. Proceedings - 2016 3rd International Conference on Mathematics and Computers in Sciences and in Industry, MCSI 2016, 2017, 313–318.
22. Li, W., Guo, Z., Hidden Markov Model based real time network security quantification method. 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing, vol. 2, 2009, 94–100.
23. Liao, H.-J., Richard Lin, C.-H., Lin, Y.-C., Tung, K.-Y., Intrusion detection system: a comprehensive review. J Netw Comput Appl 36 (2012), 16–24.
24. Liu, D., Wang, X., Camp, J., Game-theoretic modeling and analysis of insider threats. Int J Crit Infrastruct Prot 1 (2008), 75–80.
25. Liu, F., Cheng, X., Chen, D., Insider attacker detection in wireless sensor networks. IEEE INFOCOM 2007 – 26th IEEE International Conference on Computer Communications, 2007, 1937–1945.
26. Luan, T.H., Gao, L., Li, Z., Xiang, Y., Sun, L., Fog computing: focusing on mobile users at the edge. eprint arXiv:150201815, 2015, 1–11.
27. Magklaras, G.B., Furnell, S.M., Insider threat prediction tool: evaluating the probability of IT misuse. Comput Secur 21:1 (1998), 62–73.
28. Magklaras, G.B., Furnell, S.M., A preliminary model of end user sophistication for insider threat prediction in IT systems. Comput Secur 24:5 (2005), 371–380.
29. Martinez-Moyano, I.J., Rich, E., Conrad, S., Andersen, D.F., Stewart, T.R., A behavioral theory of insider-threat risks. ACM Trans Model Comput Simul 18:2 (2008), 1–27.
30. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M., A survey of intrusion detection techniques in Cloud. J Netw Comput Appl 36:1 (2013), 42–57.
31. Mundie, D.A., Perl, S.J., Huth, C.L., Insider threat defined: discovering the prototypical case. J Wirel Mob Netw Ubiquitous Comput Dependable Appl 5:2 (2014), 7–23.
32. Ning, P., Sun, K., How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols. IEEE Systems, Man and Cybernetics Society Information Assurance Workshop, 2003, 60–67.
33. Osanaiye, O., Choo, K.K.R., Dlodlo, M., Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud DDoS mitigation framework. J Netw Comput Appl 67 (2016), 147–165.
34. Osanaiye, O., Cai, H., Choo, K.-K.R., Dehghantanha, A., Xu, Z., Dlodlo, M., Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J Wirel Commun Netw, 2016(1), 2016, 130.
35. Osanaiye, O., Chen, S., Yan, Z., Lu, R., Choo, K.K.R., Dlodlo, M., From cloud to fog computing: a review and a conceptual live VM migration framework. IEEE Access 5 (2017), 8284–8300.
36. Patel, A., Taghavi, M., Bakhtiyari, K., Celestino Júnior, J., An intrusion detection and prevention system in cloud computing: a systematic review. J Netw Comput Appl 36:1 (2013), 25–41.
37. Peng, J., Choo, K.-K.R., Ashman, H., User profiling in intrusion detection: a review. J Netw Comput Appl 72 (2016), 14–27.
38. Pfleeger, S.L., Predd, J.B., Hunker, J., Bulford, C., Insiders behaving badly: addressing bad actors and their actions. IEEE Trans Inf Foren Secur 5:1 (2010), 169–179.
39. Predd, J., Pfleeger, S.L., Hunker, J., Bulford, C., Insiders behaving badly. IEEE Secur Priv 6:4 (2008), 66–70.
40. PriceWaterHouse Coopers L.L.C., Key findings from the 2013 US state of cyber-crime survey. Tech Rep NAVTRADEVCEN, 2013 Available from https://www.pwc.com/en_US/us/increasing-iteffectiveness/publications/assets/us-state-of-cybercrime Online. (Accessed 13 February 2017)
41. Probst, C.W., Hunker, J., Gollmann, D., Bishop, M., Insider threats in cyber security, vol. 49, 2010.
42. Prokhorenko, V., Choo, K.K.R., Ashman, H., Context-oriented web application protection model. Appl Math Comput 285 (2016), 59–78.
43. Prokhorenko, V., Choo, K.K.R., Ashman, H., Intent-based extensible real-time PHP supervision framework. IEEE Trans Inf Foren Secur 11:10 (2016), 2215–2226.
44. Prokhorenko, V., Choo, K.K.R., Ashman, H., Web application protection techniques: a taxonomy. J Netw Comput Appl 60 (2016), 95–112.
45. Pytbull. [Online]; Available from http://pytbull.sourceforge.net, 2017. (Accessed 20 August 2017)
46. Ray, I., Poolsapassit, N., Using attack trees to identify malicious attacks from authorized insiders. Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics) LNCS, vol. 3679, 2005, 231–246.
47. Salem, M.M.B., Hershkop, S., Stolfo, S.J.S., A survey of insider attack detection research. Advances in information security, vol. 39, 2008, Springer US, Boston (MA), 69–90.
48. Sardana, A., Joshi, R., An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks. Comput Commun 32:12 (2009), 1384–1399.
49. Schultz, E.E., A framework for understanding and predicting insider attacks. Comput Secur 21:6 (2002), 526–531.
50. Snort Network Intrusion Detection and Prevention System. [Online]; Available from https://www.snort.org, 2017. (Accessed 20 August 2017)
51. Sriram, M., Patel, V., Harishma, D., Lakshmanan, N., A hybrid protocol to secure the cloud from insider threats. 2014 IEEE International Conference on Cloud Computing in Emerging Markets, CCEM 2014, 2015, 1–5.
52. Stojmenovic, I., Wen, S., The fog computing paradigm: scenarios and security issues. Proc. 2014 Fed. Conf. Comput. Sci. Inf. Syst, vol. 2, 2014, 1–8.
53. Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E., The insider threat to information systems and the effectiveness of ISO17799. Comput Secur 24:6 (2005), 472–484.
54. Thorvaldsen, S., A tutorial on Markov models based on Mendel's classical experiments. J Bioinform Comput Biol 3:6 (2005), 1441–1460.
55. Warkentin, M., Willison, R., Behavioral and policy issues in information systems security: the insider threat. Eur J Inf Syst 18:2 (2009), 101–105.
56. Zhang, R., Chen, X., Shi, J., Xu, F., Pu, Y., Detecting insider threat based on document access behavior analysis. Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics) LNCS, vol. 8710, 2014, Springer International Publishing, 376–387.
57. Zhang, W., He, H., Kim, T.H., Xen-based virtual honeypot system for smart device. Multimed Tools Appl 74:19 (2015), 8541–8558.