Probabilistic analysis of security attacks in cloud environment using hidden Markov models

© 2020 John Wiley & Sons, Ltd. The rapidly growing cloud computing paradigm provides a cost-effective platform for storing, sharing, and delivering data and computation through internet connectivity. However, one of the biggest barriers for massive cloud adoption is the growing cybersecurity threats/risks that influence its confidence and feasibility. Existing threat models for clouds may not be able to capture complex attacks. For example, an attacker may combine multiple security vulnerabilities into an intelligent, persistent, and sequence of attack behaviors that will continuously act to compromise the target on clouds. Hence, new models for detection of complex and diversified network attacks are needed. In this article, we introduce an effective threat modeling approach that has the ability to predict and detect the probability of occurrence of various security threats and attacks within the cloud environment using hidden Markov models (HMMs). The HMM is a powerful statistical analysis technique and is used to create a probability matrix based on the sensitivity of the data and possible system components that can be attacked. In addition, the HMM is used to provide supplemental information to discover a trend attack pattern from the implicit (or hidden) raw data. The proposed model is trained to identify anomalous sequences or threats so that accurate and up-to-date information on risk exposure of cloud-hosted services are properly detected. The proposed model would act as an underlying framework and a guiding tool for cloud systems security experts and administrators to secure processes and services over the cloud. The performance evaluation shows the effectiveness of the proposed approach to find attack probability and the number of correctly detected attacks in the presence of multiple attack scenarios

An intelligent information forwarder for healthcare big data systems with distributed wearable sensors

© 2016 IEEE. An increasing number of the elderly population wish to live an independent lifestyle, rather than rely on intrusive care programmes. A big data solution is presented using wearable sensors capable of carrying out continuous monitoring of the elderly, alerting the relevant caregivers when necessary and forwarding pertinent information to a big data system for analysis. A challenge for such a solution is the development of context-awareness through the multidimensional, dynamic and nonlinear sensor readings that have a weak correlation with observable human behaviours and health conditions. To address this challenge, a wearable sensor system with an intelligent data forwarder is discussed in this paper. The forwarder adopts a Hidden Markov Model for human behaviour recognition. Locality sensitive hashing is proposed as an efficient mechanism to learn sensor patterns. A prototype solution is implemented to monitor health conditions of dispersed users. It is shown that the intelligent forwarders can provide the remote sensors with context-awareness. They transmit only important information to the big data server for analytics when certain behaviours happen and avoid overwhelming communication and data storage. The system functions unobtrusively, whilst giving the users peace of mind in the knowledge that their safety is being monitored and analysed

Applying Bag of System Calls for Anomalous Behavior Detection of Applications in Linux Containers

In this paper, we present the results of using bags of system calls for learning the behavior of Linux containers for use in anomaly-detection based intrusion detection system. By using system calls of the containers monitored from the host kernel for anomaly detection, the system does not require any prior knowledge of the container nature, neither does it require altering the container or the host kernel.Comment: Published version available on IEEE Xplore (http://ieeexplore.ieee.org/document/7414047/) arXiv admin note: substantial text overlap with arXiv:1611.0305

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share the theoretical background and are often complementary. In this survey, both methods based on discrete models, such as attack graphs, Bayesian networks, and Markov models, and continuous models, such as time series and grey models, are surveyed, compared, and contrasted. We further discuss machine learning and data mining approaches, that have gained a lot of attention recently and appears promising for such a constantly changing environment, which is cyber security. The survey also focuses on the practical usability of the methods and problems related to their evaluation

A Comparison of Clustering Techniques for Malware Analysis

In this research, we apply clustering techniques to the malware detection problem. Our goal is to classify malware as part of a fully automated detection strategy. We compute clusters using the well-known �-means and EM clustering algorithms, with scores obtained from Hidden Markov Models (HMM). The previous work in this area consists of using HMM and �-means clustering technique to achieve the same. The current effort aims to extend it to use EM clustering technique for detection and also compare this technique with the �-means clustering