The International Arab Journal of Information Technology (IAJIT)


Mitigating Insider Threats on the Edge: A Knowledgebase Approach

Insider Threats, who are cloud internal users, cause very serious problems, which in terns, leads to devastating attacks for both individuals and organizations. Although, most of the attentions, in the real world, is for the outsider attacks, however, the most damaging attacks come from the Insiders. In cloud computing, the problem becomes worst in which the number of insiders are maximized and hence, the amount of data that can be breached and disclosed is also maximized. Consequently, insiders' threats in the cloud ought to be one of the top most issues that should be handled and settled. Classical solutions to defend against insiders’ threats might fail short as it is not easy to track both activities of the insiders as well as the amount of knowledge an insider can accumulate through his/her privileged accesses. Such accumulated knowledge can be used to disclose critical information –which the insider is not privileged to- through expected dependencies that exist among different data items that reside in one or more nodes of the cloud. This paper provides a solution that suits well the specialized nature of the above mentioned problem. This solution takes advantage of knowledge bases by tracking accumulated knowledge of insiders through building Knowledge Graphs (KGs) for each insider. It also takes advantage of Mobile Edge Computing (MEC) by building a fog layer where a mitigation unit-resides on the edge- takes care of the insiders threats in a place that is as close as possible to the place where insiders reside. As a consequence, this gives continuous reactions to the insiders’ threats in real-time, and at the same time, lessens the overhead in the cloud. The MEC model to be presented in this paper utilizes a knowledgebase approach where insiders’ knowledge is tracked and modeled. In case an insider knowledge accumulates to a level that is expected to cause some potential disclosure of private data, an alarm will be raised so that expected actions should be taken to mitigate this risk. The knowledgebase approach involves generating Knowledge Graphs (KGs), Dependency Graphs (DGs) where a Threat Prediction Value (TPV) is evaluated to estimate the risk upon which alarms for potential disclosure are raised. Experimental analysis has been conducted using CloudExp simulator where the results have shown the ability of the proposed model to raise alarms for potential risks from insiders in a real time fashion with accurate precision.

[1] Alsaffar A., Hung P., and Huh E., “An Architecture of Thin Client-Edge Computing Collaboration for Data Distribution and Resource Allocation in Cloud,” The International Arab Journal of Information Technology, vol. 14, no. 6, pp. 842-850, 2017.

[2] Althebyan Q., “A Mobile Edge Mitigation Model for Insider Threats: A Knowledgebase Approach,” in Proceeding of the 20th International Arab Conference on Information Technology, Al Ain, pp. 188-192, 2019.

[3] Althebyan Q. and Panda B., “A Knowledge-Base Model for Insider Threat Prediction,” in Proceedings of the IEEE Workshop on Information Assurance (IAW⣙07), New York, pp. 239-246, 2007.

[4] Armbrust M., Fox A., Griffith R., Joseph A., Katz R., Konwinski A., Lee G., Patterson D. Rabkin, A. Stoica I. and Zaharia M., “Above the Clouds: A Berkeley View of Cloud Computing,” Technical Report, University of California at Berkeley, 2009.

[5] Bertino E., Paci F., Ferrini R., and Shang N., “Privacy-Preserving Digital Identity Management for Cloud Computing,” IEEE Data Eng. Bull, vol. 32, no. 1, pp. 21-27, 2009.

[6] Boss G., Malladi P., Quan D., Legregni L., and Hall H. “Cloud Computing,” IBM White Paper, Internet: ware/dw/wes/hipods/Cloud_computing_wp_final _8Oct.pdf, Last Visited, 2020.

[7] Curino C., Jones E., Popa R., Malviya N., Wu E., Madden S., Balakrishnan H., and Zeldovich N., “Relational Cloud: a Database Service for the Cloud,” in Proceeding of the 5th The Biennial Conference on Innovative Data Systems Research, USA, pp. 235-240, 2011.

[8] Duncan A., Creese S., and Goldsmith M., “Insider Attacks In Cloud Computing,” in Proceeding of the IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, pp. 857-862, 2012.

[9] Jararweh Y., Jarrah M., kharbutli M., Alshara Z., Alsaleh M., and Al-Ayyoub M., “CloudExp: A Comprehensive Cloud Computing Experimental Framework,” Simulation Modeling Practice and Theory, vol. 49, pp. 180-192, 2014.

[10] Kashif B., Osman K., Erbada A., and Khan S., “Potentials, Trends, and Prospects in Edge Technologies: Fog, Cloudlet, Mobile Edge, And Micro Data Centers,” Comuter Networks Journal, vol. 130, pp. 94-120, 2018.

[11] Khan W., Ahmed E., Hakak S., Yaqoob I., and Ahmed A., “Edge Computing: A Survey,” Future Generation Computer Systems Journal, vol. 97, pp. 219-235, 2019.

[12] Rindos A., Vouk M., and Jararweh Y., “The Virtual Computing Lab (VCL): An Open Source Cloud Computing Solution Designed Specifically for Education and Research,” International Journal of Service Science, Management, Engineering, and Technology, vol. 5, no. 2, pp. 51-63, 2014.

[13] Roman R., Lopez J., and Mambo M., “Mobile Edge Computing, Fog Et Al.: A Survey and Analysis of Security Threats and Challenges”, Future Generation Computer Sceicne Journal, vol. 78, pp. 682-698, 2018.

[14] Spitzner L., “Honeypots: Catching the Insider Threat,” in Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, pp. 170, 2003. 628 The International Arab Journal of Information Technology, Vol. 17, No. 4A, Special Issue 2020

[15] Takabi H., Joshi J., and Ahn G., “Security and Privacy Challenges in Cloud Computing Environments,” IEEE Security and Privacy, vol. 8, no. 6, pp. 24-31, 2010.

[16] Yaseen Q., Althebyan Q., Panda B., and Jararweh Y., “Mitigating Insider Threat in Cloud Relational Databases,” Security and Communication Networks Journal, vol. 9, no. 10, pp. 1132-1145, 2015.

[17] Yaseen Q. and Panda B., “Predicting and Preventing Insider Threat in Relational Database Systems,” in Prococeedings of the Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices, Passau, pp. 368-383, 2010.

[18] Yaseen Q. and Panda B., “Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems,” in Proceedings of the International Conference on Computational Science and Engineering, Vancouver, pp. 450- 455, 2009. Qutaibah Althebyan is an associate professor and Dean of College of Engineering at Al Ain University, UAE. He has been there since January 2018. Prior to joining Al Ain University, he was an associate professor in the department of Software Engineering at Jordan University of Science and Technology (JUST) since August of 2008.Dr. Qutaibah Althebyan finished his Ph.D. degree in 2008 in Computer Science from University of Arkansas - Fayetteville and his Master degree in 2004 in Computer Information Systems from the University of Michigan – Dearborn. Dr. Althebyan published several papers in high ranked journals and conferences.He is also a reviewer for many journals and conferences.Dr. Althebyan main research interests are, but not limited to, in information security, database security, security in the cloud, big data management, health information systems, information assurance, software metrics and quality of open-source systems. Lately, he has been working in different security, e-health and software engineering projects, namely; Large Scale Insider Threat Assessments and damage assessment in the cloud in the area of cloud security. Also, studies of Power laws and their effects in object oriented metrics in the area of software engineering.