Skip to main content
SpringerLink
Log in

A Statistical Approach to Detect Anomalous User Requests in SaaS Cloud-Centric Collaborations

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9478))

Included in the following conference series:

  • 1614 Accesses

Abstract

Cloud-centric collaboration enables participating domains to dynamically interoperate through sharing and accessing of information. Owing to the loosely-coupled nature of such collaborations, access requests from remote users are made in the form of set of permissions. The collaboration service provider maps the requested permissions into appropriate local roles to allow resource accesses. Access request are made either by applications or human users, and may be either pre-registered, or anonymous. Authentication in cloud-based collaborations is done using web-based tokens which do not consider the properties of the requester. Access permission is given strictly on the basis of the validity of the issued tokens for a particular session. But there is no provision to determine if any user with the valid tokens will cause any security breach with the shared resources. The human element involved in these collaborations becomes a single point of failure, exploiting which, a malicious user can gain control over a cloud-based account. Thus, there is a need to learn and identify the requesters’ behaviors from the history of their access patterns and subsequently use that knowledge, at runtime, to flag certain requests that are anomalous with respect to the normal behavior profile. In this paper, we propose a parametric statistical based approach which enables a resource providing domain to detect request anomalies made by a given user. Finally, we validate our methodology using publicly available datasets and present a performance evaluation in terms of accuracy of the proposed mechanism.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.informationweek.com/cloud-computing/software/cloud-collaboration-tools-big-hopes-big/240143787.

References

  1. Abraham, B., Chuang, A.: Outlier detection and time series modeling. Technometrics 31(2), 241–248 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  2. Aggarwal, C.C.: On abnormality detection in spuriously populated data streams. In: SDM, pp. 80–91. SIAM (2005)

    Google Scholar 

  3. Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A.: A distributed access control architecture for cloud computing. IEEE Softw. 29(2), 36–44 (2012). doi:10.1109/MS.2011.153

    Article  Google Scholar 

  4. Banks, D., Erickson, J.S., Rhodes, M.: Toward cloud-based collaboration services. In: Usenix Workshop HotCloud (2009)

    Google Scholar 

  5. Barnett, V., Lewis, T.: Outliers in Statistical Data, vol. 3. Wiley, New York (1994)

    MATH  Google Scholar 

  6. Becker, M.Y., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), pp. 159–168. IEEE (2004)

    Google Scholar 

  7. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 164–173. IEEE (1996)

    Google Scholar 

  8. Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the PolicyMaker trust management system. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  9. Blaze, M., Keromytis, A.D.: The KeyNote trust-management system version 2. RFC 2704 (Informational) (1999)

    Google Scholar 

  10. Carminati, M., Caron, R., Maggi, F., Epifani, I., Zanero, S.: BankSealer: A decision support system for online banking fraud analysis and investigation. Comput. Secur. 53, 175–186 (2015)

    Article  Google Scholar 

  11. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)

    Article  Google Scholar 

  12. Chen, L., Crampton, J.: Inter-domain role mapping and least privilege. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 157–162. ACM (2007)

    Google Scholar 

  13. Du, S., Joshi, J.B.: Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006), pp. 228–236. ACM (2006)

    Google Scholar 

  14. Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 1–10. ACM (2008)

    Google Scholar 

  15. Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: Proceedings of the 17th International Conference on Machine Learning, pp. 255–262. Morgan Kaufmann Publishers Inc. (2005)

    Google Scholar 

  16. Fawcett, T., Provost, F.: Activity monitoring: Noticing interesting changes in behavior. In: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 53–62. ACM (1999)

    Google Scholar 

  17. Ghosh, N., Ghosh, S.K., Das, S.K.: SelCSP: a framework to facilitate selection of cloud service providers. IEEE Trans. Cloud Comput. 3(1), 66–79 (2015)

    Article  Google Scholar 

  18. Ghosh, S., Reilly, D.L.: Credit card fraud detection with a neural-network. In: Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences, vol. 3, pp. 621–630. IEEE (1994)

    Google Scholar 

  19. He, Z., Deng, S., Xu, X.: An optimization model for outlier detection in categorical data. In: Huang, D.-S., Zhang, X.-P., Huang, G.-B. (eds.) ICIC 2005. LNCS, vol. 3644, pp. 400–409. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Lee, A.J., Winslett, M., Basney, J., Welch, V.: Traust: a trust negotiation-based authorization service for open systems. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006), pp. 39–48. ACM (2006)

    Google Scholar 

  21. Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST Cloud Computing Reference Architecture. NIST special publication 500, 292 (2011)

    Google Scholar 

  22. Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Trans. Inf. Syst. Secur. (TISSEC) 2(1), 3–33 (1999)

    Article  Google Scholar 

  23. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, 721302, India

    Anant Pushkar

  2. School of Information Technology, Indian Institute of Technology, Kharagpur, 721302, India

    Nirnay Ghosh & Soumya K. Ghosh

Authors
  1. Anant Pushkar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nirnay Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Soumya K. Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Soumya K. Ghosh .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, Fairfax, Virginia, USA

    Sushil Jajoda

  2. Jadavpur University, Kolkata, India

    Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Pushkar, A., Ghosh, N., Ghosh, S.K. (2015). A Statistical Approach to Detect Anomalous User Requests in SaaS Cloud-Centric Collaborations. In: Jajoda, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2015. Lecture Notes in Computer Science(), vol 9478. Springer, Cham. https://doi.org/10.1007/978-3-319-26961-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26961-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26960-3

  • Online ISBN: 978-3-319-26961-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation