Insider Threats, who are cloud internal users, cause very serious problems, which in terns, leads to devastating
attacks for both individuals and organizations. Although, most of the attentions, in the real world, is for the outsider attacks,
however, the most damaging attacks come from the Insiders. In cloud computing, the problem becomes worst in which the
number of insiders are maximized and hence, the amount of data that can be breached and disclosed is also maximized.
Consequently, insiders' threats in the cloud ought to be one of the top most issues that should be handled and settled. Classical
solutions to defend against insiders’ threats might fail short as it is not easy to track both activities of the insiders as well as
the amount of knowledge an insider can accumulate through his/her privileged accesses. Such accumulated knowledge can be
used to disclose critical information –which the insider is not privileged to- through expected dependencies that exist among
different data items that reside in one or more nodes of the cloud. This paper provides a solution that suits well the specialized
nature of the above mentioned problem. This solution takes advantage of knowledge bases by tracking accumulated knowledge
of insiders through building Knowledge Graphs (KGs) for each insider. It also takes advantage of Mobile Edge Computing
(MEC) by building a fog layer where a mitigation unit-resides on the edge- takes care of the insiders threats in a place that is
as close as possible to the place where insiders reside. As a consequence, this gives continuous reactions to the insiders’
threats in real-time, and at the same time, lessens the overhead in the cloud. The MEC model to be presented in this paper
utilizes a knowledgebase approach where insiders’ knowledge is tracked and modeled. In case an insider knowledge
accumulates to a level that is expected to cause some potential disclosure of private data, an alarm will be raised so that
expected actions should be taken to mitigate this risk. The knowledgebase approach involves generating Knowledge Graphs
(KGs), Dependency Graphs (DGs) where a Threat Prediction Value (TPV) is evaluated to estimate the risk upon which alarms
for potential disclosure are raised. Experimental analysis has been conducted using CloudExp simulator where the results
have shown the ability of the proposed model to raise alarms for potential risks from insiders in a real time fashion with
accurate precision.
[1] Alsaffar A., Hung P., and Huh E., “An
Architecture of Thin Client-Edge Computing
Collaboration for Data Distribution and Resource
Allocation in Cloud,” The International Arab
Journal of Information Technology, vol. 14, no.
6, pp. 842-850, 2017.
[2] Althebyan Q., “A Mobile Edge Mitigation Model
for Insider Threats: A Knowledgebase
Approach,” in Proceeding of the 20th
International Arab Conference on Information
Technology, Al Ain, pp. 188-192, 2019.
[3] Althebyan Q. and Panda B., “A Knowledge-Base
Model for Insider Threat Prediction,” in
Proceedings of the IEEE Workshop on
Information Assurance (IAW⣙07), New York,
pp. 239-246, 2007.
[4] Armbrust M., Fox A., Griffith R., Joseph A.,
Katz R., Konwinski A., Lee G., Patterson D.
Rabkin, A. Stoica I. and Zaharia M., “Above the
Clouds: A Berkeley View of Cloud Computing,”
Technical Report, University of California at
Berkeley, 2009.
[5] Bertino E., Paci F., Ferrini R., and Shang N.,
“Privacy-Preserving Digital Identity
Management for Cloud Computing,” IEEE Data
Eng. Bull, vol. 32, no. 1, pp. 21-27, 2009.
[6] Boss G., Malladi P., Quan D., Legregni L., and
Hall H. “Cloud Computing,” IBM White Paper,
Internet:
http://download.boulder.ibm.com/ibmdl/pub/soft
ware/dw/wes/hipods/Cloud_computing_wp_final
_8Oct.pdf, Last Visited, 2020.
[7] Curino C., Jones E., Popa R., Malviya N., Wu E.,
Madden S., Balakrishnan H., and Zeldovich N.,
“Relational Cloud: a Database Service for the
Cloud,” in Proceeding of the 5th The Biennial
Conference on Innovative Data Systems
Research, USA, pp. 235-240, 2011.
[8] Duncan A., Creese S., and Goldsmith M.,
“Insider Attacks In Cloud Computing,” in
Proceeding of the IEEE 11th International
Conference on Trust, Security and Privacy in
Computing and Communications (TrustCom),
Liverpool, pp. 857-862, 2012.
[9] Jararweh Y., Jarrah M., kharbutli M., Alshara Z.,
Alsaleh M., and Al-Ayyoub M., “CloudExp: A
Comprehensive Cloud Computing Experimental
Framework,” Simulation Modeling Practice and
Theory, vol. 49, pp. 180-192, 2014.
[10] Kashif B., Osman K., Erbada A., and Khan S.,
“Potentials, Trends, and Prospects in Edge
Technologies: Fog, Cloudlet, Mobile Edge, And
Micro Data Centers,” Comuter Networks
Journal, vol. 130, pp. 94-120, 2018.
[11] Khan W., Ahmed E., Hakak S., Yaqoob I., and
Ahmed A., “Edge Computing: A Survey,” Future
Generation Computer Systems Journal, vol. 97,
pp. 219-235, 2019.
[12] Rindos A., Vouk M., and Jararweh Y., “The
Virtual Computing Lab (VCL): An Open Source
Cloud Computing Solution Designed Specifically
for Education and Research,” International
Journal of Service Science, Management,
Engineering, and Technology, vol. 5, no. 2, pp.
51-63, 2014.
[13] Roman R., Lopez J., and Mambo M., “Mobile
Edge Computing, Fog Et Al.: A Survey and
Analysis of Security Threats and Challenges”,
Future Generation Computer Sceicne Journal,
vol. 78, pp. 682-698, 2018.
[14] Spitzner L., “Honeypots: Catching the Insider
Threat,” in Proceedings of the 19th Annual
Computer Security Applications Conference, Las
Vegas, pp. 170, 2003. 628 The International Arab Journal of Information Technology, Vol. 17, No. 4A, Special Issue 2020
[15] Takabi H., Joshi J., and Ahn G., “Security and
Privacy Challenges in Cloud Computing
Environments,” IEEE Security and Privacy, vol.
8, no. 6, pp. 24-31, 2010.
[16] Yaseen Q., Althebyan Q., Panda B., and
Jararweh Y., “Mitigating Insider Threat in Cloud
Relational Databases,” Security and
Communication Networks Journal, vol. 9, no. 10,
pp. 1132-1145, 2015.
[17] Yaseen Q. and Panda B., “Predicting and
Preventing Insider Threat in Relational Database
Systems,” in Prococeedings of the Information
Security Theory and Practices. Security and
Privacy of Pervasive Systems and Smart Devices,
Passau, pp. 368-383, 2010.
[18] Yaseen Q. and Panda B., “Knowledge
Acquisition and Insider Threat Prediction in
Relational Database Systems,” in Proceedings of
the International Conference on Computational
Science and Engineering, Vancouver, pp. 450-
455, 2009.
Qutaibah Althebyan is an
associate professor and Dean of
College of Engineering at Al Ain
University, UAE. He has been there
since January 2018. Prior to joining
Al Ain University, he was an
associate professor in the
department of Software Engineering at Jordan
University of Science and Technology (JUST) since
August of 2008.Dr. Qutaibah Althebyan finished his
Ph.D. degree in 2008 in Computer Science
from University of Arkansas - Fayetteville and his
Master degree in 2004 in Computer Information
Systems from the University of Michigan – Dearborn.
Dr. Althebyan published several papers in high ranked
journals and conferences.He is also a reviewer for
many journals and conferences.Dr. Althebyan main
research interests are, but not limited to, in information
security, database security, security in the cloud, big
data management, health information systems,
information assurance, software metrics and quality of
open-source systems. Lately, he has been working in
different security, e-health and software engineering
projects, namely; Large Scale Insider Threat
Assessments and damage assessment in the cloud in
the area of cloud security. Also, studies of Power laws
and their effects in object oriented metrics in the area
of software engineering.
Cite this
Qutaibah Althebyan1,2 1College of Engineering, Al Ain University, UAE 2Software Engineering Department, Jordan University of Science and Technology, Jordan, "Mitigating Insider Threats on the Edge: A Knowledgebase Approach", The International Arab Journal of Information Technology (IAJIT) ,Volume 17, Number 4A, pp. 43 - 50, Special Issue , doi: 10.34028/iajit/17/4A/6 .
@ARTICLE{2145,
author={Qutaibah Althebyan1,2 1College of Engineering, Al Ain University, UAE 2Software Engineering Department, Jordan University of Science and Technology, Jordan},
journal={The International Arab Journal of Information Technology (IAJIT)},
title={Mitigating Insider Threats on the Edge: A Knowledgebase Approach},
volume={17},
number={4},
pages={43 - 50},
doi={10.34028/iajit/17/4A/6 },
year={1970}
}
TY - JOUR
TI - Mitigating Insider Threats on the Edge: A Knowledgebase Approach
T2 -
SP - 43
EP - 50
AU - Qutaibah Althebyan1
AU - 2 1College of Engineering
AU - Al Ain University
AU - UAE 2Software Engineering Department
AU - Jordan University of Science and Technology
AU - Jordan
DO - 10.34028/iajit/17/4A/6
JO - The International Arab Journal of Information Technology (IAJIT)
IS - 9
SN - 2413-9351
VO - 17
VL - 17
JA -
Y1 - Jan 1970
ER -
PY - 1970
Qutaibah Althebyan1,2 1College of Engineering, Al Ain University, UAE 2Software Engineering Department, Jordan University of Science and Technology, Jordan, " Mitigating Insider Threats on the Edge: A Knowledgebase Approach", The International Arab Journal of Information Technology (IAJIT) ,Volume 17, Number 4A, pp. 43 - 50, Special Issue , doi: 10.34028/iajit/17/4A/6 .
Abstract: Insider Threats, who are cloud internal users, cause very serious problems, which in terns, leads to devastating
attacks for both individuals and organizations. Although, most of the attentions, in the real world, is for the outsider attacks,
however, the most damaging attacks come from the Insiders. In cloud computing, the problem becomes worst in which the
number of insiders are maximized and hence, the amount of data that can be breached and disclosed is also maximized.
Consequently, insiders' threats in the cloud ought to be one of the top most issues that should be handled and settled. Classical
solutions to defend against insiders’ threats might fail short as it is not easy to track both activities of the insiders as well as
the amount of knowledge an insider can accumulate through his/her privileged accesses. Such accumulated knowledge can be
used to disclose critical information –which the insider is not privileged to- through expected dependencies that exist among
different data items that reside in one or more nodes of the cloud. This paper provides a solution that suits well the specialized
nature of the above mentioned problem. This solution takes advantage of knowledge bases by tracking accumulated knowledge
of insiders through building Knowledge Graphs (KGs) for each insider. It also takes advantage of Mobile Edge Computing
(MEC) by building a fog layer where a mitigation unit-resides on the edge- takes care of the insiders threats in a place that is
as close as possible to the place where insiders reside. As a consequence, this gives continuous reactions to the insiders’
threats in real-time, and at the same time, lessens the overhead in the cloud. The MEC model to be presented in this paper
utilizes a knowledgebase approach where insiders’ knowledge is tracked and modeled. In case an insider knowledge
accumulates to a level that is expected to cause some potential disclosure of private data, an alarm will be raised so that
expected actions should be taken to mitigate this risk. The knowledgebase approach involves generating Knowledge Graphs
(KGs), Dependency Graphs (DGs) where a Threat Prediction Value (TPV) is evaluated to estimate the risk upon which alarms
for potential disclosure are raised. Experimental analysis has been conducted using CloudExp simulator where the results
have shown the ability of the proposed model to raise alarms for potential risks from insiders in a real time fashion with
accurate precision. URL: https://iajit.org/paper/2145
@ARTICLE{2145,
author={Qutaibah Althebyan1,2 1College of Engineering, Al Ain University, UAE 2Software Engineering Department, Jordan University of Science and Technology, Jordan},
journal={The International Arab Journal of Information Technology (IAJIT)},
title={Mitigating Insider Threats on the Edge: A Knowledgebase Approach},
volume={17},
number={4},
pages={43 - 50},
doi={10.34028/iajit/17/4A/6 },
year={1970}
,abstract={Insider Threats, who are cloud internal users, cause very serious problems, which in terns, leads to devastating
attacks for both individuals and organizations. Although, most of the attentions, in the real world, is for the outsider attacks,
however, the most damaging attacks come from the Insiders. In cloud computing, the problem becomes worst in which the
number of insiders are maximized and hence, the amount of data that can be breached and disclosed is also maximized.
Consequently, insiders' threats in the cloud ought to be one of the top most issues that should be handled and settled. Classical
solutions to defend against insiders’ threats might fail short as it is not easy to track both activities of the insiders as well as
the amount of knowledge an insider can accumulate through his/her privileged accesses. Such accumulated knowledge can be
used to disclose critical information –which the insider is not privileged to- through expected dependencies that exist among
different data items that reside in one or more nodes of the cloud. This paper provides a solution that suits well the specialized
nature of the above mentioned problem. This solution takes advantage of knowledge bases by tracking accumulated knowledge
of insiders through building Knowledge Graphs (KGs) for each insider. It also takes advantage of Mobile Edge Computing
(MEC) by building a fog layer where a mitigation unit-resides on the edge- takes care of the insiders threats in a place that is
as close as possible to the place where insiders reside. As a consequence, this gives continuous reactions to the insiders’
threats in real-time, and at the same time, lessens the overhead in the cloud. The MEC model to be presented in this paper
utilizes a knowledgebase approach where insiders’ knowledge is tracked and modeled. In case an insider knowledge
accumulates to a level that is expected to cause some potential disclosure of private data, an alarm will be raised so that
expected actions should be taken to mitigate this risk. The knowledgebase approach involves generating Knowledge Graphs
(KGs), Dependency Graphs (DGs) where a Threat Prediction Value (TPV) is evaluated to estimate the risk upon which alarms
for potential disclosure are raised. Experimental analysis has been conducted using CloudExp simulator where the results
have shown the ability of the proposed model to raise alarms for potential risks from insiders in a real time fashion with
accurate precision.},
keywords={Insider Threats, Fog, Mobile Edge, Cloud, Knowledge Graph, Dependency Graph, Database},
ISSN={2413-9351},
month={Jan}}
TY - JOUR
TI - Mitigating Insider Threats on the Edge: A Knowledgebase Approach
T2 -
SP - 43
EP - 50
AU - Qutaibah Althebyan1
AU - 2 1College of Engineering
AU - Al Ain University
AU - UAE 2Software Engineering Department
AU - Jordan University of Science and Technology
AU - Jordan
DO - 10.34028/iajit/17/4A/6
JO - The International Arab Journal of Information Technology (IAJIT)
IS - 9
SN - 2413-9351
VO - 17
VL - 17
JA -
Y1 - Jan 1970
ER -
PY - 1970
AB - Insider Threats, who are cloud internal users, cause very serious problems, which in terns, leads to devastating
attacks for both individuals and organizations. Although, most of the attentions, in the real world, is for the outsider attacks,
however, the most damaging attacks come from the Insiders. In cloud computing, the problem becomes worst in which the
number of insiders are maximized and hence, the amount of data that can be breached and disclosed is also maximized.
Consequently, insiders' threats in the cloud ought to be one of the top most issues that should be handled and settled. Classical
solutions to defend against insiders’ threats might fail short as it is not easy to track both activities of the insiders as well as
the amount of knowledge an insider can accumulate through his/her privileged accesses. Such accumulated knowledge can be
used to disclose critical information –which the insider is not privileged to- through expected dependencies that exist among
different data items that reside in one or more nodes of the cloud. This paper provides a solution that suits well the specialized
nature of the above mentioned problem. This solution takes advantage of knowledge bases by tracking accumulated knowledge
of insiders through building Knowledge Graphs (KGs) for each insider. It also takes advantage of Mobile Edge Computing
(MEC) by building a fog layer where a mitigation unit-resides on the edge- takes care of the insiders threats in a place that is
as close as possible to the place where insiders reside. As a consequence, this gives continuous reactions to the insiders’
threats in real-time, and at the same time, lessens the overhead in the cloud. The MEC model to be presented in this paper
utilizes a knowledgebase approach where insiders’ knowledge is tracked and modeled. In case an insider knowledge
accumulates to a level that is expected to cause some potential disclosure of private data, an alarm will be raised so that
expected actions should be taken to mitigate this risk. The knowledgebase approach involves generating Knowledge Graphs
(KGs), Dependency Graphs (DGs) where a Threat Prediction Value (TPV) is evaluated to estimate the risk upon which alarms
for potential disclosure are raised. Experimental analysis has been conducted using CloudExp simulator where the results
have shown the ability of the proposed model to raise alarms for potential risks from insiders in a real time fashion with
accurate precision.