Misuse Detection in a Simulated IaaS Environment

  • Burhan Al-Bayati
  • Nathan ClarkeEmail author
  • Paul DowlandEmail author
  • Fudong LiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11263)


Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to increase vulnerability to potential attacks and sensitive customer information being misused. To be able to detect this misuse, an additional intelligent security measures are arguably required. Tracking user’s activity by building user behaviour profiles is one technique that has been successfully applied in a variety of applications such as telecommunication misuse and credit card fraud. This paper presents an investigation into applying behavioural profiling in a simulated IaaS-based infrastructure for the purposes of misuse detection by verifying the active user continuously and transparently. In order to examine the feasibility of this approach within cloud infrastructure services, a private dataset was collected containing real interactions of 60 users over a three-week period (totalling 1,048,195 log entries). A series of experiments were conducted using supervised machine learning algorithms to examine the ability of detecting abnormal usage. The best experimental result of 0.32% Equal Error Rate is encouraging and indicates the ability of identifying misuse within cloud computing services via the behavioural profiling technique.


Continuous identity verification Misuse Behavioural profiling IaaS Cloud computing services 


  1. 1.
    Cisco: Cisco global cloud index: forecast and methodology, 2016–2021. White Paper (2016)Google Scholar
  2. 2.
    Abdallah, E.G., Zulkernine, M., Gu, Y.X., Liem, C.: TRUST-CAP: a trust model for cloud-based applications. In: 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 584–589. IEEE (2017)Google Scholar
  3. 3.
    Cloud Security Alliance: The Treacherous 12 Cloud Computing Top Threats in 2016. Security, pp. 1–34 (2016)Google Scholar
  4. 4.
    Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference Computer Science and Electronics Engineering, vol. 1, pp. 647–651 (2012)Google Scholar
  5. 5.
    Walters, R.: Cyber attacks on U.S. companies in 2016. The Heritage Foundation: Issue Brief No. 4636 (2016)Google Scholar
  6. 6.
    Cameron, D.: Apple knew of iCloud security hole 6 months before Celebgate. The Daily Dot (2014). Accessed 27 Feb 2018
  7. 7.
    Yadron, D.: Hacker collects 272 m email addresses and passwords, some from Gmail | Technology | The Guardian. The Guardian (2016). Accessed 10 Mar 2018
  8. 8.
    Hall, J., Barbeau, M., Kranakis, E.: Anomaly-based intrusion detection using mobility profiles of public transportation users. In: 2005 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2005, vol. 2, pp. 17–24 (2005)Google Scholar
  9. 9.
    Hilas, C., Kazarlis, S., Rekanos, I., Mastorocostas, P.: A genetic programming approach to telecommunications fraud detection and classification. In: Proceedings of 2014 International Conference on Circuits, System Signal Processing, Communications and Computers, pp. 77–83 (2014)Google Scholar
  10. 10.
    Ogwueleka, F.: Fraud detection in mobile communications networks using user profiling and classification techniques. J. Sci. Technol. 29, 31–42 (2009)Google Scholar
  11. 11.
    Qayyum, S., Mansoor, S., Khalid, A., Halim, Z., Baig, A.R.: Fraudulent call detection for mobile networks. In: 2010 International Conference on Information Emerging Technologies, pp. 1–5 (2010).
  12. 12.
    Yazji, S., Dick, R.P., Scheuermann, P., Trajcevski, G.: Protecting private data on mobile systems based on spatio-temporal analysis (2011)Google Scholar
  13. 13.
    Yazji, S., Scheuermann, P., Dick, R.P., Trajcevski, G., Jin, R.: Efficient location aware intrusion detection to protect mobile devices. Pers. Ubiquitous Comput. 18, 143–162 (2014)CrossRefGoogle Scholar
  14. 14.
    Subudhi, S., Panigrahi, S.: Quarter-sphere support vector machine for fraud detection in mobile telecommunication networks. Procedia Comput. Sci. 48, 353–359 (2015)CrossRefGoogle Scholar
  15. 15.
    Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) Information Security, vol. 6531, pp. 99–113. Springer, Heidelberg (2011). Scholar
  16. 16.
    Damopoulos, D., Menesidou, S.A., Kambourakis, G., Papadaki, M., Gritzalis, S., Clarke, N.: Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Secur. Commun. Netw. 5, 3–14 (2012)CrossRefGoogle Scholar
  17. 17.
    Li, F., Clarke, N., Papadaki, M., Dowland, P.: Behaviour profiling on mobile devices. In: Proceedings of - EST 2010 - 2010 International Conference on Emerging Security Technologies, pp. 77–82 (2010). ROBOSEC 2010 - Robots and Security. LAB-RS 2010 - Learning and Adaptive Behavior in Robotic SystemsGoogle Scholar
  18. 18.
    Li, F., Clarke, N., Papadaki, M., Dowland, P.: Misuse detection for mobile devices using behaviour profiling. Int. J. Cyber Warf. Terror. 1, 41–53 (2011)CrossRefGoogle Scholar
  19. 19.
    Li, F., Clarke, N., Papadaki, M., Dowland, P.: Active authentication for mobile devices utilising behaviour profiling. Int. J. Inf. Secur. 13, 229–244 (2014)CrossRefGoogle Scholar
  20. 20.
    Fridman, L., Weber, S., Greenstadt, R., Kam, M.: Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. IEEE Syst. J. 11, 513–521 (2017)CrossRefGoogle Scholar
  21. 21.
    Aupy, A., Clarke, N.: User authentication by service utilisation profiling. Adv. Netw. Commun. Eng. 2, 18 (2005). School of Computing, Communications & Electronics, University of PlymouthGoogle Scholar
  22. 22.
    Yazji, S., Chen, X., Dick, R.P., Scheuermann, P.: Implicit user re-authentication for mobile devices. In: Zhang, D., Portmann, M., Tan, A.H., Indulska, J. (eds.) Ubiquitous Intelligence and Computing, vol. 5585, pp. 325–339. Springer, Heidelberg (2009). Scholar
  23. 23.
    Salem, M.B., Stolfo, S.J.: Modeling user search behavior for masquerade detection. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) Recent Advances in Intrusion Detection, vol. 6961, pp. 181–200. Springer, Heidelberg (2011). Scholar
  24. 24.
    Yang, Y.: Web user behavioral profiling for user identification. Decis. Support Syst. 49, 261–271 (2010)CrossRefGoogle Scholar
  25. 25.
    Abramson, M., Aha, D.: User authentication from web browsing behavior. In: Twenty-Sixth International FLAIRS Conference, pp, 268–273 (2013)Google Scholar
  26. 26.
    Sola, J., Sevilla, J.: Importance of input data normalization for the application of neural networks to complex industrial problems. IEEE Trans. Nucl. Sci. 44, 1464–1468 (1997)CrossRefGoogle Scholar
  27. 27.
    Wu, X., et al.: Top 10 algorithms in data mining. Knowl. Inf. Syst. 14, 1–37 (2008)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Centre for Security, Communications and Network ResearchPlymouth UniversityPlymouthUK
  2. 2.Computer Science Department, College ScienceDiyala UniversityDiyalaIraq
  3. 3.Security Research InstituteEdith Cowan UniversityPerthAustralia
  4. 4.School of ComputingUniversity of PortsmouthPortsmouthUK

Personalised recommendations