A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments

Device security is one of the major challenges for successful implementation of Internet of Things and fog computing environment in current IT space. Researchers and Information Technology (IT) organizations have explored many solutions to protect systems from unauthenticated device attacks (known as outside device attacks). Fog computing uses network devices (e.g. router, switch and hub) for latency-aware processing of collected data using IoT. Then, identification of malicious edge device is one of the critical activities in data security of fog computing environment. Preventing attacks from malicious edge devices in fog computing environment is more difficult because they have certain granted privileges to use and process the data. In this paper, proposed cybersecurity framework uses three technologies which are Markov model, Intrusion Detection System (IDS) and Virtual Honeypot Device (VHD) to identify malicious edge device in fog computing environment. A two-stage hidden Markov model is used to effectively categorize edge devices in four different levels. VHD is designed to store and maintain log repository of all identified malicious devices which assists the system to defend itself from any unknown attacks in the future. Proposed cybersecurity framework is tested with real attacks in virtual environment created using OpenStack and Microsoft Azure. Results indicated that proposed cybersecurity framework is successful in identifying the malicious device as well as reducing the false IDS alarm rate.

[1]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[2]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[3]  Alexander W. Dent,et al.  Hybrid Signcryption Schemes with Insider Security , 2005, ACISP.

[4]  Kim-Kwang Raymond Choo,et al.  Context-oriented web application protection model , 2016, Appl. Math. Comput..

[5]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[6]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[7]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[8]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[9]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[10]  Vaibhav Patel,et al.  A Hybrid Protocol to Secure the Cloud from Insider Threats , 2014, 2014 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM).

[11]  L. Jean Camp,et al.  Game-theoretic modeling and analysis of insider threats , 2008, Int. J. Crit. Infrastructure Prot..

[12]  Kim-Kwang Raymond Choo,et al.  Circumventing iOS security mechanisms for APT forensic investigations: A security taxonomy for cloud apps , 2018, Future Gener. Comput. Syst..

[13]  Vyacheslav Kharchenko,et al.  Reliability and Security Issues for IoT-based Smart Business Center: Architecture and Markov Model , 2016, 2016 Third International Conference on Mathematics and Computers in Sciences and in Industry (MCSI).

[14]  Hui He,et al.  Xen-based virtual honeypot system for smart device , 2013, Multimedia Tools and Applications.

[15]  F AndersenDavid,et al.  A behavioral theory of insider-threat risks , 2008 .

[16]  Rui Zhang,et al.  Detecting Insider Threat Based on Document Access Behavior Analysis , 2014, APWeb Workshophs.

[17]  Peng Ning,et al.  How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[18]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[19]  Athanasios V. Vasilakos,et al.  A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps , 2017, Appl. Math. Comput..

[20]  Laurence T. Yang,et al.  Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies , 2017, IEEE Internet of Things Journal.

[21]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[22]  Matthew Collins,et al.  An Ontology for Insider Threat Indicators: Development and Application , 2014, STIDS.

[23]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[24]  Kim-Kwang Raymond Choo,et al.  User profiling in intrusion detection: A review , 2016, J. Netw. Comput. Appl..

[25]  S. Mary Saira Bhanu,et al.  Analyzing User Behavior Using Keystroke Dynamics to Protect Cloud from Malicious Insiders , 2014, 2014 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM).

[26]  Hassan Artail,et al.  A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks , 2006, Comput. Secur..

[27]  David A. Mundie,et al.  Insider Threat Defined: Discovering the Prototypical Case , 2014, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[28]  Malek Ben Salem,et al.  Designing Host and Network Sensors to Mitigate the Insider Threat , 2009, IEEE Security & Privacy.

[29]  Weiming Li,et al.  Hidden Markov Model Based Real Time Network Security Quantification Method , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[30]  Steinar Thorvaldsen,et al.  A Tutorial on Markov Models Based on Mendel's Classical Experiments , 2005, J. Bioinform. Comput. Biol..

[31]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[32]  Ali Dehghantanha,et al.  Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing , 2016, EURASIP Journal on Wireless Communications and Networking.

[33]  Tom H. Luan,et al.  Fog Computing: Focusing on Mobile Users at the Edge , 2015, ArXiv.

[34]  Michael Devetsikiotis,et al.  An adaptive approach to accelerated evaluation of highly available services , 2007, TOMC.

[35]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[36]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[37]  Valeria De Fonzo,et al.  Hidden Markov Models in Bioinformatics , 2007 .

[38]  Merrill Warkentin,et al.  Behavioral and policy issues in information systems security: the insider threat , 2009, Eur. J. Inf. Syst..

[39]  Kim-Kwang Raymond Choo,et al.  A technique to circumvent SSL/TLS validations on iOS devices , 2017, Future Gener. Comput. Syst..

[40]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly , 2008, IEEE Security & Privacy.

[41]  Kim-Kwang Raymond Choo,et al.  Web application protection techniques: A taxonomy , 2016, J. Netw. Comput. Appl..

[42]  Fang Liu,et al.  Insider Attacker Detection in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[43]  Steven Furnell Enemies within: the problem of insider attacks , 2004 .

[44]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly: Addressing Bad Actors and Their Actions , 2010, IEEE Transactions on Information Forensics and Security.

[45]  Rongxing Lu,et al.  From Cloud to Fog Computing: A Review and a Conceptual Live VM Migration Framework , 2017, IEEE Access.

[46]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[47]  Stephen H. Conrad,et al.  A behavioral theory of insider-threat risks: A system dynamics approach , 2008, TOMC.

[48]  Suku Nair,et al.  Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains , 2014 .

[49]  Ramesh Chandra Joshi,et al.  An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks , 2009, Comput. Commun..

[50]  Yoram Singer,et al.  The Hierarchical Hidden Markov Model: Analysis and Applications , 1998, Machine Learning.

[51]  Kim-Kwang Raymond Choo,et al.  Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework , 2016, J. Netw. Comput. Appl..

[52]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.

[53]  Kim-Kwang Raymond Choo,et al.  Intent-Based Extensible Real-Time PHP Supervision Framework , 2016, IEEE Transactions on Information Forensics and Security.