Identification of malicious edge devices in fog computing environments

ABSTRACT Device security is one of the major challenges for successful implementation of Internet of Things (IoT) and fog computing. Researchers and IT organizations have explored many solutions to protect systems from unauthenticated device attacks (known as outside device attacks). Fog computing uses many edge devices (e.g., router, switch, and hub) for latency-aware processing of collected data. So, identification of malicious edge devices is one of the critical activities in data security of fog computing. Preventing attacks from malicious edge devices is more difficult because they have certain granted privileges to store and process the data. In this article, a proposed framework uses three technologies, a Markov model, an intrusion detection system (IDS), and a virtual honeypot device (VHD) to identify malicious edge devices in a fog computing environment. A two-stage Markov model is used to categorize edge devices effectively into four different levels. The VHD is designed to store and maintain a log repository of all identified malicious devices, which assists the system to defend itself from any unknown attacks in the future. The proposed model is tested in a simulated environment, and results indicate the effectiveness of the system. The proposed model is successful in identifying the malicious device as well as reducing the false IDS alarm rate.

[1]  Dieter Gollmann,et al.  Insider Threats in Cyber Security , 2010, Insider Threats in Cyber Security.

[2]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[3]  L. Jean Camp,et al.  Game-theoretic modeling and analysis of insider threats , 2008, Int. J. Crit. Infrastructure Prot..

[4]  Ramesh Chandra Joshi,et al.  An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks , 2009, Comput. Commun..

[5]  S. Mary Saira Bhanu,et al.  Analyzing User Behavior Using Keystroke Dynamics to Protect Cloud from Malicious Insiders , 2014, 2014 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM).

[6]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[7]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[8]  Hassan Artail,et al.  A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks , 2006, Comput. Secur..

[9]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[10]  Yvonne Freer,et al.  Autoregressive Hidden Markov Models for the Early Detection of Neonatal Sepsis , 2014, IEEE Journal of Biomedical and Health Informatics.

[11]  Matthew Collins,et al.  An Ontology for Insider Threat Indicators: Development and Application , 2014, STIDS.

[12]  Hui He,et al.  Xen-based virtual honeypot system for smart device , 2013, Multimedia Tools and Applications.

[13]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[14]  Stephen H. Conrad,et al.  A behavioral theory of insider-threat risks: A system dynamics approach , 2008, TOMC.

[15]  F AndersenDavid,et al.  A behavioral theory of insider-threat risks , 2008 .

[16]  Rui Zhang,et al.  Detecting Insider Threat Based on Document Access Behavior Analysis , 2014, APWeb Workshophs.

[17]  Vaibhav Patel,et al.  A Hybrid Protocol to Secure the Cloud from Insider Threats , 2014, 2014 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM).

[18]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[19]  Feng Xia,et al.  A survey on virtual machine migration and server consolidation frameworks for cloud data centers , 2015, J. Netw. Comput. Appl..

[20]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[21]  Fang Liu,et al.  Insider Attacker Detection in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[22]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly: Addressing Bad Actors and Their Actions , 2010, IEEE Transactions on Information Forensics and Security.

[23]  David A. Mundie,et al.  Insider Threat Defined: Discovering the Prototypical Case , 2014, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[24]  Malek Ben Salem,et al.  Designing Host and Network Sensors to Mitigate the Insider Threat , 2009, IEEE Security & Privacy.

[25]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[26]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[27]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[28]  Steinar Thorvaldsen,et al.  A Tutorial on Markov Models Based on Mendel's Classical Experiments , 2005, J. Bioinform. Comput. Biol..

[29]  Steven Furnell Enemies within: the problem of insider attacks , 2004 .

[30]  Yoram Singer,et al.  The Hierarchical Hidden Markov Model: Analysis and Applications , 1998, Machine Learning.

[31]  Peng Ning,et al.  How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols , 2003, Ad Hoc Networks.

[32]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[33]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.

[34]  Alexander W. Dent,et al.  Hybrid Signcryption Schemes with Insider Security , 2005, ACISP.

[35]  Valeria De Fonzo,et al.  Hidden Markov Models in Bioinformatics , 2007 .

[36]  Merrill Warkentin,et al.  Behavioral and policy issues in information systems security: the insider threat , 2009, Eur. J. Inf. Syst..

[37]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly , 2008, IEEE Security & Privacy.

[38]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[39]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..